This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **768/1000** **Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: semantic-release
The new version differs by 113 commits.
ac40804 fix(deps): update dependency @ semantic-release/release-notes-generator to v11 (#2778)
e046ece ci(signatures): moved the audit step to the non-matrix stage
ef998ac ci(dependencies): audited signatures and provenance attestations of installed packages
278d8e6 docs(gh-actions): captured details about publishing with provenance from an actions workflow
ddf4065 chore(deps): update dependency sinon to v15.0.4 (#2769)
4bddb37 fix(deps): update dependency env-ci to v9 (#2757)
aa90774 chore(deps): update dependency testdouble to v3.17.2 (#2751)
d7e14f6 docs(artifactory): removed details about using artifactory with legacy auth
05596bc chore(deps): update dependency prettier to ^2.8.4 (#2746)
c6e84ef chore(deps): update dependency sinon to v15.0.3 (#2748)
0cbe804 chore(deps): update dependency fs-extra to ^11.1.0 (#2745)
ea32d10 chore(deps): update dependency testdouble to v3.17.1 (#2740)
deb1b7f Merge pull request #2741 from semantic-release/beta
2d7f607 chore(lint): ran prettier against the release workflow file
91eae11 ci(release): enabled provenance for publishing to npm
050412e Merge branch 'master' of github.com:semantic-release/semantic-release into beta
d647433 fix(deps): updated to the latest version of the npm plugin
f1d6e65 chore(deps): update dependency dockerode to v3.3.5
c38b53a fix(deps): update dependency execa to v7.1.1
fbede54 fix(deps): update dependency cosmiconfig to v8.1.2
6d286cd chore(deps): update dependency sinon to v15.0.2 (#2730)
bc6d8b4 chore(deps): update dependency testdouble to v3.17.0 (#2731)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
š§ [View latest project report](https://app.snyk.io/org/danielnixon/project/1be55fb1-368c-49fe-bced-cfedaae374a3?utm_source=github&utm_medium=referral&page=fix-pr)
š [Adjust project settings](https://app.snyk.io/org/danielnixon/project/1be55fb1-368c-49fe-bced-cfedaae374a3?utm_source=github&utm_medium=referral&page=fix-pr/settings)
š [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"9d6a72fe-5f07-4c37-aac1-e07b4697b371","prPublicId":"9d6a72fe-5f07-4c37-aac1-e07b4697b371","dependencies":[{"name":"semantic-release","from":"19.0.5","to":"21.0.2"}],"packageManager":"npm","projectPublicId":"1be55fb1-368c-49fe-bced-cfedaae374a3","projectUrl":"https://app.snyk.io/org/danielnixon/project/1be55fb1-368c-49fe-bced-cfedaae374a3?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SEMVER-3247795"],"upgrade":["SNYK-JS-SEMVER-3247795"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[768],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
š¦ [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **768/1000****Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: semantic-release
The new version differs by 113 commits.- ac40804 fix(deps): update dependency @ semantic-release/release-notes-generator to v11 (#2778)
- e046ece ci(signatures): moved the audit step to the non-matrix stage
- ef998ac ci(dependencies): audited signatures and provenance attestations of installed packages
- 278d8e6 docs(gh-actions): captured details about publishing with provenance from an actions workflow
- ddf4065 chore(deps): update dependency sinon to v15.0.4 (#2769)
- 4bddb37 fix(deps): update dependency env-ci to v9 (#2757)
- aa90774 chore(deps): update dependency testdouble to v3.17.2 (#2751)
- d7e14f6 docs(artifactory): removed details about using artifactory with legacy auth
- 4a943a5 chore(deps): pin dependencies (#2744)
- f47a510 chore(deps): lock file maintenance (#2737)
- 05596bc chore(deps): update dependency prettier to ^2.8.4 (#2746)
- c6e84ef chore(deps): update dependency sinon to v15.0.3 (#2748)
- 0cbe804 chore(deps): update dependency fs-extra to ^11.1.0 (#2745)
- ea32d10 chore(deps): update dependency testdouble to v3.17.1 (#2740)
- deb1b7f Merge pull request #2741 from semantic-release/beta
- 2d7f607 chore(lint): ran prettier against the release workflow file
- 91eae11 ci(release): enabled provenance for publishing to npm
- 050412e Merge branch 'master' of github.com:semantic-release/semantic-release into beta
- d647433 fix(deps): updated to the latest version of the npm plugin
- f1d6e65 chore(deps): update dependency dockerode to v3.3.5
- c38b53a fix(deps): update dependency execa to v7.1.1
- fbede54 fix(deps): update dependency cosmiconfig to v8.1.2
- 6d286cd chore(deps): update dependency sinon to v15.0.2 (#2730)
- bc6d8b4 chore(deps): update dependency testdouble to v3.17.0 (#2731)
See the full diff