Closed snyk-bot closed 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 5.3
SNYK-JS-SEMANTICRELEASE-2866292
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: semantic-release
The new version differs by 73 commits.- 58a226f fix(log-repo): use the original form of the repo url to remove the need to mask credentials (#2459)
- 17d60d3 build(deps): bump npm from 8.3.1 to 8.12.0 (#2447)
- ab45ab1 chore(lint): disabled rules that dont apply to this project (#2408)
- ea389c3 chore(deps): update dependency yargs-parser to 13.1.2 [security] (#2402)
- fa994db build(deps): bump node-fetch from 2.6.1 to 2.6.7 (#2399)
- b79116b build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
- 6fd7e56 build(deps): bump minimist from 1.2.5 to 1.2.6
- 2b94bb4 docs: update broken link to CI config recipes (#2378)
- b4bc191 docs: Correct circleci workflow (#2365)
- 2c30e26 Merge pull request #2333 from semantic-release/next
- 0eca144 fix(npm-plugin): upgraded to the stable version
- 8097afb fix(npm-plugin): upgraded to the latest beta version
- 95af1e4 Merge pull request #2332 from semantic-release/beta
- f634b8c fix(npm-plugin): upgraded to the beta, which upgrades npm to v8
- d9e5bc0 fix: upgrade `marked` to resolve ReDos vulnerability (#2330)
- dd7d664 docs: fix a broken link (#2318)
- cd6136d docs: wrong prerelease example (#2307)
- e62c83d docs: remove repeated 'with' word (#2289)
- 5d78fa4 docs(breaking-change): highlighted the need for `BREAKING CHANGE: ` to be in the commit footer (#2283)
- b64855f docs(badge): mentioned referencing the commit convention (#2269)
- 09bcf7a docs: update badges to include preset names (#2266)
- 8e96b23 docs(issue-templates): fixed links to templates for opening issues (#2264)
- 5535268 docs: fix typo (#2262)
- 7f971f3 fix: bump @ semantic-release/commit-analyzer to 9.0.2 (#2258)
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.