socket-security[bot]
commented
1 year ago New dependency changes detected. Learn more about Socket for GitHub ↗︎
👍 No new dependency issues detected in pull request
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all
Pull request alert summary
| Issue | Status |
|---|---|
| Install scripts | ✅ 0 issues |
| Native code | ✅ 0 issues |
| Bin script shell injection | ✅ 0 issues |
| Unresolved require | ✅ 0 issues |
| Invalid package.json | ✅ 0 issues |
| HTTP dependency | ✅ 0 issues |
| Git dependency | ✅ 0 issues |
| Potential typo squat | ✅ 0 issues |
| Known Malware | ✅ 0 issues |
| Telemetry | ✅ 0 issues |
| Protestware/Troll package | ✅ 0 issues |
📊 Modified Dependency Overview:
| ⬆️ Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
|---|---|---|---|---|
| @semantic-release/npm@10.0.3 | 9.0.2...10.0.3 | filesystem | +44/-15 |
This PR contains the following updates:
9.0.2->10.0.2Release Notes
semantic-release/npm
### [`v10.0.2`](https://togithub.com/semantic-release/npm/releases/tag/v10.0.2) [Compare Source](https://togithub.com/semantic-release/npm/compare/v10.0.1...v10.0.2) ##### Bug Fixes - **deps:** update dependency fs-extra to v11.1.1 ([#591](https://togithub.com/semantic-release/npm/issues/591)) ([31e0e27](https://togithub.com/semantic-release/npm/commit/31e0e27af0aa4a1833490f1454a160068eabe75b)) ### [`v10.0.1`](https://togithub.com/semantic-release/npm/releases/tag/v10.0.1) [Compare Source](https://togithub.com/semantic-release/npm/compare/v10.0.0...v10.0.1) ##### Bug Fixes - **deps:** update dependency execa to v7 ([#575](https://togithub.com/semantic-release/npm/issues/575)) ([4c11706](https://togithub.com/semantic-release/npm/commit/4c1170640f36c68fea9720dd118e94575c47da75)) ### [`v10.0.0`](https://togithub.com/semantic-release/npm/releases/tag/v10.0.0) [Compare Source](https://togithub.com/semantic-release/npm/compare/v9.0.2...v10.0.0) ##### Bug Fixes - **aggregate-error:** upgraded to the latest version ([7285e05](https://togithub.com/semantic-release/npm/commit/7285e05e5abd0ab637440811f653d118b046aa93)) - **deps:** upgraded npm to v9 ([2a79f80](https://togithub.com/semantic-release/npm/commit/2a79f807a822444e72262d9afd366f594b16a7dd)) - **execa:** upgraded to the latest version ([7c74660](https://togithub.com/semantic-release/npm/commit/7c7466073f7503e242e02469adf623b02ac984f7)) - **normalize-url:** upgraded to the latest version ([b55bb01](https://togithub.com/semantic-release/npm/commit/b55bb01bf6e1ab304e4005a5aba0c06a2320432d)) - remove support for legacy auth ([51ab3c8](https://togithub.com/semantic-release/npm/commit/51ab3c8b7bf6848080288a64af1b723ebf267ba6)) - **tempy:** upgraded to the latest version of tempy ([f1992a5](https://togithub.com/semantic-release/npm/commit/f1992a5f6ef0d02cc165a69b6fd264d38311a87b)) ##### Code Refactoring - **esm:** converted the package to esm ([2d8ff15](https://togithub.com/semantic-release/npm/commit/2d8ff15089d7757239999365cd8798a06eecdd52)) ##### Features - **node-versions:** dropped support for node versions below v18 ([aff3574](https://togithub.com/semantic-release/npm/commit/aff357429f2557efde08921b5a7c9833b9422d0b)) - **semantic-release-peer:** raised the minimum peer requirement to the first version that supports loading esm plugins ([22e70ad](https://togithub.com/semantic-release/npm/commit/22e70ad0998dcb6f120b1448a80cfb63659a428d)) ##### BREAKING CHANGES - **deps:** the direct dependency on npm has been upgraded to v9. details of breaking changes can be found at https://github.com/npm/cli/releases/tag/v9.0.0 - **semantic-release-peer:** the required version of semantic-release has been raised to v20.1.0 in order to support loading of ESM plugins - **aggregate-error:** due to the aggregate-error upgrade, thrown errors are no longer iterable, but instead list the errors under an `errors` property - legacy authentication using `NPM_USERNAME` and `NPM_PASSWORD` is no longer supported. Use `NPM_TOKEN` instead. - **node-versions:** node v18 is now the minimum required node version - **esm:** `@semantic-release/npm` is now a native ES Module. It has named exports for each plugin hook (`verifyConditions`, `prepare`, `publish`, `addChannel`)Configuration
📅 Schedule: Branch creation - "every 2 weeks on Monday before 7am" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.