Lint-staged is a popular npm package designed to streamline development workflows by running linters only on files staged for commit in Git. Comparing versions 3.2.3 and 3.2.2 reveals subtle yet potentially influential differences for developers. Both versions share core dependencies like execa for executing commands, listr for task management, which and npm-which for locating executables, minimatch for file pattern matching, cosmiconfig for configuration, app-root-path for resolving project paths and staged-git-files for identifying relevant files. The bulk of shared dependencies indicates consistent core functionality focused on determining staged files and running commands against them.
Examining development dependencies highlights changes. Version 3.2.3 gains semantic-release a tool automating the release workflow by determining the next version number, generating the release notes and publishing the package. The impact is automated releases and possibly alignment with semantic versioning principles. Version 3.2.2 uses npmpub for publishing likely performing a similar task before the addition of semantic-release. The shift indicates a potentially more robust and automated release process in 3.2.3 making the library better tooled for continuous delivery. The tmp package also sees a minor version bump indicating possible bug fixes of some minor addition. For developers adopting lint-staged, version 3.2.3 promises a smoother upgrade and integration experience fueled by automated releases.
All the vulnerabilities related to the version 3.2.3 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
