🚨 [security] [js] Upgrade semantic-release: 17.4.7 → 19.0.3 (major) #625
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![depfu[bot]](https://avatars.githubusercontent.com/in/715?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ semantic-release (17.4.7 → 19.0.3) · Repo
Security Advisories 🚨
🚨 Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
Release Notes
19.0.2
18.0.1
18.0.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 60 commits:
fix(log-repo): use the original form of the repo url to remove the need to mask credentials (#2459)build(deps): bump npm from 8.3.1 to 8.12.0 (#2447)chore(lint): disabled rules that dont apply to this project (#2408)chore(deps): update dependency yargs-parser to 13.1.2 [security] (#2402)build(deps): bump node-fetch from 2.6.1 to 2.6.7 (#2399)build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3build(deps): bump minimist from 1.2.5 to 1.2.6docs: update broken link to CI config recipes (#2378)docs: Correct circleci workflow (#2365)Merge pull request #2333 from semantic-release/nextfix(npm-plugin): upgraded to the stable versionfix(npm-plugin): upgraded to the latest beta versionMerge pull request #2332 from semantic-release/betafix(npm-plugin): upgraded to the beta, which upgrades npm to v8fix: upgrade `marked` to resolve ReDos vulnerability (#2330)docs: fix a broken link (#2318)docs: wrong prerelease example (#2307)docs: remove repeated 'with' word (#2289)docs(breaking-change): highlighted the need for `BREAKING CHANGE: ` to be in the commit footer (#2283)docs(badge): mentioned referencing the commit convention (#2269)docs: update badges to include preset names (#2266)docs(issue-templates): fixed links to templates for opening issues (#2264)docs: fix typo (#2262)fix: bump @semantic-release/commit-analyzer to 9.0.2 (#2258)docs(troubleshooting): typo (#2254)docs(recipes): fix path to recipes (#2253)chore(deps): update dependency got to v11.8.3 (#2251)docs(recipes): moved recipes to sub-directories to align with gitbook expectations (#2246)docs(plugin-list): updates semantic-release-plus/docker with updated lifecycle hook. (#2243)chore(deps): update dependency nock to v13.2.1 (#2242)docs(badge): switched to proper semantic-release logo (#2235)docs(gitbook): updated the summary document so that missing pages are rendered by gitbook (#2234)chore(deps): update dependency nock to v13.2.0 (#2233)chore(deps): update dependency sinon to v12.0.1 (#2231)Revert "chore(deps): update dependency p-retry to v5" (#2230)chore(deps): update dependency p-retry to v5 (#2229)chore(deps): update dependency sinon to v12 (#2227)chore(deps): update dependency clear-module to v4.1.2 (#2226)docs(plugins): add @eshepelyuk/semantic-release-helm-oci to plugins list (#2211)docs: add semantic-release-npm-deprecate plugin (#2210)docs(node-version): consolidated and clarified the details about the required node version (#2170)chore(deps): update dependency ansi-regex to 5.0.1 [security] (#2197)chore(deps): update dependency nock to v13.1.4docs: fix plugin example (export `verifyConditions`, not `verify`) (#2192)docs(plugins): add telegram-bot plugin to the plugin list (#2190)docs: add semantic-release-github-milestones plugin (#2181)docs(github-actions): update workflow version, update node-version (#2175)docs(readme): minor updates, including formating and minor clarification (#2168)docs: add semantic-release-mattermost to the plugin list (#2163)chore(deps): update dependency ssh2 to 1.4.0 [security] (#2147)docs: add section on logger usage for plugins (#2139)chore(deps): update dependency semver-regex to 3.1.3 [security] (#2144)build(release.yml): set node-version to 16feat(node-version): raised the minimum required version to v14.17 (#2132)chore(deps): update dependency dockerode to v3.3.1 (#2113)chore(deps): update dependency sinon to v11.1.2 (#2108)chore(deps): update dependency nock to v13.1.3 (#2107)chore(deps): update dependency codecov to v3.8.3 (#2106)docs: fix broken link on github actions recipe (#2102)ci(test): set node version explicitly in `test` job (#2092)Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands