mike-north / ember-phoenix

Phoenix Framework integration and tooling for Ember.js apps
MIT License
138 stars 24 forks source link

chore(deps): update dependency semantic-release to v17 [security] - abandoned #317

Open renovate[bot] opened 3 years ago

renovate[bot] commented 3 years ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
semantic-release 15.14.0 -> 17.2.3 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-26226

Impact

Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL.

Patches

Fixed in v17.2.3

Workarounds

Secrets that do not contain characters that become encoded when included in a URL are already masked properly.


Release Notes

semantic-release/semantic-release ### [`v17.2.3`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.2.3) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.2.2...v17.2.3) ##### Bug Fixes - mask secrets when characters get uri encoded ([ca90b34](https://togithub.com/semantic-release/semantic-release/commit/ca90b34c4a9333438cc4d69faeb43362bb991e5a)) ### [`v17.2.2`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.2.2) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.2.1...v17.2.2) ##### Bug Fixes - don't parse port as part of the path in repository URLs ([#​1671](https://togithub.com/semantic-release/semantic-release/issues/1671)) ([77a75f0](https://togithub.com/semantic-release/semantic-release/commit/77a75f072bc257b27904408dbea5ae5ccae2b6ab)) - use valid git credentials when multiple are provided ([#​1669](https://togithub.com/semantic-release/semantic-release/issues/1669)) ([2bf3771](https://togithub.com/semantic-release/semantic-release/commit/2bf377194efc6b4f13b6bc6cd9272b935f64793e)) ### [`v17.2.1`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.2.1) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.2.0...v17.2.1) ##### Reverts - Revert "feat: throw an Error if package.json has duplicate "repository" key ([#​1656](https://togithub.com/semantic-release/semantic-release/issues/1656))" ([3abcbaf](https://togithub.com/semantic-release/semantic-release/commit/3abcbaf2561a208180a1f8eddc1d8a5c1006fe48)), closes [#​1656](https://togithub.com/semantic-release/semantic-release/issues/1656) [#​1657](https://togithub.com/semantic-release/semantic-release/issues/1657) ### [`v17.2.0`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.2.0) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.1.2...v17.2.0) ##### Features - throw an Error if package.json has duplicate "repository" key ([#​1656](https://togithub.com/semantic-release/semantic-release/issues/1656)) ([b8fb35c](https://togithub.com/semantic-release/semantic-release/commit/b8fb35c7e15d314c15182f779ef30b42b6c4e7ea)) ### [`v17.1.2`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.1.2) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.1.1...v17.1.2) ##### Bug Fixes - add logging for when ssh falls back to http ([#​1639](https://togithub.com/semantic-release/semantic-release/issues/1639)) ([b4c5d0a](https://togithub.com/semantic-release/semantic-release/commit/b4c5d0a436fa5a4e98d8326f0512fa8a2f1f4f67)) ### [`v17.1.1`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.1.1) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.1.0...v17.1.1) ##### Bug Fixes - use correct ci branch context ([#​1521](https://togithub.com/semantic-release/semantic-release/issues/1521)) ([0f0c650](https://togithub.com/semantic-release/semantic-release/commit/0f0c650b41764d1a3deb33631147c7ca0e39fe59)) ### [`v17.1.0`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.1.0) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.8...v17.1.0) ##### Features - **bitbucket-basic-auth:** support for bitbucket server basic auth ([#​1578](https://togithub.com/semantic-release/semantic-release/issues/1578)) ([a465801](https://togithub.com/semantic-release/semantic-release/commit/a4658016d957a9a240051e51d77388f1345bd6ec)) ### [`v17.0.8`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.8) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.7...v17.0.8) ##### Bug Fixes - prevent false positive secret replacement for Golang projects ([#​1562](https://togithub.com/semantic-release/semantic-release/issues/1562)) ([eed1d3c](https://togithub.com/semantic-release/semantic-release/commit/eed1d3c8cbab0ef05df39866c90ff74dff77dfa4)) ### [`v17.0.7`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.7) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.6...v17.0.7) ##### Bug Fixes - **package:** update marked to version 1.0.0 ([#​1534](https://togithub.com/semantic-release/semantic-release/issues/1534)) ([d64db31](https://togithub.com/semantic-release/semantic-release/commit/d64db31e7670c394554246b9d686997c3e2c046b)) ### [`v17.0.6`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.6) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.5...v17.0.6) ##### Bug