Lint-staged is a valuable tool for developers aiming to maintain code quality by linting files before committing them to a Git repository. Comparing version 3.6.0 with its predecessor, 3.5.1, reveals subtle yet important distinctions. Both versions share identical core dependencies, including execa, listr, p-map, minimatch, npm-which, cosmiconfig, lodash.chunk, and app-root-path, which suggests the fundamental functionality remains consistent. Similarly, the devDependencies section, crucial for development workflows, exhibits no changes between the two releases, encompassing tools like jest, eslint, babel-* packages, semantic-release, and others.
The key difference lies in the release date. Version 3.6.0 was published on June 1st, 2017, while version 3.5.1 was released on May 29th, 2017. This small gap suggests that the newer version may include minor bug fixes, performance improvements, or dependency updates that don't warrant a major or minor version bump. For developers, this means that upgrading to 3.6.0 is recommended for the most stable and up-to-date experience. Because the dependencies and devDependencies have not changed, you can be sure that there will not be any critical changes with your build process, while you can be sure you are using an improved version of the library.
All the vulnerabilities related to the version 3.6.0 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
