Lint-staged is a popular npm package designed to streamline development workflows by running linters against staged git files before committing. Comparing versions 3.2.9 and 3.2.8, developers will find subtle but important differences. The core functionality remains the same: utilizing tools like ESLint, JSONLint, and others to ensure code quality and consistency before changes are integrated.
The most apparent difference between these two versions lies in their dependencies and release dates. Version 3.2.9, released on January 30, 2017, updates the listr dependency to version ^0.10.0, while version 3.2.8, released earlier on January 24, 2017, uses listr version ^0.9.0. listr is a tool for running lists of tasks, so this update likely involves improvements or bug fixes in the task execution process within lint-staged. All other dependencies seem equivalent, including those crucial for linting (eslint, jsonlint), configuration (cosmiconfig), and git interaction (staged-git-files).
For developers using lint-staged, it suggests updating to the newer version to leverage the updated listr dependency. While the changelog isn't directly available from this data, the move to listr ^0.10.0 might improve the handling of linting tasks, potentially leading to faster or more reliable pre-commit checks. Both versions offer a robust set of features for maintaining code quality in git repositories using modern JavaScript tooling.
All the vulnerabilities related to the version 3.2.9 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
