Lint-staged version 3.6.1 is a minor update to the popular Git hook tool that automatically lints files staged for commit. Building upon version 3.6.0, this release primarily addresses internal improvements and dependency updates, ensuring enhanced stability and compatibility without introducing significant new features or breaking changes for end-users. Developers already using lint-staged will find the upgrade seamless.
The key difference lies within the updated dependencies. While the core functionality remains the same, version 3.6.1 upgrades the execa dependency from version ^0.6.0 to ^0.7.0. This resolves potential security vulnerabilities and incorporates performance improvements introduced in the newer execa version, which is crucial for execution. The tool aims to efficiently manage and execute linting tasks without disrupting the developer workflow.
The remaining dependencies and devDependencies remain identical between the two versions, indicating a focused effort on refining existing functionality rather than introducing new features. Developers will still benefit from the familiar configuration options, support for various linters, and seamless integration with popular Git workflows. Consider upgrading to 3.6.1 for the improved stability and latest security patches inherited through the updated execa dependency. It is recommended to test the updated tool inside of the project environment.
All the vulnerabilities related to the version 3.6.1 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
