Standard version 6.0.3 is a minor update to the popular JavaScript Standard Style linter, building upon version 6.0.2. Both versions share the same core linting engine configuration driven by eslint, eslint-config-standard, and related plugins for React, Promise, and Standard styles. This ensures consistent code style enforcement across projects. They both rely on standard-engine for the underlying CLI and API. Key devDependencies like tape for testing, mkdirp for directory creation, minimist for argument parsing, and babel-eslint for Babel support remain unchanged, indicating stability in the tooling for extension and project integration.
The most significant difference between the two is the addition of xtend as a direct dependency in version 6.0.3. xtend aids in extending JavaScript objects and adding flexibility to the system.
For developers, this emphasizes that upgrading from 6.0.2 to 6.0.3 should be seamless, with the existing linting rules and development workflow remaining consistent. The inclusion of xtend suggests potential internal improvements or added flexibility in configuration options that might be exposed later. While both versions continue to provide a robust and standardized approach to JavaScript code style, this small addition might lead to more configurable extensions in the future. Both versions are still licensed under MIT and maintained by Feross Aboukhadijeh providing a stable and trustworthy linting dependency.
All the vulnerabilities related to the version 6.0.3 of the package
Prototype Pollution in Ajv
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
Improper Privilege Management in shelljs
shelljs is vulnerable to Improper Privilege Management
Improper Privilege Management in shelljs
Output from the synchronous version of shell.exec() may be visible to other users on the same system. You may be affected if you execute shell.exec() in multi-user Mac, Linux, or WSL environments, or if you execute shell.exec() as the root user.
Other shelljs functions (including the asynchronous version of shell.exec()) are not impacted.
Patched in shelljs 0.8.5
Recommended action is to upgrade to 0.8.5.
https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/
If you have any questions or comments about this advisory:
