-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): semantic-release [security] #204
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/npm-semantic-release-vulnerability
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
February 15, 2021 12:14
cbb778e
to
6486689
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
March 1, 2021 12:25
8cdf8fc
to
1757576
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
March 8, 2021 12:38
1757576
to
a16ece3
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
March 22, 2021 12:09
40267ec
to
d0e9b09
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
April 5, 2021 09:55
d0e9b09
to
404f713
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
April 12, 2021 17:48
93299d0
to
da08e11
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
April 26, 2021 10:24
da08e11
to
b087ad2
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
May 3, 2021 10:59
b087ad2
to
7b1ab18
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
May 10, 2021 11:20
7b1ab18
to
382a58e
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
May 31, 2021 10:50
1be706b
to
84fba67
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
June 7, 2021 08:23
84fba67
to
1c57149
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
June 21, 2021 09:01
7059c56
to
2e945f6
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
July 5, 2021 08:33
62df948
to
e6aadff
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
July 12, 2021 08:27
e6aadff
to
ff481fa
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
July 26, 2021 08:50
451aad7
to
7c1b390
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
August 2, 2021 09:00
7c1b390
to
5b3092e
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
3 times, most recently
from
August 16, 2021 09:23
3f17ef1
to
3269ded
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
August 23, 2021 10:16
3269ded
to
fe3c8e1
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
September 6, 2021 10:07
76826c7
to
193c2fd
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
December 19, 2022 11:40
79999b7
to
b6048ed
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
December 26, 2022 12:12
91420b9
to
b30f2e2
Compare
renovate
bot
changed the title
chore(deps): semantic-release [security]
chore(deps): semantic-release [security] - autoclosed
Jan 1, 2023
renovate
bot
changed the title
chore(deps): semantic-release [security] - autoclosed
chore(deps): semantic-release [security]
Jan 1, 2023
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
January 2, 2023 13:08
b30f2e2
to
485d339
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
January 16, 2023 13:33
45a048f
to
83f290c
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
January 23, 2023 13:42
83f290c
to
e8b34c2
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
January 30, 2023 15:39
e8b34c2
to
6b31df9
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
February 13, 2023 11:46
6b31df9
to
15d55ed
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
3 times, most recently
from
February 27, 2023 11:46
83445fc
to
f5879c1
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
March 7, 2023 04:34
f5879c1
to
7f5ab6e
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
March 20, 2023 12:21
7f5ab6e
to
877b1cf
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
3 times, most recently
from
April 10, 2023 13:45
40730e3
to
ed9c585
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
April 24, 2023 11:54
a1d3a91
to
8e621af
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
May 1, 2023 09:18
8e621af
to
03dda6b
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
May 15, 2023 10:04
03dda6b
to
89fdec5
Compare
⚠ Artifact update problemRenovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below: File name: yarn.lock
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
15.13.32
->17.2.3
GitHub Vulnerability Alerts
CVE-2020-26226
Impact
Secrets that would normally be masked by
semantic-release
can be accidentally disclosed if they contain characters that become encoded when included in a URL.Patches
Fixed in v17.2.3
Workarounds
Secrets that do not contain characters that become encoded when included in a URL are already masked properly.
Release Notes
semantic-release/semantic-release (semantic-release)
v17.2.3
Compare Source
Bug Fixes
v17.2.2
Compare Source
Bug Fixes
v17.2.1
Compare Source
Reverts
v17.2.0
Compare Source
Features
v17.1.2
Compare Source
Bug Fixes
v17.1.1
Compare Source
Bug Fixes
v17.1.0
Compare Source
Features
v17.0.8
Compare Source
Bug Fixes
v17.0.7
Compare Source
Bug Fixes
v17.0.6
Compare Source
Bug Fixes
v17.0.5
Compare Source
Bug Fixes
v17.0.4
Compare Source
Bug Fixes
repositoryUrl
in logs (55be0ba)v17.0.3
Compare Source
Bug Fixes
getGitAuthUrl
(e7bede1)v17.0.2
Compare Source
Bug Fixes
v17.0.1
Compare Source
Bug Fixes
v17.0.0
Compare Source
BREAKING CHANGES
v16.0.4
Compare Source
Bug Fixes
v16.0.3
Compare Source
Bug Fixes
--no-verify
when testing the Git permissions (b54b20d)v16.0.2
Compare Source
Bug Fixes
v16.0.1
Compare Source
Bug Fixes
v16.0.0
Compare Source
BREAKING CHANGES
v16.0.0@​beta
users only:In v16, a JSON object stored in a Git note is used to keep track of the channels on which a version has been released, the
@{channel}
suffix is no longer necessary.The tags formatted as v{version}@{channel} will now be ignored. If you have releases using this format you will have to upgrade them:
v{version}@​{channel}
{"channels":["channel1","channel2"]}
and usingnull
for the default channel (for example.{"channels":[null,"channel1","channel2"]}
)Require Node.js >= 10.13
Git CLI version 2.7.1 or higher is now required: The
--merge
option of thegit tag
command has been added in Git version 2.7.1 and is now used by semantic-releaseRegexp are not supported anymore for property matching in the
releaseRules
option.Regex are replaced by globs. For example
/core-.*/
should be changed to'core-*'
.The
branch
option has been removed in favor ofbranches
The new
branches
option expect either an Array or a single branch definition. To migrate your configuration:master
: nothing to changebranch
configuration and want to publish only from one branch: replacebranch
withbranches
("branch": "my-release-branch"
=>"branches": "my-release-branch"
)Features
addChannel
plugins to returnfalse
in order to signify no release was done (e1c7269)publish
plugins to returnfalse
in order to signify no release was done (47484f5)Performance Improvements
git tag --merge <branch>
to filter tags present in a branch history (cffe9a8)Bug Fixes
channel
to publish success log (5744c5e)ERELEASEBRANCHES
error message (#1188) (37bcc9e)ci
option via API and config file (2faff26)getTagHead
only when necessary (de77a79)success
plugin only once for releases added to a channel (9a023b4)addChannel
for 2 merged branches configured with the same channel (4aad9cd)false
(751a5f1)getError
(f96c660)await
(9a1af4d)get-tags
algorithm (00420a8)branch
parameter frompush
function (968b996)v15.14.0
Compare Source
Features
envi-ci
values to plugins context (a8c747d)Configuration
📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.