Conventional Changelog Core version 4.2.0 introduces several improvements and dependency updates compared to version 4.1.8, making it a worthwhile upgrade for developers utilizing this library for generating changelogs from conventional commits. The most notable change lies in the updated dependency on git-semver-tags, moving from version 4.0.0 to version 4.1.0. This update likely incorporates bug fixes, performance enhancements, and potentially new features related to identifying semantic version tags in Git repositories. While the specifics of these git-semver-tags changes aren't detailed here, they represent improvements in accurately determining project versions based on Git tags.
Beyond dependency updates, the increase in unpacked size, from 45965 to 46673, signifies potentially added features or code optimizations within the core library itself. Though the exact nature of these changes isn't explicitly stated in the provided data, this growth suggests a refinement of the changelog generation process. Furthermore, version 4.2.0 was released on August 12, 2020, indicating a more recent and actively maintained version compared to the June 20, 2020 release date of version 4.1.8. By upgrading, developers can benefit from enhanced stability, improved tag handling, and potentially newer capabilities for creating more accurate and comprehensive changelogs, streamlining their release management workflows.
All the vulnerabilities related to the version 4.2.0 of the package
Uncontrolled Resource Consumption in trim-newlines
@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Command Injection in lodash
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
