Grunt-conventional-changelog simplifies changelog generation for Grunt-based projects, automating the process of creating markdown changelogs directly from Git commit data. Version 1.2.0 refines this process, offering notable updates over its predecessor, version 1.1.0. A significant change lies in the updated dependency on the core conventional-changelog library, jumping from version 0.0.6 to 0.0.16. This update likely incorporates bug fixes, performance improvements, and potentially new features within the changelog generation process itself.
For developers considering upgrading, the dependency update is the key highlight. While specific enhancements within the conventional-changelog library aren't explicitly detailed here, upgrading often brings improvements to accuracy and format of the changelog. Version 1.2.0 also updates its development dependencies, including grunt to ^0.4.5, introducing grunt-bump, grunt-cli, grunt-contrib-nodeunit, and grunt-npm, suggesting improved build, testing, and release workflows. Older dependencies like grunt-release have been removed, perhaps streamlining the release process.
Developers using grunt-conventional-changelog should consider upgrading to version 1.2.0 to benefit from these updated dependencies, potentially leading to a more robust and efficient changelog generation process tightly integrated with typical Grunt workflows. Ensure compatibility with your existing Grunt configuration and test thoroughly before deploying to production.
All the vulnerabilities related to the version 1.2.0 of the package
Uncontrolled Resource Consumption in trim-newlines
@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Command Injection in lodash
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
