Gulp-tag-version is a handy tool for automating the process of tagging your Git repository with the current package version defined in your package.json file. This simplifies release management and ensures consistency between your code and versioning.
Comparing version 1.2.1 with the older 1.1.0, the core functionality remains the same, offering developers a streamlined way to create Git tags based on the version. The key takeaway is that switching between these versions won't fundamentally alter how the tool operates.
The primary difference lies in the timing. Version 1.2.1 was released on November 27, 2014, while 1.1.0 came out on September 10, 2014. While the changelogs aren't provided, the gap suggests that version 1.2.1 likely includes bug fixes, minor improvements, or dependency updates that address issues identified in the earlier version. Dependencies: map-stream, gulp-util and gulp-git are the same for both versions. Dev dependencies are gulp-bump, gulp-filter, gulp-prompt, gulp and gulp-git and are the same for both versions. Using the newer version is always recommended, as it rolls up all those improvements and you will take advantage of a better product for your automation workflows.
All the vulnerabilities related to the version 1.2.1 of the package
Uncontrolled Resource Consumption in trim-newlines
@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Command Injection in lodash
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
