Lint-staged version 6.0.1 is a patch release following 6.0.0, designed to fix bugs and improve overall stability for developers leveraging it to lint files staged in Git. Both versions help ensure code quality by running linters against staged changes *before* they are committed preventing broken code from entering the repository. Key dependencies like pify, chalk, execa, lodash, and cosmiconfig remain consistent, providing a stable foundation for linting workflows.
However, significant updates appear in development dependencies. Version 6.0.1 upgrades jest to version 22.0.4 and prettier to version 1.9.2. These imply improvement in testing capabilities and code formatting according to the latest standards. The absence of babel-jest and remove-lockfiles in 6.0.1 alongside the updated jest configuration might reflect refactoring in the testing approach. For developers, this means potentially more robust and reliable testing with newer tools. Furthermore, while the core functionality remains unchanged, the patch version encourages users to stay current with the latest improvements and reliability fixes. These updates contribute to a more streamlined and efficient development experience when integrating lint-staged into their workflow.
All the vulnerabilities related to the version 6.0.1 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
