Husky is a popular npm package that streamlines the process of using Git hooks in your projects, helping to prevent broken commits and pushes, and ensuring code quality. Comparing version 1.1.3 with the preceding stable version 1.1.2 reveals subtle but important updates for developers. While the core functionality and dependencies like execa, is-ci, slash, find-up, pkg-dir, read-pkg, run-node, get-stdin, cosmiconfig, and please-upgrade-node remain consistent, the changes lie primarily in the development dependencies, reflecting updates in the tooling used for building and testing the package.
Specifically, husky 1.1.3 sees upgrades to several @types packages, including @types/jest (from 23.3.2 to 23.3.9) and @types/node (from 10.11.3 to 10.12.2). The typescript version is bumped from 3.1.1 to 3.1.6, and ts-jest goes from 23.10.3 to 23.10.4. Also pkg-ok is upgraded from version 2.2.0 to version 2.3.1 and tslint-plugin-prettier from 2.0.0 to 2.0.1. These changes suggest improvements in type definitions, testing frameworks, and the TypeScript compiler, potentially leading to more robust type checking, enhanced testing capabilities, and better compatibility with the latest TypeScript features. Developers using husky will benefit from these under-the-hood improvements, which contribute to a smoother development workflow and a more reliable Git hook experience. The updated development dependencies also hint at ongoing maintenance and a commitment to keeping the package aligned with the evolving JavaScript ecosystem.
All the vulnerabilities related to the version 1.1.3 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
