depfu[bot]
commented
3 years ago Closing because this update has already been applied
Closed depfu[bot] closed 3 years ago
depfu[bot]
commented
3 years ago Closing because this update has already been applied
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ semantic-release (17.0.7 → 17.2.3) · Repo
Security Advisories 🚨
🚨 Secret disclosure when containing characters that become URI encoded
Release Notes
17.2.3
17.2.2
17.2.1
17.2.0
17.1.2
17.1.1
17.1.0
17.0.8
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 30 commits:
style: removed line breaks to align with xo rule (#1689)fix: mask secrets when characters get uri encodeddocs(plugins): add listing for new plugin (#1686)fix: use valid git credentials when multiple are provided (#1669)fix: don't parse port as part of the path in repository URLs (#1671)docs: add npm-deprecate-old-versions in plugins list (#1667)Revert "feat: throw an Error if package.json has duplicate "repository" key (#1656)"feat: throw an Error if package.json has duplicate "repository" key (#1656)docs: reorder default plugins list (#1650)docs(contributing): fix commit message examples (#1648)docs(README): welcome @travi, add alumni sectionfix: add logging for when ssh falls back to http (#1639)docs(contributing): typo fix (#1638)docs: improve github actions recipe on git plugin (#1626)ci(docs): use actions/checkout@v2 (#1620)docs(resources.md): added more sematnic release article (#1610)docs(configuration.md): Updated documentation for dry-run feature of semantic Release (#1607)docs(github-actions): suggest action_dispatch as trigger (#1605)docs: add `semantic-release-rubygem` to community plugins (#1602)docs: be clear about what module of semantic-release handles updating the package.json (#1601)docs: update github documentation to `docs.github.com`docs: added recipe for Jenkins CI configuration (#1) (#1591)fix: use correct ci branch context (#1521)feat(bitbucket-basic-auth): support for bitbucket server basic auth (#1578)build(gitattributes): eol=lf for Windows users (#1575)fix: prevent false positive secret replacement for Golang projects (#1562)docs: Recommend using npx instead of installing globally (#1563)docs: adjust minor typos (#1554)docs(GitHub Actions): Add alternative trigger options (#1471)docs: update recipe for gitlab-ci with Node.js >=10.18Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands