Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⬆️ Updates semantic-release monorepo (major) #1023

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

⬆️ Updates semantic-release monorepo (major) #1023

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Mar 16, 2023
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@semantic-release/github ^8.0.4 -> ^10.0.0 age adoption passing confidence
@semantic-release/npm ^9.0.1 -> ^12.0.0 age adoption passing confidence
@semantic-release/release-notes-generator ^10.0.3 -> ^14.0.0 age adoption passing confidence
semantic-release ^19.0.3 -> ^24.0.0 age adoption passing confidence

Release Notes

semantic-release/github (@​semantic-release/github)

v10.1.3

Compare Source

Bug Fixes

v10.1.2

Compare Source

Bug Fixes

v10.1.1

Compare Source

Bug Fixes
  • invalid GraphQL query generated when no release commits are found (#​876) (8ee2744)

v10.1.0

Compare Source

Features

v10.0.7

Compare Source

Bug Fixes
  • replace github search api with graphql in success lifecycle method (#​857) (be394cf)

v10.0.6

Compare Source

Bug Fixes
  • corrected homepage link in package.json so the generated links in the errors are valid (#​848) (865762d)

v10.0.5

Compare Source

Bug Fixes

v10.0.4

Compare Source

Bug Fixes
  • introduce dedicated option for GitHub API endpoint (#​829) (908ff83)

v10.0.3

Compare Source

v10.0.2

Compare Source

Bug Fixes

v10.0.1

Compare Source

Bug Fixes

v10.0.0

Compare Source

Features
  • node-versions: dropped support for node v18 and v19 (#​797) (aea314f)
BREAKING CHANGES
  • node-versions: node v18 and v19 are no longer supported

v9.2.6

Compare Source

Bug Fixes

v9.2.5

Compare Source

Bug Fixes

v9.2.4

Compare Source

Bug Fixes

v9.2.3

Compare Source

Bug Fixes

v9.2.2

Compare Source

Bug Fixes

v9.2.1

Compare Source

v9.2.0

Compare Source

Features

v9.1.0

Compare Source

Features
  • releaseNameTemplate and releaseBodyTemplate options for customizing release body and name (#​704) (9e2678c)

v9.0.7

Compare Source

Bug Fixes

v9.0.6

Compare Source

Bug Fixes

v9.0.5

Compare Source

Bug Fixes

v9.0.4

Compare Source

Bug Fixes

v9.0.3

Compare Source

Bug Fixes

v9.0.2

Compare Source

Bug Fixes

v9.0.1

Compare Source

Bug Fixes

v9.0.0

Compare Source

BREAKING CHANGES
  • @semantic-release/github is now a native ES Module
  • Node 14 and 16 are no longer supported
semantic-release/npm (@​semantic-release/npm)

v12.0.1

Compare Source

Bug Fixes
  • deps: update dependency execa to v9 (9ac5ed0)

v12.0.0

Compare Source

Features
  • exports: defined exports to point at ./index.js (9e193c2)
  • node-versions: dropped support for node v18 and v19 (2df962b)
BREAKING CHANGES
  • exports: exports has been defined, which prevents access to private apis (which arent
    intended for consumption anyway)
  • node-versions: node v18 and v19 are no longer supported

v11.0.3

Compare Source

Bug Fixes

even though our existing range allowed anyone to update as soon as the new npm version was available, this will encourage being on a version that does not report the ip vulnerability a bit more forcefully

v11.0.2

Compare Source

Bug Fixes
  • deps: update dependency npm to v10.2.5 (42b5dec)

v11.0.1

Compare Source

Bug Fixes

v11.0.0

Compare Source

Bug Fixes
  • deps: update dependency npm to v10 (819f257)
Features
  • node-versions: raised the minimum required node version to v18.17 and dropped v19 support (6413130)
BREAKING CHANGES
  • node-versions: node v18.17 is now the minimum required version and support for v19 has been dropped

