Lint-staged boasts two adjacent versions, 4.2.1 and 4.2.2, presenting developers with incremental improvements to this tool designed to lint staged files in your Git repository automatically. Both versions share the core functionality of running linters against pre-commit files, ensuring code quality and consistency. Common dependencies remain consistent, including libraries like chalk for terminal styling, execa for command execution, listr for elegant task lists, lodash for utility functions and cosmiconfig for configuration file management as well as log-symbols and app-root-path.
However, a key distinction lies in the updated dependencies: jest-validate increases from version 20.0.3 to 21.1.0 and it's related to testing, suggesting improvements in validation and configuration handling within the testing framework. The newer 4.2.2 version also upgrades jest and jest-cli to version 21.1.0 from version 20.0.4 in 4.2.1 and removes strip-ansi and introduces babel-jest package.
These updates suggest improvements in testing capabilities and how the tool interacts with JavaScript projects, making the newer version potentially more robust and easier to integrate with modern JavaScript development workflows. For developers, the upgrade to 4.2.2 likely brings enhanced testing features and potentially, better compatibility with the latest versions of Jest and related tools, smoothing the development experience for those leveraging these technologies in their projects.
All the vulnerabilities related to the version 4.2.2 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
