Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency semantic-release to v17 [security] - abandoned #38

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Nov 27, 2020

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
semantic-release 6.3.6 -> 17.2.3 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-26226

Impact

Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL.

Patches

Fixed in v17.2.3

Workarounds

Secrets that do not contain characters that become encoded when included in a URL are already masked properly.


Release Notes

semantic-release/semantic-release

v17.2.3

Compare Source

Bug Fixes
  • mask secrets when characters get uri encoded (ca90b34)

v17.2.2

Compare Source

Bug Fixes
  • don't parse port as part of the path in repository URLs (#​1671) (77a75f0)
  • use valid git credentials when multiple are provided (#​1669) (2bf3771)

v17.2.1

Compare Source

Reverts

v17.2.0

Compare Source

Features
  • throw an Error if package.json has duplicate "repository" key (#​1656) (b8fb35c)

v17.1.2

Compare Source

Bug Fixes

v17.1.1

Compare Source

Bug Fixes

v17.1.0

Compare Source

Features
  • bitbucket-basic-auth: support for bitbucket server basic auth (#​1578) (a465801)

v17.0.8

Compare Source

Bug Fixes
  • prevent false positive secret replacement for Golang projects (#​1562) (eed1d3c)

v17.0.7

Compare Source

Bug Fixes

v17.0.6

Compare Source

Bug Fixes

v17.0.5

Compare Source

Bug Fixes
  • adapt for semver to version 7.3.2 (0363790)

v17.0.4

Compare Source

Bug Fixes
  • add repositoryUrl in logs (55be0ba)

v17.0.3

Compare Source

Bug Fixes
  • pass a branch name to getGitAuthUrl (e7bede1)

v17.0.2

Compare Source

Bug Fixes
  • package: update marked-terminal to version 4.0.0 (8ce2d6e)

v17.0.1

Compare Source

Bug Fixes

v17.0.0

Compare Source

BREAKING CHANGES
  • Require Node.js >= 10.18

v16.0.4

Compare Source

Bug Fixes
  • correct error when remote repository has no branches (c6b1076)

v16.0.3

Compare Source

Bug Fixes
  • use --no-verify when testing the Git permissions (b54b20d)

v16.0.2

Compare Source

Bug Fixes
  • fetch tags on repo cached by the CI (6b5b02e)

v16.0.1

Compare Source

Bug Fixes
  • package: update env-ci to version 5.0.0 (3739ab5)

v16.0.0

Compare Source

BREAKING CHANGES
  • ⚠️ For v16.0.0@​beta users only:

    In v16, a JSON object stored in a Git note is used to keep track of the channels on which a version has been released, the @{channel} suffix is no longer necessary.

    The tags formatted as v{version}@​{channel} will now be ignored. If you have releases using this format you will have to upgrade them:

    • Find all the versions that have been released on a branch other than the default one by searching for all tags formatted as v{version}@​{channel}
    • For each of those version:
      • Create a tag without the {@​channel} if none doesn't already exists
      • Add a Git note to the tag without the {@​channel} containing the channels on which the version was released formatted as {"channels":["channel1","channel2"]} and using null for the default channel (for example.{"channels":[null,"channel1","channel2"]})
      • Push the tags and notes
      • Update the GitHub releases that refer to a tag formatted as v{version}@​{channel} to use the tag without it
      • Delete the tags formatted as v{version}@​{channel}
  • Require Node.js >= 10.13

  • Git CLI version 2.7.1 or higher is now required: The --merge option of the git tag command has been added in Git version 2.7.1 and is now used by semantic-release

  • Regexp are not supported anymore for property matching in the releaseRules option.

    Regex are replaced by globs. For example /core-.*/ should be changed to 'core-*'.

