-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): semantic-release [security] #377
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/npm-semantic-release-vulnerability
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
December 7, 2020 19:10
5d2a464
to
dddc291
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
December 21, 2020 12:29
dddc291
to
bcc4606
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
January 11, 2021 10:06
bcc4606
to
a6c5a07
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
January 18, 2021 10:29
a6c5a07
to
354684e
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
3 times, most recently
from
February 1, 2021 09:04
166c93a
to
336aecd
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
February 8, 2021 11:50
336aecd
to
80eea0c
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
February 15, 2021 12:36
80eea0c
to
97ad547
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
February 22, 2021 12:52
97ad547
to
6a293a6
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
March 8, 2021 11:34
9682e0c
to
c072769
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
March 22, 2021 12:05
bc62fea
to
f80e2b9
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
April 5, 2021 09:24
f80e2b9
to
43f3d52
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
April 12, 2021 12:04
43f3d52
to
8871440
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
April 26, 2021 09:21
015dd33
to
96977b1
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
May 3, 2021 10:20
96977b1
to
a139adc
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
May 10, 2021 10:21
a139adc
to
2c59109
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
May 24, 2021 10:21
2c59109
to
9b3d750
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
June 7, 2021 08:40
abbffaa
to
a95d386
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
June 21, 2021 08:32
fc8ce9d
to
f4cc229
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
July 5, 2021 08:32
e880204
to
2931bf1
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
July 12, 2021 08:19
2931bf1
to
04607e6
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
July 19, 2021 08:52
04607e6
to
f17f914
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
September 6, 2021 10:17
65b741c
to
58f9dcc
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
September 20, 2021 09:54
b83be28
to
7d7c1c4
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
October 4, 2021 09:24
b942c1f
to
461b0ff
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
October 14, 2021 22:34
48c5f97
to
295204b
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
October 25, 2021 11:06
295204b
to
792dfca
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
November 8, 2021 13:22
792dfca
to
6c5a332
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
November 16, 2021 01:50
6c5a332
to
79aed76
Compare
renovate
bot
changed the title
chore(deps): semantic-release [security]
chore(deps): semantic-release [security] - autoclosed
Dec 8, 2021
renovate
bot
changed the title
chore(deps): semantic-release [security] - autoclosed
chore(deps): semantic-release [security]
Dec 8, 2021
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
January 24, 2022 12:02
5ee5dc6
to
39d3a32
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
February 7, 2022 11:13
39d3a32
to
dadd913
Compare
renovate
bot
changed the title
chore(deps): semantic-release [security]
chore(deps): semantic-release [security] - autoclosed
Mar 11, 2022
renovate
bot
changed the title
chore(deps): semantic-release [security] - autoclosed
chore(deps): semantic-release [security]
Mar 15, 2022
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
March 28, 2022 14:04
dadd913
to
1c6958a
Compare
renovate
bot
force-pushed
the
renovate/npm-semantic-release-vulnerability
branch
from
April 8, 2022 22:40
1c6958a
to
425b7c5
Compare
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
15.12.5
->17.2.3
GitHub Vulnerability Alerts
CVE-2020-26226
Impact
Secrets that would normally be masked by
semantic-release
can be accidentally disclosed if they contain characters that become encoded when included in a URL.Patches
Fixed in v17.2.3
Workarounds
Secrets that do not contain characters that become encoded when included in a URL are already masked properly.
Release Notes
semantic-release/semantic-release
v17.2.3
Compare Source
Bug Fixes
v17.2.2
Compare Source
Bug Fixes
v17.2.1
Compare Source
Reverts
v17.2.0
Compare Source
Features
v17.1.2
Compare Source
Bug Fixes
v17.1.1
Compare Source
Bug Fixes
v17.1.0
Compare Source
Features
v17.0.8
Compare Source
Bug Fixes
v17.0.7
Compare Source
Bug Fixes
v17.0.6
Compare Source
Bug Fixes
v17.0.5
Compare Source
Bug Fixes
v17.0.4
Compare Source
Bug Fixes
repositoryUrl
in logs (55be0ba)v17.0.3
Compare Source
Bug Fixes
getGitAuthUrl
(e7bede1)v17.0.2
Compare Source
Bug Fixes
v17.0.1
Compare Source
Bug Fixes
v17.0.0
Compare Source
BREAKING CHANGES
v16.0.4
Compare Source
Bug Fixes
v16.0.3
Compare Source
Bug Fixes
--no-verify
when testing the Git permissions (b54b20d)v16.0.2
Compare Source
Bug Fixes
v16.0.1
Compare Source
Bug Fixes
v16.0.0
Compare Source
BREAKING CHANGES
v16.0.0@​beta
users only:In v16, a JSON object stored in a Git note is used to keep track of the channels on which a version has been released, the
@{channel}
suffix is no longer necessary.The tags formatted as v{version}@{channel} will now be ignored. If you have releases using this format you will have to upgrade them:
v{version}@​{channel}
{"channels":["channel1","channel2"]}
and usingnull
for the default channel (for example.{"channels":[null,"channel1","channel2"]}
)Require Node.js >= 10.13
Git CLI version 2.7.1 or higher is now required: The
--merge
option of thegit tag
command has been added in Git version 2.7.1 and is now used by semantic-releaseRegexp are not supported anymore for property matching in the
releaseRules
option.Regex are replaced by globs. For example
/core-.*/
should be changed to'core-*'
.The
branch
option has been removed in favor ofbranches
The new
branches
option expect either an Array or a single branch definition. To migrate your configuration:master
: nothing to changebranch
configuration and want to publish only from one branch: replacebranch
withbranches
("branch": "my-release-branch"
=>"branches": "my-release-branch"
)Features
addChannel
plugins to returnfalse
in order to signify no release was done (e1c7269)publish
plugins to returnfalse
in order to signify no release was done (47484f5)Performance Improvements
git tag --merge <branch>
to filter tags present in a branch history (cffe9a8)Bug Fixes
channel
to publish success log (5744c5e)ERELEASEBRANCHES
error message (#1188) (37bcc9e)ci
option via API and config file (2faff26)getTagHead
only when necessary (de77a79)success
plugin only once for releases added to a channel (9a023b4)addChannel
for 2 merged branches configured with the same channel (4aad9cd)false
(751a5f1)getError
(f96c660)await
(9a1af4d)get-tags
algorithm (00420a8)branch
parameter frompush
function (968b996)v15.14.0
Compare Source
Features
envi-ci
values to plugins context (a8c747d)v15.13.32
Compare Source
Bug Fixes
v15.13.31
Compare Source
Bug Fixes
v15.13.30
Compare Source
Bug Fixes
v15.13.29
Compare Source
Bug Fixes
v15.13.28
Compare Source
Bug Fixes
v15.13.27
Compare Source
Bug Fixes
v15.13.26
Compare Source
Bug Fixes
v15.13.25
Compare Source
Bug Fixes
v15.13.24
Compare Source
Reverts
v15.13.23
Compare Source
Bug Fixes
v15.13.22
Compare Source
Bug Fixes
v15.13.21
Compare Source
Bug Fixes
v15.13.20
Compare Source
Bug Fixes
v15.13.19
Compare Source
Bug Fixes
v15.13.18
Compare Source
Bug Fixes
^1.0.0
(6b3adf6)v15.13.17
Compare Source
Bug Fixes
v15.13.16
Compare Source
Bug Fixes
v15.13.15
Compare Source
Bug Fixes
v15.13.14
Compare Source
Bug Fixes
v15.13.13
Compare Source
Bug Fixes
v15.13.12
Compare Source
Bug Fixes
v15.13.11
Compare Source
Bug Fixes
v15.13.10
Compare Source
Bug Fixes
v15.13.9
Compare Source
Bug Fixes
v15.13.8
Compare Source
Bug Fixes
v15.13.7
Compare Source
Bug Fixes
v15.13.6
Compare Source
Bug Fixes
v15.13.5
Compare Source
Bug Fixes
v15.13.4
Compare Source
Bug Fixes
v15.13.3
Compare Source
Bug Fixes
v15.13.2
Compare Source
Bug Fixes
v15.13.1
Compare Source
Bug Fixes
v15.13.0
Compare Source
Features
publish
plugins to returnfalse
in order to signify no release was done (70c68ef)Configuration
📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.