Lint-staged is a popular npm package that helps developers automatically lint files that are staged in Git, ensuring code quality and consistency before commits. Comparing version 3.1.0 with the previous stable version 3.0.3 reveals several key updates. A significant change involves the upgrading of several dependencies, notably execa going from version 0.4.0 to ^0.5.0. This update likely brings performance improvements or bug fixes within the external process execution. The addition of cosmiconfig at version ^1.1.0 in 3.1.0 provides enhanced configuration file support, allowing lint-staged to seamlessly integrate with various configuration formats. Another visible difference exists in the devDependencies, as version 3.1.0 introduces jsonlint, jsonlint-cli, babel-register, and eslint-config-okonet enhancing the overall tooling chain. Furthermore, the listed versions of the devDependencies eslint-plugin-import and eslint-plugin-standard have been bumped up. This reflects efforts to keep the project's development pipeline updated with the latest linting rules and best practices. The absence of object-assign dependency in version 3.1.0 suggests a potential refactoring where object assignment is handled differently, possibly utilizing native JS features. For developers, these updates translate to improved performance, better configuration handling, and a more streamlined development experience through enhanced linting and code quality checks. The new version seemingly offers a more robust and versatile solution for managing staged files.
All the vulnerabilities related to the version 3.1.0 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
