Gulp-bump is a valuable tool for developers using Gulp to manage and automate their build processes, particularly when it comes to versioning npm packages. Comparing versions 2.8.0 and 2.7.0, the most notable difference lies in the updated dependency for bump-regex. Version 2.8.0 depends on bump-regex version ^2.8.0, while version 2.7.0 depends on bump-regex version ^2.7.0. This indicates that version 2.8.0 likely includes enhancements or bug fixes related to regular expression based version bumping offered by the bump-regex dependency.
For developers, this update suggests improved robustness and accuracy when bumping versions using regular expressions during the build process. The core dependencies like plugin-error, plugin-log, semver, and through2 remain consistent between the two versions, ensuring continued compatibility and functionality for common tasks like error handling, logging, semantic versioning, and stream processing within Gulp workflows. Both versions offer the same set of development dependencies (mocha, should, vinyl) for testing purposes, allowing developers to confidently validate their usage of gulp-bump.
The update doesn't represent a breaking change for most users but the newer bump-regex might support new file extensions and increased configuration.
All the vulnerabilities related to the version 2.8.0 of the package
Uncontrolled Resource Consumption in trim-newlines
@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
