Lint-staged saw a minor update from version 4.0.2 to 4.0.3 focusing primarily on dependency upgrades. Both versions serve the same core purpose: linting files staged in Git, preventing problematic code from ever being committed. This helps maintain code quality and consistency across projects using pre-commit hooks for automated code review.
The key difference lies in the updated execa dependency, moving from version 0.7.0 to 0.8.0. Execa is a process execution library, and this update likely includes bug fixes, performance improvements, or new features in executing shell commands, impacting how lint-staged interacts with Git and linters.
For developers, this means version 4.0.3 benefits from the stability and potentially enhanced functionality of the newer execa release. No direct changes to lint-staged's API or configuration seemed to occur, so upgrading should be seamless for most users. Lint-staged handles integration with linters configured in your project through package.json or dedicated configuration files, integrating it seamlessly into your dev workflow. It supports various linters and formatters, making it a versatile choice for modern Javascript and Typescript repositories. Consider upgrading to 4.0.3 for the benefits offered by the updated execa dependency.
All the vulnerabilities related to the version 4.0.3 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
