Lint-staged is a popular npm package designed to streamline development workflows by automatically linting files that are staged in Git. Examining versions 6.1.0 and 6.1.1 reveals subtle yet important differences that developers should be aware of. A primary distinction lies in the staged-git-files dependency. Version 6.1.0 relies on version 0.0.4, whereas 6.1.1 upgrades this dependency to version 1.0.0. This upgrade likely introduces enhanced stability and potentially new features for identifying staged files within the Git repository.
Furthermore, lint-staged 6.1.1 boasts an expanded distribution package. It includes 13 files, reaching an unpacked size of 33948 bytes, while the earlier version (6.1.0) does not specify the fileCount or unpackedSize, suggesting minor adjustments or additions to the codebase, likely to accommodate the dependency updates. Consider this staged-git-files upgrade as it probably improves the efficiency and accuracy of identifying files about to be committed, ensuring only correctly formatted and validated code is merged, reducing errors and improving code quality. For developers, the shift from 6.1.0 to 6.1.1 entails an upgrade that leverages superior capabilities for tracking and managing staged files, which is a significant update to a core function of the library.
All the vulnerabilities related to the version 6.1.1 of the package
Regular Expression Denial of Service (ReDoS) in cross-spawn
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