  • The branch option has been removed in favor of branches

  • The new branches option expect either an Array or a single branch definition. To migrate your configuration:

    • If you want to publish package from multiple branches, please see the configuration documentation
    • If you use the default configuration and want to publish only from master: nothing to change
    • If you use the branch configuration and want to publish only from one branch: replace branch with branches ("branch": "my-release-branch" => "branches": "my-release-branch")
Features
  • allow addChannel plugins to return false in order to signify no release was done (e1c7269)
  • allow publish plugins to return false in order to signify no release was done (47484f5)
  • allow to release any version on a branch if up to date with next branch (916c268)
  • support multiple branches and distribution channels (7b40524)
  • use Git notes to store the channels on which a version has been released (b2c1b2c)
  • package: update @​semantic-release/commit-analyzer to version 7.0.0 (e63e753)
Performance Improvements
  • use git tag --merge <branch> to filter tags present in a branch history (cffe9a8)
Bug Fixes
  • add channel to publish success log (5744c5e)
  • add a flag indicate which branch is the main one (2caafba)
  • Add helpful detail to ERELEASEBRANCHES error message (#​1188) (37bcc9e)
  • allow multiple branches with same channel (63f51ae)
  • allow to set ci option via API and config file (2faff26)
  • call getTagHead only when necessary (de77a79)
  • call success plugin only once for releases added to a channel (9a023b4)
  • correct log when adding channel to tag (61665be)
  • correctly determine next pre-release version (0457a07)
  • correctly determine release to add to a channel (aec96c7)
  • correctly handle skipped releases (89663d3)
  • display erroring git commands properly (1edae67)
  • do not call addChannelfor 2 merged branches configured with the same channel (4aad9cd)
  • do not create tags in dry-run mode for released to add to a channel (97748c5)
  • fetch all release branches on CI (b729183)
  • fix branch type regexp to handle version with multiple digits (52ca0b3)
  • fix maintenance branch regex (a022996)
  • fix range regexp to handle version with multiple digits (9a04e64)
  • handle branch properties set to false (751a5f1)
  • harmonize parameters passed to getError (f96c660)
  • ignore lasst release only if pre-release on the same channel as current branch (990e85f)
  • increase next version on prerelease branch based on highest commit type (9ecc7a3)
  • look also for previous prerelease versions to determine the next one (9772563)
  • modify fetch function to handle CircleCI specifics (cbef9d1)
  • on maintenance branch add to channel only version >= to start range (c22ae17)
  • remove confusing logs when searching for releases to add to a channel (162b4b9)
  • remove hack to workaround GitHub Rebase & Merge (844e0b0)
  • remove unnecessary await (9a1af4d)
  • simplify get-tags algorithm (00420a8)
  • throws error if the commit associated with a tag cannot be found (1317348)
  • update plugin versions (0785a84)
  • update plugins dependencies (9890584)
  • verify is branch is up to date by comparing remote and local HEAD (a8747c4)
  • remove unnecessary branch parameter from push function (968b996)
  • revert to the correct refspec in fetch function (9948a74)
  • update plugins dependencies (73f0c77)
  • repositoryUrl: on beta repositoryUrl needs auth for pre-release flows (#​1186) (3610422)

v15.14.0

Compare Source

Features
  • pass envi-ci values to plugins context (a8c747d)

v15.13.32

Compare Source

Bug Fixes
  • correctly display command that errored out in logs (fc7205d)

v15.13.31

Compare Source

Bug Fixes
  • package: update yargs to version 15.0.1 (2c13136)

v15.13.30

Compare Source

Bug Fixes
  • package: update cosmiconfig to version 6.0.0 (ffff100)

v15.13.29

Compare Source

Bug Fixes
  • use authenticated URL to check if local branch is up to date (7a939a8)

v15.13.28

Compare Source

Bug Fixes
  • package: update execa to version 3.2.0 (1693073)
  • require Node.js >=8.16 (2f3d934)

v15.13.27

Compare Source

Bug Fixes
  • ignore custom port when converting ssh repo URL to https (4af8548)

