Lint-staged is a popular npm package that helps developers automatically format and lint files staged for commit in Git, ensuring code quality and consistency. Version 3.2.1 builds upon the previous stable version, 3.2.0, with a few key updates particularly advantageous for developers focused on code linting.
One notable difference lies in the dependencies. While core dependencies such as execa, listr, minimatch and cosmiconfig remain consistent, listr receives a bump from 0.6.0 to 0.7.0. Moreover, the newer version 3.2.1 shows a focused adjustment of the eslint dependency, moving from version 3.7.1 to 3.9.1, likely incorporating bug fixes, performance improvements, or new linting rules. On the other hand, version 3.2.0 had additional eslint related dependencies missing on the newest version such as eslint-plugin-import, eslint-plugin-promise, eslint-config-standard and eslint-plugin-standard.
These subtle changes suggest an incremental improvement and stabilization in the linting process. Developers upgrading to version 3.2.1 can expect smoother integration with ESLint, benefiting from the latest rule updates and potential performance enhancements. The update may also address any compatibility issues encountered in version 3.2.0 which explains the packages which where removed. Given the nature of lint-staged, keeping dependencies current ensures a seamless and robust workflow for maintaining code quality within a Git repository.
All the vulnerabilities related to the version 3.2.1 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