Fixes - adapt for semver to version 7.3.2 (part II) ([#​1530](https://togithub.com/semantic-release/semantic-release/issues/1530)) ([431d571](https://togithub.com/semantic-release/semantic-release/commit/431d571a7b7284b2029a55da68a44c65d7c16451)) ### [`v17.0.5`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.5) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.4...v17.0.5) ##### Bug Fixes - adapt for semver to version 7.3.2 ([0363790](https://togithub.com/semantic-release/semantic-release/commit/0363790b8a5f91a8c95fc6905e3e20305db7c539)) ### [`v17.0.4`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.4) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.3...v17.0.4) ##### Bug Fixes - add `repositoryUrl` in logs ([55be0ba](https://togithub.com/semantic-release/semantic-release/commit/55be0ba2b1d8a5f7d817f0d4567be04170580028)) ### [`v17.0.3`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.3) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.2...v17.0.3) ##### Bug Fixes - pass a branch name to `getGitAuthUrl` ([e7bede1](https://togithub.com/semantic-release/semantic-release/commit/e7bede186649abb4dd19ed0e8c28c218523b8b19)) ### [`v17.0.2`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.2) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.1...v17.0.2) ##### Bug Fixes - **package:** update marked-terminal to version 4.0.0 ([8ce2d6e](https://togithub.com/semantic-release/semantic-release/commit/8ce2d6e834035980c3261f3b2a568279e601423c)) ### [`v17.0.1`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.1) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.0...v17.0.1) ##### Bug Fixes - **package:** update [@​semantic-release/commit-analyzer](https://togithub.com/semantic-release/commit-analyzer) to version 8.0.0 ([45695b9](https://togithub.com/semantic-release/semantic-release/commit/45695b9183fa488f64e49e291b01c13b7f3319fb)) - **package:** update [@​semantic-release/github](https://togithub.com/semantic-release/github) to version 7.0.0 ([c48bd3a](https://togithub.com/semantic-release/semantic-release/commit/c48bd3ac36561f137a7b7766c0308dd4e72cfad7)) - **package:** update [@​semantic-release/npm](https://togithub.com/semantic-release/npm) to version 7.0.0 ([f2b5826](https://togithub.com/semantic-release/semantic-release/commit/f2b5826c0c57e32910f9257f932f51066a7f9421)) - **package:** update [@​semantic-release/release-notes-generator](https://togithub.com/semantic-release/release-notes-generator) to version 9.0.0 ([3c7b114](https://togithub.com/semantic-release/semantic-release/commit/3c7b114eed8fc8b4d31e22c2dc69b7e8e6dca3cf)) ### [`v17.0.0`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.0) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v16.0.4...v17.0.0) ##### BREAKING CHANGES - Require Node.js >= 10.18 ### [`v16.0.4`](https://togithub.com/semantic-release/semantic-release/releases/tag/v16.0.4) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v16.0.3...v16.0.4) ##### Bug Fixes - correct error when remote repository has no branches ([c6b1076](https://togithub.com/semantic-release/semantic-release/commit/c6b10766a7c39b59164ffd14f5f5a503fa914f36)) ### [`v16.0.3`](https://togithub.com/semantic-release/semantic-release/releases/tag/v16.0.3) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v16.0.2...v16.0.3) ##### Bug Fixes - use `--no-verify` when testing the Git permissions ([b54b20d](https://togithub.com/semantic-release/semantic-release/commit/b54b20d4122bd4419cfbc35da1a475c1dd65721b)) ### [`v16.0.2`](https://togithub.com/semantic-release/semantic-release/releases/tag/v16.0.2) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v16.0.1...v16.0.2) ##### Bug Fixes - fetch tags on repo cached by the CI ([6b5b02e](https://togithub.com/semantic-release/semantic-release/commit/6b5b02ea755b74e1c2ea9a2dfff6576f5f15e870)) ### [`v16.0.1`](https://togithub.com/semantic-release/semantic-release/releases/tag/v16.0.1) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v16.0.0...v16.0.1) ##### Bug Fixes - **package:** update env-ci to version 5.0.0 ([3739ab5](https://togithub.com/semantic-release/semantic-release/commit/3739ab5f34454321aad2bf36f3a5ec03da004d33)) ### [`v16.0.0`](https://togithub.com/semantic-release/semantic-release/releases/tag/v16.0.0) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v15.14.0...v16.0.0) ##### BREAKING CHANGES - ⚠️ For `v16.0.0@​beta` users only: In v16, a JSON object stored in a [Git note](https://git-scm.com/docs/git-notes) is used to keep track of the channels on which a version has been released, the `@{channel}` suffix is no longer necessary. The tags formatted as v{version}@​{channel} will now be ignored. If you have releases using this format you will have to upgrade them: - Find all the versions that have been released on a branch other than the default one by searching for all tags formatted as `v{version}@​{channel}` - For each of those version: - Create a tag without the {[@​channel](https://togithub.com/channel)} if none doesn't already exists - Add a Git note to the tag without the {[@​channel](https://togithub.com/channel)} containing the channels on which the version was released formatted as `{"channels":["channel1","channel2"]}` and using `null` for the default channel (for example.`{"channels":[null,"channel1","channel2"]}`) - Push the tags and notes - Update the GitHub releases that refer to a tag formatted as v{version}@​{channel} to use the tag without it - Delete the tags formatted as v{version}@​{channel} - Require Node.js >= 10.13 - Git CLI version 2.7.1 or higher is now required: The `--merge` option of the `git tag` command has been added in Git version 2.7.1 and is now used by semantic-release - Regexp are not supported anymore for property matching in the `releaseRules` option. Regex are replaced by [globs](https://togithub.com/micromatch/micromatch#matching-features). For example `/core-.*/` should be changed to `'core-*'`. - The `branch` option has been removed in favor of `branches` - The new `branches` option expect either an Array or a single branch definition. To migrate your configuration: - If you want to publish package from multiple branches, please see the configuration documentation - If you use the default configuration and want to publish only from `master`: nothing to change - If you use the `branch` configuration and want to publish only from one branch: replace `branch` with `branches` (`"branch": "my-release-branch"` => `"branches": "my-release-branch"`) ##### Features - allow `addChannel` plugins to return `false` in order to signify no release was done ([e1c7269](https://togithub.com/semantic-release/semantic-release/commit/e1c7269cb3af0d84c28fd3c4a5ce61ae4b625924)) - allow `publish` plugins to return `false` in order to signify no release was done ([47484f5](https://togithub.com/semantic-release/semantic-release/commit/47484f5eb2fa330cbbbb03bffadba524ad642081)) - allow to release any version on a branch if up to date with next branch ([916c268](https://togithub.com/semantic-release/semantic-release/commit/916c2685c57f3490fb1e50afbf72ea8dce11e188)) - support multiple branches and distribution channels ([7b40524](https://togithub.com/semantic-release/semantic-release/commit/7b4052470b23261c9e679a17bff034da311fd894)) - use Git notes to store the channels on which a version has been released ([b2c1b2c](https://togithub.com/semantic-release/semantic-release/commit/b2c1b2c670f8f2dd4da71721ffb329c26e8d2cd7)) - **package:** update [@​semantic-release/commit-analyzer](https://togithub.com/semantic-release/commit-analyzer) to version 7.0.0 ([e63e753](https://togithub.com/semantic-release/semantic-release/commit/e63e753cf09b2c3b51db00097bceade0893d3eaf)) ##### Performance Improvements - use `git tag --merge ` to filter tags present in a branch history ([cffe9a8](https://togithub.com/semantic-release/semantic-release/commit/cffe9a8d338f1d4be899fef4495504eda8a4031e)) ##### Bug Fixes - add `channel` to publish success log ([5744c5e](https://togithub.com/semantic-release/semantic-release/commit/5744c5ecd2025d2bda7983f6e225ade1dff0f00c)) - add a flag indicate which branch is the main one ([2caafba](https://togithub.com/semantic-release/semantic-release/commit/2caafbaa2be54330b5b3e6dd71dda0270b566663)) - Add helpful detail to `ERELEASEBRANCHES` error message ([#​1188](https://togithub.com/semantic-release/semantic-release/issues/1188)) ([37bcc9e](https://togithub.com/semantic-release/semantic-release/commit/37bcc9e51536bccdfe47c6cbf911234a65b32787)) - allow multiple branches with same channel ([63f51ae](https://togithub.com/semantic-release/semantic-release/commit/63f51ae6ddfa824fa217ca196c4dd44915b80f2b)) - allow to set `ci` option via API and config file ([2faff26](https://togithub.com/semantic-release/semantic-release/commit/2faff2637f49e3caf6e08c5b0de5e53f99e29ac7)) - call `getTagHead` only when necessary ([de77a79](https://togithub.com/semantic-release/semantic-release/commit/de77a799a82cfe30aedc21dded61e39db2784a48)) - call `success` plugin only once for releases added to a channel ([9a023b4](https://togithub.com/semantic-release/semantic-release/commit/9a023b40883d5eb825a36c540c57f71713a670c0)) - correct log when adding channel to tag ([61665be](https://togithub.com/semantic-release/semantic-release/commit/61665be9ec7487c303509f19097f588d993ec155)) - correctly determine next pre-release version ([0457a07](https://togithub.com/semantic-release/semantic-release/commit/0457a074e7694ec95e4e8a24a27f15658a339489)) - correctly determine release to add to a channel ([aec96c7](https://togithub.com/semantic-release/semantic-release/commit/aec96c791f7413dace1bfdca08f7a5cd58cb0f5e)) - correctly handle skipped releases ([89663d3](https://togithub.com/semantic-release/semantic-release/commit/89663d3fcfed34923289b12d4b2b5c509f4db321)) - display erroring git commands properly ([1edae67](https://togithub.com/semantic-release/semantic-release/commit/1edae67326ecbb99d8b4be7e17a8ce4e14f439df)) - do not call `addChannel`for 2 merged branches configured with the same channel ([4aad9cd](https://togithub.com/semantic-release/semantic-release/commit/4aad9cd49031a849216e71a1ce358ad0668e4d54)) - do not create tags in dry-run mode for released to add to a channel ([97748c5](https://togithub.com/semantic-release/semantic-release/commit/97748c5e257b158b61e7eab1ae737180d0238301)) - fetch all release branches on CI ([b729183](https://togithub.com/semantic-release/semantic-release/commit/b729183b4af2818c713634746628f68d06e3a8bc)) - fix branch type regexp to handle version with multiple digits ([52ca0b3](https://togithub.com/semantic-release/semantic-release/commit/52ca0b391ccd7e31df0f2d7a125efd38e1b71b79)) - fix maintenance branch regex ([a022996](https://togithub.com/semantic-release/semantic-release/commit/a0229962ceac2c9eb05499373c153c7b3dced382)) - fix range regexp to handle version with multiple digits ([9a04e64](https://togithub.com/semantic-release/semantic-release/commit/9a04e64fab3ac8d7c6ea203ff29acb6d73e25246)) - handle branch properties set to `false` ([751a5f1](https://togithub.com/semantic-release/semantic-release/commit/751a5f1349c6bf415f6eaae4631118f163e45b77)) - harmonize parameters passed to `getError` ([f96c660](https://togithub.com/semantic-release/semantic-release/commit/f96c660c1b22fec29d87965838ef1493b87de114)) - ignore lasst release only if pre-release on the same channel as current branch ([990e85f](https://togithub.com/semantic-release/semantic-release/commit/990e85f069d35d87b78292119f37e27b6031b56c)) - increase next version on prerelease branch based on highest commit type ([9ecc7a3](https://togithub.com/semantic-release/semantic-release/commit/9ecc7a369cc75e7745f8748593df856b85bdb0ea)) - look also for previous prerelease versions to determine the next one ([9772563](https://togithub.com/semantic-release/semantic-release/commit/9772563a22c4fd313eb8bbcdde948503ad1d3703)) - modify fetch function to handle CircleCI specifics ([cbef9d1](https://togithub.com/semantic-release/semantic-release/commit/cbef9d18da0f5dcaf22e6c7d8737442f954a9481)) - on maintenance branch add to channel only version >= to start range ([c22ae17](https://togithub.com/semantic-release/semantic-release/commit/c22ae17a9b10534ef87b66ae08a5c0c6d95e1269)) - remove confusing logs when searching for releases to add to a channel ([162b4b9](https://togithub.com/semantic-release/semantic-release/commit/162b4b9e3bea940c63014d045e80b8fc21227ac1)) - remove hack to workaround GitHub Rebase & Merge ([844e0b0](https://togithub.com/semantic-release/semantic-release/commit/844e0b07e04754c8185d9d88523c8afc236de02a)) - remove unnecessary `await` ([9a1af4d](https://togithub.com/semantic-release/semantic-release/commit/9a1af4de44c4548137bf438df8f4ca10a07af63e)) - simplify `get-tags` algorithm ([00420a8](https://togithub.com/semantic-release/semantic-release/commit/00420a83c0283e7b02a5385d78d0ec984120a852)) - throws error if the commit associated with a tag cannot be found ([1317348](https://togithub.com/semantic-release/semantic-release/commit/131734873e904176044767ad929b5f53579556f6)) - update plugin versions ([0785a84](https://togithub.com/semantic-release/semantic-release/commit/0785a844fa8ac1320383452ce531898be3b01f92)) - update plugins dependencies ([9890584](https://togithub.com/semantic-release/semantic-release/commit/989058400785e0a1eefd70158f677de3be5a578d)) - verify is branch is up to date by comparing remote and local HEAD ([a8747c4](https://togithub.com/semantic-release/semantic-release/commit/a8747c4f86a1947250aa86ab1869fb4bde10bb71)) - remove unnecessary `branch` parameter from `push` function ([968b996](https://togithub.com/semantic-release/semantic-release/commit/968b9968a1a4dba8c638be071d0af59205257279)) - revert to the correct refspec in fetch function ([9948a74](https://togithub.com/semantic-release/semantic-release/commit/9948a74347704b9a0bdd601ffc0ab08aaa4ae97a)) - update plugins dependencies ([73f0c77](https://togithub.com/semantic-release/semantic-release/commit/73f0c775daf1167a0577425bb06149b4c7e3819f)) - **repositoryUrl:** on beta repositoryUrl needs auth for pre-release flows ([#​1186](https://togithub.com/semantic-release/semantic-release/issues/1186)) ([3610422](https://togithub.com/semantic-release/semantic-release/commit/36104229593c167e9086bc5fd8a533117ee3b579))

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 1 year ago

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

renovate[bot] commented 1 year ago

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.