Grunt-conventional-github-releaser simplifies the process of creating GitHub releases based on conventional commits. Version 1.0.0 introduces notable updates compared to version 0.5.0. The core dependency, conventional-github-releaser, advances from version 0.5.0 to version 1.1.0, indicating significant improvements and potentially new features in the release automation process itself. Developers upgrading should review the conventional-github-releaser changelog for specific details on these enhancements. On the other hand, version 1.0.0 updates grunt-contrib-jshint to 0.12.0 from 0.11.2.
Both versions share a similar development environment, utilizing tools like Grunt for task automation, JSHint for code quality, and Nodeunit for testing. Key dependencies like chalk for terminal styling and plur for pluralization remain consistent. The update to grunt-bump from 0.6.0 to 0.7.0 in version 1.0.0 suggests improvements in version management and automated version bumping.
The package facilitates automated release creation directly from your Grunt build process, saving time and ensuring consistency. Developers benefit from version 1.0.0 through its more up-to-date tooling and underlying releaser library. To ensure a smooth transition, review the breaking changes introduced with conventional-github-releaser 1.0 carefully.
All the vulnerabilities related to the version 1.0.0 of the package
Command Injection in lodash
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
dot-prop Prototype Pollution vulnerability
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Uncontrolled Resource Consumption in trim-newlines
@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
semver-regex Regular Expression Denial of Service (ReDOS)
npm semver-regex is vulnerable to Inefficient Regular Expression Complexity
Regular expression denial of service in semver-regex
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
