[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @semantic-release/npm

The new version differs by 20 commits.

• ee787b4 fix(package): update normalize-url to version 4.0.0
• df993c7 fix: use default value for `null` options
• 124aca1 docs: harmonize docs with other plugins
• 98fc020 chore(package): update commitizen to version 3.0.0
• ec20a08 chore(package): update nock to version 10.0.0
• a1e46d6 chore(package): update xo to version 0.23.0
• 6e53a42 chore(package): update delay to version 4.0.0
• 746f734 fix(package): update execa to version 1.0.0
• b2dd3d7 fix(package): update execa to version 0.11.0
• 5951b30 fix: stream command output to `stdout` and `stderr`
• ae925af chore(package): update get-stream to version 4.0.0
• dbde084 chore(package): update xo to version 0.22.0
• 544d4c7 fix: do not use `execa.stdout.pipe` as it closes the stream
• c8e2ba4 feat: log npm CLI output to `stdout`/`stderr`
• b180a95 feat: add dependency to `npm`
• 6d10530 chore(package): update got to version 9.0.0
• d79b865 fix: remove unecessary `Buffer.from` in `lib/set-npmrc-auth.js`
• b58e0c4 test: use `semanticrelease/npm-registry-docker` Docker image for tests
• 0b9688a fix: use `logger` instead of writing on `stdout`
• f2e30c7 feat: use `cwd` and `env` options passed by core

See the full diff

Package name: git-url-parse

The new version differs by 10 commits.

• c66bd99 Updated docs
• c504b8a ⬆️ 10.0.0 🎉
• 30d77e0 ⬆️ 9.0.2 🎉
• b960f1f Updated docs
• b60f0ba ⬆️ 10.0.0 🎉
• 1912236 Merge branch 'fix-source-2parts-sld' of https://github.com/pvdlg/git-url-parse into new-version
• 67ae07c ⬆️ 9.0.2 🎉
• 13dae80 Fix parsing of `source` with 2 parts SLD
• e58ee36 Revert "Fix issue Decouple version determiner from npm registry semantic-release/semantic-release#56"
• c4dfff9 Revert "Fix Write a dont-break verifyRelease plugin semantic-release/semantic-release#65. Check if the parsed resource is not null."

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic