5app-Machine
commented
3 years ago :tada: This PR is included in version 1.9.0 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
Closed renovate[bot] closed 3 years ago
5app-Machine
commented
3 years ago :tada: This PR is included in version 1.9.0 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
This PR contains the following updates:
17.1.1->17.2.3GitHub Vulnerability Alerts
CVE-2020-26226
Impact
Secrets that would normally be masked by
semantic-releasecan be accidentally disclosed if they contain characters that become encoded when included in a URL.Patches
Fixed in v17.2.3
Workarounds
Secrets that do not contain characters that become encoded when included in a URL are already masked properly.
Release Notes
semantic-release/semantic-release
### [`v17.2.3`](https://togithub.com/semantic-release/semantic-release/releases/v17.2.3) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.2.2...v17.2.3) ##### Bug Fixes - mask secrets when characters get uri encoded ([ca90b34](https://togithub.com/semantic-release/semantic-release/commit/ca90b34c4a9333438cc4d69faeb43362bb991e5a)) ### [`v17.2.2`](https://togithub.com/semantic-release/semantic-release/releases/v17.2.2) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.2.1...v17.2.2) ##### Bug Fixes - don't parse port as part of the path in repository URLs ([#1671](https://togithub.com/semantic-release/semantic-release/issues/1671)) ([77a75f0](https://togithub.com/semantic-release/semantic-release/commit/77a75f072bc257b27904408dbea5ae5ccae2b6ab)) - use valid git credentials when multiple are provided ([#1669](https://togithub.com/semantic-release/semantic-release/issues/1669)) ([2bf3771](https://togithub.com/semantic-release/semantic-release/commit/2bf377194efc6b4f13b6bc6cd9272b935f64793e)) ### [`v17.2.1`](https://togithub.com/semantic-release/semantic-release/releases/v17.2.1) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.2.0...v17.2.1) ##### Reverts - Revert "feat: throw an Error if package.json has duplicate "repository" key ([#1656](https://togithub.com/semantic-release/semantic-release/issues/1656))" ([3abcbaf](https://togithub.com/semantic-release/semantic-release/commit/3abcbaf2561a208180a1f8eddc1d8a5c1006fe48)), closes [#1656](https://togithub.com/semantic-release/semantic-release/issues/1656) [#1657](https://togithub.com/semantic-release/semantic-release/issues/1657) ### [`v17.2.0`](https://togithub.com/semantic-release/semantic-release/releases/v17.2.0) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.1.2...v17.2.0) ##### Features - throw an Error if package.json has duplicate "repository" key ([#1656](https://togithub.com/semantic-release/semantic-release/issues/1656)) ([b8fb35c](https://togithub.com/semantic-release/semantic-release/commit/b8fb35c7e15d314c15182f779ef30b42b6c4e7ea)) ### [`v17.1.2`](https://togithub.com/semantic-release/semantic-release/releases/v17.1.2) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.1.1...v17.1.2) ##### Bug Fixes - add logging for when ssh falls back to http ([#1639](https://togithub.com/semantic-release/semantic-release/issues/1639)) ([b4c5d0a](https://togithub.com/semantic-release/semantic-release/commit/b4c5d0a436fa5a4e98d8326f0512fa8a2f1f4f67))Renovate configuration
:date: Schedule: "" (UTC).
:vertical_traffic_light: Automerge: Enabled.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.