https://github.com/observing/pre-commit/blob/a84bdc87aabf79493343a366872ab204a62b1613/package.json#L33 Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. Details of the issue: Package: cross-spawn Current version: ^5.0.1 Vulnerable versions: <7.0.5 Fixed version: >=7.0.5 Impact: Increased CPU usage or crash due to ReDoS