daiyam
commented
2 years ago @jimthedev @AndersDJohnson @kentcdodds Hi, could you validate this PR so a new release of the cli can be generated? Thx
Closed travi closed 1 year ago
daiyam
commented
2 years ago @jimthedev @AndersDJohnson @kentcdodds Hi, could you validate this PR so a new release of the cli can be generated? Thx
rin
commented
2 years ago @LinusU @dmwelch Can you help? Thanks!
micalevisk
commented
2 years ago this PR will close the Issue #914 as the fix is merged already but not released yet
travi
commented
2 years ago if adding me as a maintainer could help with details like this, i'd be willing to help out with basic maintenance tasks like this. i wouldnt be able to dedicate a lot of time due to other OSS project responsibilities (hopefully, my reputation on those projects helps build trust to consider me as a maintainer here), but would like to help unblock vulnerability issues like this.
kdmcguire
commented
1 year ago Adding another vote of support; @jimthedev, please consider @travi's offer! I'm sure plenty of repos (like mine) have got a Critical dependabot security alert because there hasn't been a release for commitizen despite the updates being merged in already.
jimthedev
commented
1 year ago Just got back home. Wife has covid but will take a look and see if I can help.
jimthedev
commented
1 year ago Secret added, going to merge this.
github-actions[bot]
commented
1 year ago :tada: This PR is included in version 4.2.5 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
daiyam
commented
1 year ago @jimthedev Thx
jimthedev
commented
1 year ago @daiyam thank all of you for your patience.
kdmcguire
commented
1 year ago Thank you and @travi for resolving this!
travi
commented
1 year ago thanks for the merge @jimthedev! feel free to let me know if you need more help. commitizen is super valuable in combination with semantic-release, so i'd be happy to pitch in a bit if i can help keep things going.
re-enables the release automation that was lost with the cleanup of the
.travis.ymlin https://github.com/commitizen/cz-cli/pull/880. theGITHUB_TOKENis provided automatically by the action and should have access to perform all necessary actions needed for the release. theNPM_PUBLISH_TOKENwould need to be made available as a secret to this action by a project maintainer.this does not replace the verification that happens on Azure Pipelines and only runs on the
masterbranch. it is assumed that changes are only ever merged after passing verification in a PR, so this workflow should be safe to implement independently from the existing verification pipelines.this should unblock #914 and #897 (possibly more)