v10.0.6

Compare Source

Bug Fixes

v10.0.5

Compare Source

Bug Fixes

v10.0.4

Compare Source

Bug Fixes

v10.0.3

Compare Source

Bug Fixes

v10.0.2

Compare Source

Bug Fixes

v10.0.1

Compare Source

Bug Fixes

v10.0.0

Compare Source

Bug Fixes
  • aggregate-error: upgraded to the latest version (7285e05)
  • deps: upgraded npm to v9 (2a79f80)
  • execa: upgraded to the latest version (7c74660)
  • normalize-url: upgraded to the latest version (b55bb01)
  • remove support for legacy auth (51ab3c8)
  • tempy: upgraded to the latest version of tempy (f1992a5)
Code Refactoring
  • esm: converted the package to esm (2d8ff15)
Features
  • node-versions: dropped support for node versions below v18 (aff3574)
  • semantic-release-peer: raised the minimum peer requirement to the first version that supports loading esm plugins (22e70ad)
BREAKING CHANGES
  • deps: the direct dependency on npm has been upgraded to v9. details of breaking changes
    can be found at https://github.com/npm/cli/releases/tag/v9.0.0
  • semantic-release-peer: the required version of semantic-release has been
    raised to v20.1.0 in order to support loading of ESM plugins
  • aggregate-error: due to the aggregate-error upgrade, thrown errors are no longer iterable, but instead list the errors under an errors property
  • legacy authentication using NPM_USERNAME and NPM_PASSWORD is no longer supported. Use NPM_TOKEN instead.
  • node-versions: node v18 is now the minimum required node version
  • esm: @semantic-release/npm is now a native ES Module. It
    has named exports for each plugin hook (verifyConditions, prepare,
    publish, addChannel)
semantic-release/release-notes-generator (@​semantic-release/release-notes-generator)

v14.0.1

Compare Source

Bug Fixes

v14.0.0

Compare Source

Features
BREAKING CHANGES
  • by supporting the latest major versions of conventional-changelog packages, we are dropping support for previous major versions of those packages due to the breaking changes between majors. this only impacts your project if you are installing alongside semantic-release, so updating those packages to latest version should be the only change you need for this update. no action should be necessary if you are using default semantic-release config

v13.0.0

Compare Source

Features
  • exports: defined exports to point at ./index.js (5655b18)
  • node-versions: dropped support for node v18 and v19 (e65959a)
BREAKING CHANGES
  • exports: exports has been defined, which prevents access to private apis (which arent
    intended for consumption anyway)
  • node-versions: node v18 and v19 are no longer supported

v12.1.0

Compare Source

Features

v12.0.1

Compare Source

Bug Fixes

v12.0.0

Compare Source

Bug Fixes
  • deps: update dependency conventional-changlog-writer to v7 (4fe3563)
Features
  • conventional-changelog-presets: supported new preset format (a681671)
  • node-versions: raised the minimum node version to v18.17 and dropped v19 support (9c4e5f5)
BREAKING CHANGES
  • node-versions: the minimum required node version is now v18.17, v19 support has been dropped, and the minimum required in the v20 range is v20.6.1
  • conventional-changelog-presets: the new preset format is a breaking change when compared to the previous preset format. updating to support the new format means that the old preset format is no longer supported. update your preset to the latest version to maintain compatibility

v11.0.7

Compare Source

Bug Fixes
  • deps: update dependency conventional-commits-filter to v4 (a347fa6)

v11.0.6

Compare Source

Reverts
  • Revert "chore(deps): update dependency conventional-changelog-atom to v4 (#​509)" (e6b939a), closes #​509
  • Revert "chore(deps): update dependency conventional-changelog-ember to v4 (#​511)" (1f6fa69), closes #​511
  • Revert "chore(deps): update dependency conventional-changelog-conventionalcommits to v7 (#​510)" (9793686), closes #​510
  • Revert "chore(deps): update dependency conventional-changelog-eslint to v5 (#​512)" (a74f93d), closes #​512
  • Revert "chore(deps): update dependency conventional-changelog-express to v4 (#​513)" (a84e7ed), closes #​513

v11.0.5

Compare Source

Bug Fixes
  • deps: update dependency conventional-commits-parser to v5 (#​508) (45f893f)

v11.0.4

Compare Source

Bug Fixes
  • deps: update dependency read-pkg-up to v10 (68772c4)

v11.0.3

Compare Source

Bug Fixes
  • deps: update dependency conventional-changelog-angular to v6 (#​466) (a8d8868)
  • deps: update dependency conventional-changelog-writer to v6 (#​467) (d80b880)
  • deps: update dependency conventional-commits-filter to v3 (#​468) (b058ee7)
  • deps: update dependency conventional-commits-parser to v4 (#​469) (7d84222)

v11.0.2

Compare Source

Bug Fixes

v11.0.1

Compare Source

Bug Fixes
  • files: include the wrappers directory in the published package (949607f)

v11.0.0

Compare Source

Code Refactoring
Features
  • node-versions: raised the minimum required node version to v18 (4bfe425)
  • semantic-release-peer: raised the minimum peer requirement to the first version that supports loading esm plugins (f094cb0)
BREAKING CHANGES
  • semantic-release-peer: the required version of semantic-release has been raised to v20.1.0 in order to support loading of ESM plugins
  • node-versions: node v18 is now the minimum supported version
  • esm: @semantic-release/release-notes-generator is now a native ES Module. It has
    named exports for each plugin hook (generateNotes)
semantic-release/semantic-release (semantic-release)

v24.0.0

Compare Source

Bug Fixes
  • deps: upgraded to the beta of the commit-analyzer plugin (dfc3d91)
  • deps: upgraded to the beta of the release-notes-generator plugin (4a4cd92)
BREAKING CHANGES
  • deps: the commit-analyzer plugin now expects to be used with the latest major versions of
    conventional-changelog packages. if you are installing any of these packages in addition to
    semantic-release, be sure to update them as well
  • deps: the release-notes-generator plugin now expects to be used with the latest major
    versions of conventional-changelog packages. if you are installing any of these packages in addition
    to semantic-release, be sure to update them as well

v23.1.1

Compare Source

v23.1.0

Compare Source

v23.0.8

Compare Source

Bug Fixes
  • deps: rename read-pkg-up -> read-package-up (4980cba)
  • deps: rename read-pkg-up -> read-package-up (#​3249) (95a8b9e)

v23.0.7

Compare Source

v23.0.6

Compare Source

Bug Fixes

v23.0.5

Compare Source

v23.0.4

Compare Source

v23.0.3

Compare Source

v23.0.2

Compare Source

Bug Fixes

v23.0.1

Compare Source

Bug Fixes
  • deps: update dependency marked-terminal to v7 (9faded8)

v23.0.0

Compare Source

Bug Fixes
Features
BREAKING CHANGES

related to https://github.com/semantic-release/semantic-release/discussions/3088

v22.0.12

Compare Source

Bug Fixes
  • Revert "fix(deps): update dependency cosmiconfig to v9" (#​3104) (f6f1bf1)

v22.0.11

Compare Source

Bug Fixes
  • deps: update dependency cosmiconfig to v9 (b38cd2e)

v22.0.10

Compare Source

Bug Fixes
  • revert updating cosmiconfig to v9 (88efead)

v22.0.9

Compare Source

Bug Fixes

v22.0.8

Compare Source

Bug Fixes

v22.0.7

Compare Source

Bug Fixes
Features

v22.0.6

Compare Source

Bug Fixes

v22.0.5

Compare Source

Bug Fixes

v22.0.4

Compare Source

Bug Fixes

v22.0.3

Compare Source

Bug Fixes

v22.0.2

Compare Source

Bug Fixes
  • deps: update dependency marked-terminal to v6 (8a7befe)

v22.0.1

Compare Source

Bug Fixes
  • deps: upgraded release-notes-generator and commit-analyzer plugins to stable versions (041e4f7), closes #​2934

