Lint-staged is a popular npm package that helps developers automatically lint files staged in Git, ensuring code quality and consistency before commits. Comparing versions 3.2.2 and 3.2.1 reveals subtle but important updates. Both versions share the same core dependencies for executing commands, listing tasks, finding executables (execa,listr,which), matching files (minimatch), locating npm modules (npm-which), managing configuration (cosmiconfig), and working with the project root (app-root-path, staged-git-files).Their development dependencies are the same (tmp, mocha, eslint, expect, npmpub, rewire, jsonlint, npm-check, babel-core, is-promise, pre-commit, jsonlint-cli, babel-register, babel-preset-es2015, babel-preset-stage-0, eslint-config-okonet, cz-conventional-changelog).
The primary difference lies in the listr dependency, updated from version 0.7.0 in 3.2.1 to version 0.9.0 in 3.2.2. The newer version brought performance improvements and enhanced error handling for task lists, directly impacting the user experience. This upgrade contributed to a smoother and more robust linting process. Another significant difference is the release date. Version 3.2.2 was released on December 7, 2016 indicating bugfixes and minor improvements done following the release of version 3.2.1 almost a month before, on November 4, 2016. For developers, upgrading to lint-staged 3.2.2 provided a more reliable and optimized linting workflow, particularly for projects with extensive staged files or complex linting configurations. Consider upgrading when seeking stability and performance enhancements in your Git pre-commit hooks.
All the vulnerabilities related to the version 3.2.2 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
