Closed snyk-bot closed 5 months ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-ANSIREGEX-1583908
Why? Recently disclosed, Has a fix available, CVSS 5.3
SNYK-JS-SEMVERREGEX-2824151
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: semantic-release
The new version differs by 194 commits.- 52238cb fix(deps): Require find-versions ^4.0.0 (#1722)
- af596a9 docs: semantic-release SVG logo (#1715) thanks @ bromso
- 6c7e4be docs: add semantic-release-helm plugin (#1713)
- c177d4b docs: add semantic-release-pypi plugin (#1707)
- eb70823 docs: add semantic-release-license-plugin (#1701)
- 885d87a feat(docs): note that publish token is required (#1700)
- f8f8fbc fix: escape uri encoded symbols (#1697)
- c8d38b6 style: removed line breaks to align with xo rule (#1689)
- ca90b34 fix: mask secrets when characters get uri encoded
- 63fa143 docs(plugins): add listing for new plugin (#1686)
- 2bf3771 fix: use valid git credentials when multiple are provided (#1669)
- 77a75f0 fix: don't parse port as part of the path in repository URLs (#1671)
- d74ffef docs: add npm-deprecate-old-versions in plugins list (#1667)
- 3abcbaf Revert "feat: throw an Error if package.json has duplicate "repository" key (#1656)"
- b8fb35c feat: throw an Error if package.json has duplicate "repository" key (#1656)
- 18e35b2 docs: reorder default plugins list (#1650)
- e35e5bb docs(contributing): fix commit message examples (#1648)
- 311c465 docs(README): welcome @ travi, add alumni section
- b4c5d0a fix: add logging for when ssh falls back to http (#1639)
- c982249 docs(contributing): typo fix (#1638)
- 9635f50 docs: improve github actions recipe on git plugin (#1626)
- d036a89 ci(docs): use actions/checkout@v2 (#1620)
- 9303d1d docs(resources.md): added more sematnic release article (#1610)
- b72cdb3 docs(configuration.md): Updated documentation for dry-run feature of semantic Release (#1607)
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.