Lint-staged, a popular tool for running linters on staged git files, released version 4.0.0 as an incremental update to its previous stable version 3.6.1. Both versions share the same core functionality of selectively linting code, preventing developers from committing code that doesn't adhere to established style guides. The dependencies for core functionality remain consistent between versions, with execa, listr, p-map, minimatch, npm-which, cosmiconfig, lodash.chunk, app-root-path, and staged-git-files versions untouched in the new release. The critical difference lies in the release date, with version 4.0.0 going live on June 18, 2017, a week after version 3.6.1 published on June 10, 2017. While the provided data doesn't explicitly detail the specific bug fixes or minor features introduced in version 4.0.0, developers upgrading from version 3.6.1 can anticipate stability improvements and potentially subtle enhancements. Given the short timeframe, changes are likely focused on refinements rather than significant overhauls. For developers already using lint-staged, upgrading to version 4.0.0 is a safe bet, ensuring they benefit from the latest potential fixes and refinements without the risk of major breaking changes. Those setting up lint-staged for the first time can confidently choose either version, noting that 4.0.0 represents the slightly more recent and potentially refined iteration.
All the vulnerabilities related to the version 4.0.0 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