v22.0.0

Compare Source

Bug Fixes
  • deps: updated to the latest beta of the commit analyzer plugin (03a687b)
  • deps: updated to the latest betas of the commit-analyzer and release-notes-generator plugins (de8e4e0)
  • deps: upgraded to the latest version of the npm plugin with npm v10 (a23b718)
Features
  • conventional-changelog-presets: supported new preset format (07a79ea)
  • defined exports for the package (72ab317)
  • node-versions: raised the minimum node v20 requirement to v20.6 (e623cc6)
  • node-versions: raised the minimum required node version to v18.17 and dropped v19 support (b9f294d)
  • node-versions: raised the minimum supported node version w/in the v20 range to v20.6.1 (b93bef4)
BREAKING CHANGES
  • node-versions: the minimum supported version for the v20 range of node has been raised slightly to
    v20.6.1 to avoid a known node bug
  • node-versions: the minimum supported node version in the v20 major range is now v20.6
  • node-versions: node v18.17 is now the minimum supported node version and support for v19 has been dropped
  • exports prevents access to internal files, but they arent intended for public use anyway
  • conventional-changelog-presets: the new preset format is a breaking change when compared to the previous preset format. updating to support the new format means that the old preset format is no longer supported. update your preset to the latest version to maintain compatibility. this is also important if you are using a preset outside of the list of official conventional-changelog presets since your preset will need to be updated to export async functions to match the expected preset signature.

v21.1.2

Compare Source

Bug Fixes

v21.1.1

Compare Source

Bug Fixes
  • types: included the definitions file in the published package (#​2920) (4c95c97)

v21.1.0

Compare Source

Features

v21.0.9

Compare Source

Bug Fixes

v21.0.8

Compare Source

Bug Fixes

v21.0.7

Compare Source

Bug Fixes

v21.0.6

Compare Source

Bug Fixes
  • get correct version if prerelease branch shares version with ... (#​2416) (e4229f9)

v21.0.5

Compare Source

Bug Fixes
  • deps: update dependency marked to v5 (452e1fa)

v21.0.4

Compare Source

Bug Fixes

v21.0.3

Compare Source

Bug Fixes
  • bump @semantic-release/commit-analyzer to v10.0.0-beta.1 (4a6b31f)
  • bump @semantic-release/github to 9.0.0-beta.2 (#​2818) (6f19d77)
  • deps: updated the beta plugins to stable versions (3941018)

v21.0.2

Compare Source

Bug Fixes

v21.0.1

Compare Source

Bug Fixes

v21.0.0

Compare Source

BREAKING CHANGES
  • deps: the npm plugin has updated the npm dependency to v9
  • legacy authentication using NPM_USERNAME and NPM_PASSWORD is no longer supported. Use NPM_TOKEN instead.
Bug Fixes
  • deps: bump @semantic-release/npm to ^10.0.0 (d647433)

v20.1.3

Compare Source

Bug Fixes
  • deps: update dependency execa to v7.1.1 (c38b53a)

v20.1.2

Compare Source

Bug Fixes
  • deps: update dependency cosmiconfig to v8.1.2 (fbede54)

v20.1.1

Compare Source

Bug Fixes

v20.1.0

Compare Source

Features

[v20.0.4](https://togithub.com/semantic-release/semantic-r

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Moscow, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@viezly
Copy link

viezly bot commented Mar 16, 2023

Pull request by bot. No need to analyze

@github-actions
Copy link

Thanks for the PR!

This section of the codebase is owner by https://github.com/AlexRogalskiy/ - if they write a comment saying "LGTM" then it will be merged.

@github-actions
Copy link

Thanks for opening an issue! Make sure you've followed CONTRIBUTING.md.

@github-actions
Copy link

Hello from PR Helper

Is your PR ready for review and processing? Mark the PR ready by including #pr-ready in a comment.

If you still have work to do, even after marking this ready. Put the PR on hold by including #pr-onhold in a comment.

@renovate renovate bot changed the title ⬆️ Updates semantic-release to v20 ⬆️ Updates semantic-release monorepo (major) Mar 24, 2023
@renovate renovate bot force-pushed the renovate/major-semantic-release-monorepo branch from 06539b3 to 29222c6 Compare March 24, 2023 21:51
@socket-security
Copy link

socket-security bot commented Mar 24, 2023
edited

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/core-js@2.6.12
  • Install script: postinstall
  • Source: node -e "try{require('./postinstall')}catch(e){}"
  • orphan: npm/core-js@2.6.12

