Gulp-format-md is a Gulp plugin designed to automatically format and beautify Markdown files using the pretty-remarkable library. Version 2.0.0, released in November 2018, represents a notable update from the previous stable version 1.0.0, which was released in July 2017.
One of the key differences lies in the dependency list. Version 2.0.0 has streamlined its dependencies, removing extend-shallow, log-ok, minimist, tokenize-comment, and write, while updating pretty-remarkable to a newer major version (^1.0.0 from ^0.4.1). This suggests a refactoring towards a more focused and potentially more efficient implementation. Version 1.0.0 had dependencies like vinyl for direct integration with Gulp's virtual file system, but its removal in 2.0.0 may have simplified the plugin's internal operations or shifted file handling responsibilities. Both versions rely on pretty-remarkable and remarkable for Markdown parsing and formatting, and sections for handling document sections. through2 is also present in both versions, indicating a consistent approach to stream processing within the Gulp ecosystem.
The developer dependencies also differ. Version 1.0.0 included gulp plugins for linting (gulp-eslint), instrumentation(gulp-istanbul), and testing(gulp-mocha). V2.0.0 appears to have opted for a simpler development setup, retaining only mocha for testing. This could reflect a change in the plugin's development workflow or a shift in testing approach. These changes means that v2.0.0 may be smaller and have a reduced install time.
All the vulnerabilities related to the version 2.0.0 of the package
Command Injection in lodash
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
