Offline-github-changelog, a tool designed for generating changelogs for GitHub projects directly from the Git history, has released version 3.1.0, succeeding version 3.0.2. Both versions share the same core dependencies, including @transformation/core, @transformation/ejs, @transformation/process, @transformation/stream, markdown-escape, and meow, ensuring consistent functionality related to transformation, template rendering, process management, stream handling, markdown escaping, and command-line interface creation. Similarly, the development dependencies remain consistent, encompassing tools for linting (eslint, eslint-config-prettier, eslint-config-standard), testing (mocha, sinon, unexpected, unexpected-snapshot), and code formatting (prettier). These ensure code quality, consistency, and reliable testing practices across both versions.
The key difference lies in the dist metadata. Version 3.1.0 has an unpacked size of 44880 bytes compared to version 3.0.2 having that of 35974 bytes, indicating an increase in the package's size. This increment may be due to added features, enhanced documentation, or internal code improvements. Version 3.1.0 was released on January 29, 2024, while version 3.0.2 was released on January 24, 2024, meaning the newer version includes the work done in those 5 days. If you're already using offline-github-changelog, upgrading to 3.1.0 will provide you with the latest improvements and potentially address any bugs identified in the previous version. New users should opt for version 3.1.0 to benefit from the most up-to-date features and fixes.
All the vulnerabilities related to the version 3.1.0 of the package
ejs lacks certain pollution protection
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
