Open renovate[bot] opened 3 months ago
socket-security[bot]
commented
3 months ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/semantic-release@24.1.0 | environment, network Transitive: eval, filesystem, shell, unsafe | +274 |
36.5 MB | semantic-release-bot |
🚮 Removed packages: npm/semantic-release@22.0.12)
socket-security[bot]
commented
3 days ago 🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎
To accept the risk, merge this PR and you will not be notified again.
| Alert | Package | Note | Source | CI |
|---|---|---|---|---|
| Obfuscated code | npm/npm@10.8.3 |
| ⚠︎ |
Obfuscated files are intentionally packed to hide their behavior. This could be a sign of malware.
Packages should not obfuscate their code. Consider not using packages with obfuscated code
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore npm/npm@10.8.3
This PR contains the following updates:
22.0.12->24.1.0Release Notes
semantic-release/semantic-release (semantic-release)
### [`v24.1.0`](https://togithub.com/semantic-release/semantic-release/compare/v24.0.0...bcc663ccf02165bae93e278cf230919e53a97ee7) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v24.0.0...v24.1.0) ### [`v24.0.0`](https://togithub.com/semantic-release/semantic-release/releases/tag/v24.0.0) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v23.1.1...v24.0.0) ##### Bug Fixes - **deps:** upgraded to the beta of the commit-analyzer plugin ([dfc3d91](https://togithub.com/semantic-release/semantic-release/commit/dfc3d9110ece8f4a1b72e209e3efce4c67a4902f)) - **deps:** upgraded to the beta of the release-notes-generator plugin ([4a4cd92](https://togithub.com/semantic-release/semantic-release/commit/4a4cd92097e73dc1defc514347c673d84e1b6a9e)) ##### BREAKING CHANGES - **deps:** the commit-analyzer plugin now expects to be used with the latest major versions of conventional-changelog packages. if you are installing any of these packages in addition to semantic-release, be sure to update them as well - **deps:** the release-notes-generator plugin now expects to be used with the latest major versions of conventional-changelog packages. if you are installing any of these packages in addition to semantic-release, be sure to update them as well ### [`v23.1.1`](https://togithub.com/semantic-release/semantic-release/compare/v23.1.0...73bcd0bcdb98322c5c5224ffb55960de114c3fd1) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v23.1.0...v23.1.1) ### [`v23.1.0`](https://togithub.com/semantic-release/semantic-release/compare/v23.0.8...3a18bf8677657ab7a88f9d57f49e12b7726c4a19) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v23.0.8...v23.1.0) ### [`v23.0.8`](https://togithub.com/semantic-release/semantic-release/releases/tag/v23.0.8) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v23.0.7...v23.0.8) ##### Bug Fixes - **deps:** rename read-pkg-up -> read-package-up ([4980cba](https://togithub.com/semantic-release/semantic-release/commit/4980cba57169048ae1cd6ba869170da980b30fe3)) - **deps:** rename read-pkg-up -> read-package-up ([#3249](https://togithub.com/semantic-release/semantic-release/issues/3249)) ([95a8b9e](https://togithub.com/semantic-release/semantic-release/commit/95a8b9e0988f2d8eb157251e98e4660e359137c1)) ### [`v23.0.7`](https://togithub.com/semantic-release/semantic-release/compare/v23.0.6...v23.0.7) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v23.0.6...v23.0.7) ### [`v23.0.6`](https://togithub.com/semantic-release/semantic-release/releases/tag/v23.0.6) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v23.0.5...v23.0.6) ##### Bug Fixes - **deps:** update dependency [@semantic-release/release-notes-generator](https://togithub.com/semantic-release/release-notes-generator) to v13 ([#3237](https://togithub.com/semantic-release/semantic-release/issues/3237)) ([b7e08fc](https://togithub.com/semantic-release/semantic-release/commit/b7e08fc6068154713487dbf6817c8fc356319d6f)) ### [`v23.0.5`](https://togithub.com/semantic-release/semantic-release/compare/v23.0.4...29458a0ebb14bc7691d69cf78a08a847c88789bb) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v23.0.4...v23.0.5) ### [`v23.0.4`](https://togithub.com/semantic-release/semantic-release/compare/v23.0.3...7a50c8a1a9a14d25fb54b1ea087914fb836b04be) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v23.0.3...v23.0.4) ### [`v23.0.3`](https://togithub.com/semantic-release/semantic-release/compare/v23.0.2...96d5aeb4b657429ff8f272aaf38e1775079e7c24) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v23.0.2...v23.0.3) ### [`v23.0.2`](https://togithub.com/semantic-release/semantic-release/releases/tag/v23.0.2) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v23.0.1...v23.0.2) ##### Bug Fixes - **deps:** update dependency marked to v12 ([#3176](https://togithub.com/semantic-release/semantic-release/issues/3176)) ([38105f5](https://togithub.com/semantic-release/semantic-release/commit/38105f5bc8ac280d8fb726097962bb357bfc5dac)) ### [`v23.0.1`](https://togithub.com/semantic-release/semantic-release/releases/tag/v23.0.1) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v23.0.0...v23.0.1) ##### Bug Fixes - **deps:** update dependency marked-terminal to v7 ([9faded8](https://togithub.com/semantic-release/semantic-release/commit/9faded8d50bd056374f79d0a1385dc9f140a85de)) ### [`v23.0.0`](https://togithub.com/semantic-release/semantic-release/releases/tag/v23.0.0) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v22.0.12...v23.0.0) ##### Bug Fixes - **deps:** update dependency cosmiconfig to v9 ([#3105](https://togithub.com/semantic-release/semantic-release/issues/3105)) ([07dde04](https://togithub.com/semantic-release/semantic-release/commit/07dde042bbdd4a407dbf7f7a5b8ab2d11abdb8c3)) - **deps:** update dependency marked to v11 ([#3079](https://togithub.com/semantic-release/semantic-release/issues/3079)) ([6d2a6f1](https://togithub.com/semantic-release/semantic-release/commit/6d2a6f1aa658cfdfa905f19a4c54f38ebdfc94ef)) - **deps:** upgraded to the latest version of env-ci ([0d0ed9d](https://togithub.com/semantic-release/semantic-release/commit/0d0ed9d08a26ed5e146fcba5a58d760f7a1ebd02)) - use one note reference per tag to prevent conflicts ([#2085](https://togithub.com/semantic-release/semantic-release/issues/2085)) ([020ea7d](https://togithub.com/semantic-release/semantic-release/commit/020ea7d7d5aa6c123fe4c97754b6b1b36c0a8e2c)) ##### Features - **node-versions:** dropped support for node v18 and raised the minimum for v20 ([2904832](https://togithub.com/semantic-release/semantic-release/commit/2904832967c9160d3e293ce4be7a12aef0318a95)), closes [/github.com/semantic-release/gitlab/pull/647#discussion_r1423131205](https://togithub.com//github.com/semantic-release/gitlab/pull/647/issues/discussion_r1423131205) ##### BREAKING CHANGES - **deps:** woodpecker ci users need to upgrade to v1.0.0 or higher to remain supported. see https://github.com/semantic-release/env-ci/releases/tag/v11.0.0 for more information - **node-versions:** support for node v18 has been dropped and the minimum for v20 is now v20.8.1 related to [https://github.com/semantic-release/semantic-release/discussions/3088](https://togithub.com/semantic-release/semantic-release/discussions/3088) - **deps:** if using `release.config.js` as the name of your config file, it needs to be moved to a `.config/` directory. see https://github.com/cosmiconfig/cosmiconfig/releases/tag/v9.0.0 for more detailConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.