v15.13.26

Compare Source

Bug Fixes
  • clarify message for EGITNOPERMISSION error (79d22a2)

v15.13.25

Compare Source

Bug Fixes
  • package: update read-pkg-up to version 7.0.0 (0e24022)

v15.13.24

Compare Source

Reverts
  • docs: broken link docs/03-recipes/travis.md (eea5de2)
  • docs: cleaned "Developer guide" section navigation (3c4a0fb)
  • docs: corrections and further clarifications (ce3d1bc)
  • docs: made doc file org clearer and augmented content (5e41dc8)
  • docs: note publishing on distribution channels in beta (54d8e3f)
  • docs: repared broken links to "CI configuration recipes" (e00b6c8)
  • docs: synched README.md and SUMMARY.md (e770c50)
  • docs: update semantic-release-cli broken link (58aaf05)
  • docs(contributing): added instructions on how to run gitbook locally (55c3616)
  • docs(contributing): copy/pasted "Use gitbook locally" instruction from original url (c517c70)
  • docs(recipes): cleaned doc and navigation (a6188d3)
  • fix(definitions): Repository documentation links (95a9e89)

v15.13.23

Compare Source

Bug Fixes
  • package: update yargs to version 14.0.0 (3c2fe35)

v15.13.22

Compare Source

Bug Fixes
  • definitions: Repository documentation links (1eb3025)

v15.13.21

Compare Source

Bug Fixes
  • package: update hosted-git-info to version 3.0.0 (391af98)

v15.13.20

Compare Source

Bug Fixes
  • package: update dependency lodash to address security warnings (#​1253) (9a8a36c)

v15.13.19

Compare Source

Bug Fixes
  • package: update marked to version 0.7.0 (75f0830)

v15.13.18

Compare Source

Bug Fixes

v15.13.17

Compare Source

Bug Fixes
  • package: update execa to version 2.0.0 (52c48be)

v15.13.16

Compare Source

Bug Fixes
  • package: update env-ci to version 4.0.0 (8051294)

v15.13.15

Compare Source

Bug Fixes
  • prefix git auth with "x-access-token:" when run in a GitHub Action (038e640)

v15.13.14

Compare Source

Bug Fixes
  • package: update read-pkg-up to version 6.0.0 (74103ab)

v15.13.13

Compare Source

Bug Fixes
  • package: update figures to version 3.0.0 (f4cf7c8)

v15.13.12

Compare Source

Bug Fixes
  • package: update resolve-from to version 5.0.0 (6f3c21a)

v15.13.11

Compare Source

Bug Fixes
  • package: update aggregate-error to version 3.0.0 (06fe435)

v15.13.10

Compare Source

Bug Fixes
  • package: update semver to version 6.0.0 (d61e3bc)

v15.13.9

Compare Source

Bug Fixes
  • package: update hook-std to version 2.0.0 (db3fc3e)

v15.13.8

Compare Source

Bug Fixes
  • package: update read-pkg-up to version 5.0.0 (a90a103)

v15.13.7

Compare Source

Bug Fixes
  • package: update p-reduce to version 2.0.0 (30723c5)

v15.13.6

Compare Source

Bug Fixes
  • package: update get-stream to version 5.0.0 (0a584de)

v15.13.5

Compare Source

Bug Fixes
  • package: update p-locate to version 4.0.0 (a5babc6)

v15.13.4

Compare Source

Bug Fixes
  • package: update yargs to version 13.1.0 (aed4ea2)

v15.13.3

Compare Source

Bug Fixes
  • package: update marked to version 0.6.0 (b7aeaba)

v15.13.2

Compare Source

Bug Fixes
  • package: update aggregate-error to version 2.0.0 (1aefd98)

v15.13.1

Compare Source

Bug Fixes
  • correctly handle skipped releases (1243f79)

v15.13.0

Compare Source

Features
  • allow publish plugins to return false in order to signify no release was done (70c68ef)

v15.12.5

Compare Source

Bug Fixes
  • allow to set ci option via API and config file (862ec4c)

v15.12.4

Compare Source

Bug Fixes
  • remove unnecessary branch parameter from push function (ffe1062)

v15.12.3

Compare Source

Bug Fixes

v15.12.2

Compare Source

Bug Fixes
  • correctly resolve plugins installed globally with npx (eafbb34)

v15.12.1

Compare Source

Bug Fixes
  • push only tags to remote repo (2b082ac)

v15.12.0

Compare Source

Bug Fixes
  • do not underline log messages (c86518a)
  • indicate in logs if running in dry-run mode (e92c84e)
Features
  • add logs about prepare, publish, success and fail plugins skipped in dry-run mode (90da6a0)

v15.11.0

Compare Source

Bug Fixes
Features
  • support multiple plugins for the analyzeCommits step (5180001)

v15.10.8

Compare Source

Bug Fixes
  • package: update find-versions to version 3.0.0 (669c9ed)

v15.10.7

Compare Source

Bug Fixes
  • add debug logs for config file path (3c8177a)
  • add debug logs for plugins resolved options (6d0bd8c)

v15.10.6

Compare Source

Bug Fixes
  • remove dependency to git-url-parse (a99355e)

v15.10.5

Compare Source

Bug Fixes
  • include release notes in JS API result for dry mode (3411520)

v15.10.4

Compare Source

Bug Fixes
  • remove debugging console.error (3d5db1f)

v15.10.3

Compare Source

Bug Fixes
  • do not log outated branch error for missing permission cases (0578c8b)

v15.10.2

Compare Source

Bug Fixes
  • fix logs for plugins loaded with plugins option (58c25be)

v15.10.1

Compare Source

Bug Fixes
  • use module name in logs for plugins loaded with plugins option (ff275a5)

v15.10.0

Compare Source

Features

v15.9.17

Compare Source

Bug Fixes
  • add cwd to ENOGITREPO error message (9930dac)
  • typo in EPLUGINCONF error message (bc8551c)

v15.9.16

Compare Source

Bug Fixes
  • package: update env-ci to version 3.0.0 (b9ae7d2)

v15.9.15

Compare Source

Bug Fixes
  • package: update debug to version 4.0.0 (7b8cd99)

v15.9.14

Compare Source

Bug Fixes
  • pass custom env and cwd to env-ci (540d4fa)

v15.9.13

Compare Source

Bug Fixes
  • support multiple generate-notes plugin in CLI arg (4f75cb3)

v15.9.12

Compare Source

Bug Fixes
  • hide sensitive data in relesae notes and fail/success plugin params (dffe148)

v15.9.11

Compare Source

Bug Fixes
  • package: update execa to version 1.0.0 (1aed97e)

v15.9.10

Compare Source

Bug Fixes
  • package: update execa to version 0.11.0 (edd8bc2)

v15.9.9

Compare Source

Bug Fixes
  • package: update marked to version 0.5.0 (2f4befe)

v15.9.8

Compare Source

Bug Fixes
  • package: update get-stream to version 4.0.0 (e882096)

v15.9.7

Compare Source

Reverts
  • "fix: do not convert ssh repositoryUrl to https" (93377eb)

v15.9.6

Compare Source

Bug Fixes
  • do not convert ssh repositoryUrl to https (b895231)

v15.9.5

Compare Source

Bug Fixes
  • do not clone stdout/stderr passed to pugins (63d422e)

v15.9.4

Compare Source

Bug Fixes

v15.9.3

Compare Source

Bug Fixes
  • do not hide env variable value if shorter than 5 (b082a2e)

v15.9.2

Compare Source

Bug Fixes
  • also hide sensitive info when loggin from cli.js (43d0646)

v15.9.1

Compare Source

Bug Fixes
  • clarify EPLUGINCONF error message (d8c84a0)

v15.9.0

Compare Source

Features
  • log with signale and allow to customize stdin and stdout (0626d57)
  • return lastRelease, commits, nextRelease, releases from JS API (417779e)

v15.8.1

Compare Source

Bug Fixes
  • do not override env variable with default if defined (3fb3fa8)

v15.8.0

Compare Source

Features
  • pass cwd and env context to plugins (a94e08d)

v15.7.2

Compare Source

Bug Fixes
  • package: update git-url-parse to version 10.0.1 (d3c7232)

v15.7.1

Compare Source

Bug Fixes
  • set default path to generateNotes object config (d8e59cc)

v15.7.0

Compare Source

Bug Fixes
  • do not set path to plugin config defined as a Function or an Array (f93eeb7)
Features
  • allow to define multiple generateNotes plugins (5989989)

v15.6.6

Compare Source

Bug Fixes
  • use unauthenticated URL to check if branch is up to date (071dcce)

v15.6.5

Compare Source

Bug Fixes
  • allow empty release notes in dry-run mode (5847514)

v15.6.4

Compare Source

Bug Fixes
  • package: update hosted-git-info to version 2.7.1 (0862480)

v15.6.3

Compare Source

Bug Fixes
  • fetch all tags even if the repo is not shallow (45eee4a)

v15.6.2

Compare Source

Bug Fixes
  • add debug log for git fetch command (4abda31)

v15.6.1

Compare Source

Bug Fixes
  • package: update yargs to version 12.0.0 (d4f68a5)

v15.6.0

Compare Source

Features
  • allow to disable the publish plugin hook (4454d57)

v15.5.5

Compare Source

Bug Fixes
  • package: update read-pkg-up to version 4.0.0 (9137f85)

v15.5.4

Compare Source

Bug Fixes
  • use git ls-remote to verify if the remote branch is ahead (2b6378f)

v15.5.3

Compare Source

Bug Fixes
  • package: update p-locate to version 3.0.0 (0ab0426)

v15.5.2

Compare Source

Bug Fixes
  • package: update hook-std to version 1.0.0 (29e7ebf)

v15.5.1

Compare Source

Bug Fixes

v15.5.0

Compare Source

Features
  • add support for git version 2.0.0 (47c73eb)
  • verify minimum required git version is installed (db1cc60)

v15.4.4

Compare Source

Bug Fixes
  • package: update marked-terminal to version 3.0.0 (cd8ff5d)

v15.4.3

Compare Source

Bug Fixes
  • package: update marked to version 0.4.0 (a387c04)

v15.4.2

Compare Source

Bug Fixes
  • add clarification in EGITNOPERMISSION error message (a72d8f5)

v15.4.1

Compare Source

Bug Fixes
  • use git rev-parse origin/${branch} to verify origin head (d7081fa)

v15.4.0

Compare Source

Features
  • set tag author and committer name/email (61d7d38)

v15.3.2

Compare Source

Bug Fixes
  • correct git merge-base error code handling (4352144)

v15.3.1

Compare Source

Bug Fixes
  • package: update cosmiconfig to version 5.0.0 (349b2e8)

v15.3.0

Compare Source

Features
  • log git error message when authentication verification fails (cd9f2bd)

v15.2.0

Compare Source

Features
  • add support for Bitbucket token in environment variables (c93775c)

v15.1.11

Compare Source

Bug Fixes
  • fix Bitbucket authenticated URL (e88ac63)

v15.1.10

Compare Source

Bug Fixes
  • verify the local branch is up to date with the remote one (d15905c)

v15.1.9

Compare Source

Bug Fixes
  • unshallow repository with credentials (45d7e6f)

[`


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate
Copy link
Author

renovate bot commented Mar 24, 2023

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@renovate renovate bot changed the title chore(deps): update dependency semantic-release to v17 [security] chore(deps): update dependency semantic-release to v17 [security] - abandoned Nov 7, 2023
Copy link
Author

renovate bot commented Nov 7, 2023

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant