Open renovate[bot] opened 3 years ago
This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.
π Inspect: https://vercel.com/particular/demo-serverless-oauth/2s8n2gzsi
β
Preview: https://demo-serverless-git-renovate-npm-semantic-release-vulner-eb6661.particular.vercel.app
Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
β Warning: custom changes will be lost.
This PR contains the following updates:
15.13.14
->17.2.3
GitHub Vulnerability Alerts
CVE-2020-26226
Impact
Secrets that would normally be masked by
semantic-release
can be accidentally disclosed if they contain characters that become encoded when included in a URL.Patches
Fixed in v17.2.3
Workarounds
Secrets that do not contain characters that become encoded when included in a URL are already masked properly.
Release Notes
semantic-release/semantic-release
### [`v17.2.3`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.2.3) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.2.2...v17.2.3) ##### Bug Fixes - mask secrets when characters get uri encoded ([ca90b34](https://togithub.com/semantic-release/semantic-release/commit/ca90b34c4a9333438cc4d69faeb43362bb991e5a)) ### [`v17.2.2`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.2.2) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.2.1...v17.2.2) ##### Bug Fixes - don't parse port as part of the path in repository URLs ([#1671](https://togithub.com/semantic-release/semantic-release/issues/1671)) ([77a75f0](https://togithub.com/semantic-release/semantic-release/commit/77a75f072bc257b27904408dbea5ae5ccae2b6ab)) - use valid git credentials when multiple are provided ([#1669](https://togithub.com/semantic-release/semantic-release/issues/1669)) ([2bf3771](https://togithub.com/semantic-release/semantic-release/commit/2bf377194efc6b4f13b6bc6cd9272b935f64793e)) ### [`v17.2.1`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.2.1) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.2.0...v17.2.1) ##### Reverts - Revert "feat: throw an Error if package.json has duplicate "repository" key ([#1656](https://togithub.com/semantic-release/semantic-release/issues/1656))" ([3abcbaf](https://togithub.com/semantic-release/semantic-release/commit/3abcbaf2561a208180a1f8eddc1d8a5c1006fe48)), closes [#1656](https://togithub.com/semantic-release/semantic-release/issues/1656) [#1657](https://togithub.com/semantic-release/semantic-release/issues/1657) ### [`v17.2.0`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.2.0) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.1.2...v17.2.0) ##### Features - throw an Error if package.json has duplicate "repository" key ([#1656](https://togithub.com/semantic-release/semantic-release/issues/1656)) ([b8fb35c](https://togithub.com/semantic-release/semantic-release/commit/b8fb35c7e15d314c15182f779ef30b42b6c4e7ea)) ### [`v17.1.2`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.1.2) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.1.1...v17.1.2) ##### Bug Fixes - add logging for when ssh falls back to http ([#1639](https://togithub.com/semantic-release/semantic-release/issues/1639)) ([b4c5d0a](https://togithub.com/semantic-release/semantic-release/commit/b4c5d0a436fa5a4e98d8326f0512fa8a2f1f4f67)) ### [`v17.1.1`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.1.1) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.1.0...v17.1.1) ##### Bug Fixes - use correct ci branch context ([#1521](https://togithub.com/semantic-release/semantic-release/issues/1521)) ([0f0c650](https://togithub.com/semantic-release/semantic-release/commit/0f0c650b41764d1a3deb33631147c7ca0e39fe59)) ### [`v17.1.0`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.1.0) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.8...v17.1.0) ##### Features - **bitbucket-basic-auth:** support for bitbucket server basic auth ([#1578](https://togithub.com/semantic-release/semantic-release/issues/1578)) ([a465801](https://togithub.com/semantic-release/semantic-release/commit/a4658016d957a9a240051e51d77388f1345bd6ec)) ### [`v17.0.8`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.8) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.7...v17.0.8) ##### Bug Fixes - prevent false positive secret replacement for Golang projects ([#1562](https://togithub.com/semantic-release/semantic-release/issues/1562)) ([eed1d3c](https://togithub.com/semantic-release/semantic-release/commit/eed1d3c8cbab0ef05df39866c90ff74dff77dfa4)) ### [`v17.0.7`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.7) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.6...v17.0.7) ##### Bug Fixes - **package:** update marked to version 1.0.0 ([#1534](https://togithub.com/semantic-release/semantic-release/issues/1534)) ([d64db31](https://togithub.com/semantic-release/semantic-release/commit/d64db31e7670c394554246b9d686997c3e2c046b)) ### [`v17.0.6`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.6) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.5...v17.0.6) ##### Bug Fixes - adapt for semver to version 7.3.2 (part II) ([#1530](https://togithub.com/semantic-release/semantic-release/issues/1530)) ([431d571](https://togithub.com/semantic-release/semantic-release/commit/431d571a7b7284b2029a55da68a44c65d7c16451)) ### [`v17.0.5`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.5) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.4...v17.0.5) ##### Bug Fixes - adapt for semver to version 7.3.2 ([0363790](https://togithub.com/semantic-release/semantic-release/commit/0363790b8a5f91a8c95fc6905e3e20305db7c539)) ### [`v17.0.4`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.4) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.3...v17.0.4) ##### Bug Fixes - add `repositoryUrl` in logs ([55be0ba](https://togithub.com/semantic-release/semantic-release/commit/55be0ba2b1d8a5f7d817f0d4567be04170580028)) ### [`v17.0.3`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.3) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.2...v17.0.3) ##### Bug Fixes - pass a branch name to `getGitAuthUrl` ([e7bede1](https://togithub.com/semantic-release/semantic-release/commit/e7bede186649abb4dd19ed0e8c28c218523b8b19)) ### [`v17.0.2`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.2) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.1...v17.0.2) ##### Bug Fixes - **package:** update marked-terminal to version 4.0.0 ([8ce2d6e](https://togithub.com/semantic-release/semantic-release/commit/8ce2d6e834035980c3261f3b2a568279e601423c)) ### [`v17.0.1`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.1) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v17.0.0...v17.0.1) ##### Bug Fixes - **package:** update [@semantic-release/commit-analyzer](https://togithub.com/semantic-release/commit-analyzer) to version 8.0.0 ([45695b9](https://togithub.com/semantic-release/semantic-release/commit/45695b9183fa488f64e49e291b01c13b7f3319fb)) - **package:** update [@semantic-release/github](https://togithub.com/semantic-release/github) to version 7.0.0 ([c48bd3a](https://togithub.com/semantic-release/semantic-release/commit/c48bd3ac36561f137a7b7766c0308dd4e72cfad7)) - **package:** update [@semantic-release/npm](https://togithub.com/semantic-release/npm) to version 7.0.0 ([f2b5826](https://togithub.com/semantic-release/semantic-release/commit/f2b5826c0c57e32910f9257f932f51066a7f9421)) - **package:** update [@semantic-release/release-notes-generator](https://togithub.com/semantic-release/release-notes-generator) to version 9.0.0 ([3c7b114](https://togithub.com/semantic-release/semantic-release/commit/3c7b114eed8fc8b4d31e22c2dc69b7e8e6dca3cf)) ### [`v17.0.0`](https://togithub.com/semantic-release/semantic-release/releases/tag/v17.0.0) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v16.0.4...v17.0.0) ##### BREAKING CHANGES - Require Node.js >= 10.18 ### [`v16.0.4`](https://togithub.com/semantic-release/semantic-release/releases/tag/v16.0.4) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v16.0.3...v16.0.4) ##### Bug Fixes - correct error when remote repository has no branches ([c6b1076](https://togithub.com/semantic-release/semantic-release/commit/c6b10766a7c39b59164ffd14f5f5a503fa914f36)) ### [`v16.0.3`](https://togithub.com/semantic-release/semantic-release/releases/tag/v16.0.3) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v16.0.2...v16.0.3) ##### Bug Fixes - use `--no-verify` when testing the Git permissions ([b54b20d](https://togithub.com/semantic-release/semantic-release/commit/b54b20d4122bd4419cfbc35da1a475c1dd65721b)) ### [`v16.0.2`](https://togithub.com/semantic-release/semantic-release/releases/tag/v16.0.2) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v16.0.1...v16.0.2) ##### Bug Fixes - fetch tags on repo cached by the CI ([6b5b02e](https://togithub.com/semantic-release/semantic-release/commit/6b5b02ea755b74e1c2ea9a2dfff6576f5f15e870)) ### [`v16.0.1`](https://togithub.com/semantic-release/semantic-release/releases/tag/v16.0.1) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v16.0.0...v16.0.1) ##### Bug Fixes - **package:** update env-ci to version 5.0.0 ([3739ab5](https://togithub.com/semantic-release/semantic-release/commit/3739ab5f34454321aad2bf36f3a5ec03da004d33)) ### [`v16.0.0`](https://togithub.com/semantic-release/semantic-release/releases/tag/v16.0.0) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v15.14.0...v16.0.0) ##### BREAKING CHANGES - β οΈ For `v16.0.0@beta` users only: In v16, a JSON object stored in a [Git note](https://git-scm.com/docs/git-notes) is used to keep track of the channels on which a version has been released, the `@{channel}` suffix is no longer necessary. The tags formatted as v{version}@{channel} will now be ignored. If you have releases using this format you will have to upgrade them: - Find all the versions that have been released on a branch other than the default one by searching for all tags formatted as `v{version}@{channel}` - For each of those version: - Create a tag without the {[@channel](https://togithub.com/channel)} if none doesn't already exists - Add a Git note to the tag without the {[@channel](https://togithub.com/channel)} containing the channels on which the version was released formatted as `{"channels":["channel1","channel2"]}` and using `null` for the default channel (for example.`{"channels":[null,"channel1","channel2"]}`) - Push the tags and notes - Update the GitHub releases that refer to a tag formatted as v{version}@{channel} to use the tag without it - Delete the tags formatted as v{version}@{channel} - Require Node.js >= 10.13 - Git CLI version 2.7.1 or higher is now required: The `--merge` option of the `git tag` command has been added in Git version 2.7.1 and is now used by semantic-release - Regexp are not supported anymore for property matching in the `releaseRules` option. Regex are replaced by [globs](https://togithub.com/micromatch/micromatch#matching-features). For example `/core-.*/` should be changed to `'core-*'`. - The `branch` option has been removed in favor of `branches` - The new `branches` option expect either an Array or a single branch definition. To migrate your configuration: - If you want to publish package from multiple branches, please see the configuration documentation - If you use the default configuration and want to publish only from `master`: nothing to change - If you use the `branch` configuration and want to publish only from one branch: replace `branch` with `branches` (`"branch": "my-release-branch"` => `"branches": "my-release-branch"`) ##### Features - allow `addChannel` plugins to return `false` in order to signify no release was done ([e1c7269](https://togithub.com/semantic-release/semantic-release/commit/e1c7269cb3af0d84c28fd3c4a5ce61ae4b625924)) - allow `publish` plugins to return `false` in order to signify no release was done ([47484f5](https://togithub.com/semantic-release/semantic-release/commit/47484f5eb2fa330cbbbb03bffadba524ad642081)) - allow to release any version on a branch if up to date with next branch ([916c268](https://togithub.com/semantic-release/semantic-release/commit/916c2685c57f3490fb1e50afbf72ea8dce11e188)) - support multiple branches and distribution channels ([7b40524](https://togithub.com/semantic-release/semantic-release/commit/7b4052470b23261c9e679a17bff034da311fd894)) - use Git notes to store the channels on which a version has been released ([b2c1b2c](https://togithub.com/semantic-release/semantic-release/commit/b2c1b2c670f8f2dd4da71721ffb329c26e8d2cd7)) - **package:** update [@semantic-release/commit-analyzer](https://togithub.com/semantic-release/commit-analyzer) to version 7.0.0 ([e63e753](https://togithub.com/semantic-release/semantic-release/commit/e63e753cf09b2c3b51db00097bceade0893d3eaf)) ##### Performance Improvements - use `git tag --mergeConfiguration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.