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/core-js@2.6.12

@renovate renovate bot force-pushed the renovate/major-semantic-release-monorepo branch from 29222c6 to 99de791 Compare May 28, 2023 15:51
@renovate renovate bot force-pushed the renovate/major-semantic-release-monorepo branch from 99de791 to d8e76dd Compare June 3, 2023 05:34
@renovate renovate bot force-pushed the renovate/major-semantic-release-monorepo branch from d8e76dd to 8b5148a Compare September 16, 2023 11:54
@socket-security
Copy link

socket-security bot commented Sep 16, 2023
edited

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher

🚮 Removed packages: npm/@semantic-release/github@8.1.0, npm/@semantic-release/npm@9.0.2, npm/@semantic-release/release-notes-generator@10.0.3, npm/@types/form-data@2.5.0, npm/@types/formidable@2.0.6, npm/@types/jest@28.1.8, npm/@types/lodash.mergewith@4.6.9, npm/@typescript-eslint/eslint-plugin@5.62.0, npm/@typescript-eslint/parser@5.62.0, npm/@vercel/node@2.15.10, npm/boxen@5.1.2, npm/canvas@2.11.2, npm/codecov@3.8.3, npm/conventional-changelog-cli@2.2.2, npm/coveralls@3.1.1, npm/date-format@4.0.11, npm/del-cli@4.0.1, npm/dockerfile_lint@0.3.4, npm/env-cmd@10.1.0, npm/eslint-config-prettier@8.10.0, npm/eslint-import-resolver-typescript@2.7.1, npm/eslint-plugin-eslint-comments@3.2.0, npm/eslint-plugin-github@4.10.2, npm/eslint-plugin-jest@26.9.0, npm/eslint-plugin-node@11.1.0, npm/eslint-plugin-prettier@4.2.1, npm/eslint-plugin-spellcheck@0.0.19, npm/eslint-plugin-unicorn@42.0.0, npm/eslint@8.57.0, npm/formidable@2.1.2, npm/git-cz@4.9.0, npm/gradient-string@2.0.2, npm/husky@8.0.3, npm/if-env@1.0.4, npm/isomorphic-unfetch@3.1.0, npm/jest-canvas-mock@2.5.2, npm/jest-circus@28.1.3, npm/jest@28.1.3, npm/jsdom@20.0.3, npm/jsonlint@1.6.3, npm/license-checker@25.0.1, npm/lodash.clonedeep@4.5.0, npm/markdown-link-check@3.12.2, npm/nodemon@2.0.22, npm/onchange@7.1.0, npm/opener@1.5.2, npm/plotly.js-dist@2.33.0, npm/plotly.js-geo-dist@2.33.0, npm/prettier@2.8.8, npm/pretty-quick@3.3.1, npm/randomcolor@0.6.2, npm/remark-cli@10.0.1, npm/remark-lint-code-block-style@3.1.2, npm/remark-lint-ordered-list-marker-value@3.1.2, npm/remark-preset-davidtheclark@0.12.0, npm/remark-validate-links@11.0.2, npm/semantic-release@19.0.5, npm/ts-jest@28.0.8, npm/ts-node@10.9.2, npm/typedoc@0.22.18, npm/validate-commit-msg@2.14.0

View full report↗︎

@renovate renovate bot force-pushed the renovate/major-semantic-release-monorepo branch from 8b5148a to 1a4eac5 Compare September 17, 2023 08:44
@renovate renovate bot force-pushed the renovate/major-semantic-release-monorepo branch from 1a4eac5 to ecc4a0f Compare September 19, 2023 23:53
@renovate renovate bot force-pushed the renovate/major-semantic-release-monorepo branch from ecc4a0f to dd3301c Compare January 13, 2024 14:56
@renovate renovate bot force-pushed the renovate/major-semantic-release-monorepo branch from dd3301c to 16cff4d Compare March 15, 2024 08:41
@renovate renovate bot force-pushed the renovate/major-semantic-release-monorepo branch from 16cff4d to 8af2300 Compare March 17, 2024 11:22
@renovate renovate bot force-pushed the renovate/major-semantic-release-monorepo branch from 8af2300 to 38464e1 Compare March 26, 2024 05:42
@renovate
⬆️ Updates semantic-release monorepo
b26a7da 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/major-semantic-release-monorepo branch from 38464e1 to b26a7da Compare June 1, 2024 11:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlexRogalskiy AlexRogalskiy Awaiting requested review from AlexRogalskiy

Assignees
No one assigned
Labels
npm dependencies review-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants