Lint-staged, a popular tool for running linters on Git staged files, saw a notable update between versions 4.2.3 and 4.3.0. Both versions share the core functionality of ensuring code quality before commits, utilizing dependencies like chalk for colorful console output, execa for executing commands, and listr for elegant task management. Developers relying on features like selective linting via glob patterns (is-glob, minimatch) and configuration file support (cosmiconfig) will find these consistent across both versions.
However, version 4.3.0 introduces commander which helps managing CLI interfaces when running the linting tool. Version 4.3.0 also updated the dev dependency consolemock from 0.2.2 to 0.3.0.
For developers, these updates translates to a refined command-line experience potentially simplifying usage and integration within development workflows. These changes, while seemingly minor, contribute to a more robust and developer-friendly linting process ensuring consistent code style and quality within Git repositories. The core functionality of lint-staged remains intact, giving developers confidence in a reliable and up-to-date solution for pre-commit code checks.
All the vulnerabilities related to the version 4.3.0 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
