Lint-staged is a valuable tool for developers aiming to maintain code quality in their projects by linting files before they are committed to Git. Version 3.5.0 introduces some notable changes compared to the previous stable version, 3.4.2. One key difference lies in the dependencies. Version 3.5.0 adds lodash.chunk and babel-runtime as dependencies. These provide functionalities such as chunking arrays and provide a polyfill for earlier javascript envirements, potentially enhancing the performance and compatibility of lint-staged across different environments. In the devDependencies, version 3.5.0 updates babel tooling by including"babel-plugin-transform-runtime" and "babel-preset-env" while removing the older babel-preset-es2015and babel-preset-stage-0.The move to babel-preset-env signals a shift towards greater flexibility, allowing developers to target specific browser environments rather than adhering to preset ECMAScript versions. The inclusion of babel-plugin-transform-runtime reduces bundle sizes and avoids potential issues with polyfilling.These changes suggest a focus on modernizing the build process,optimizing for different JavaScript environments, and improving the overall developer experience.
All the vulnerabilities related to the version 3.5.0 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
