Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore(deps): update dependency semantic-release to v17.2.3 [security] #19022

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 24, 2021
Merged

chore(deps): update dependency semantic-release to v17.2.3 [security] #19022

merged 2 commits into from
Nov 24, 2021

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 20, 2021
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
semantic-release 17.0.4 -> 17.2.3 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-26226

Impact

Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL.

Patches

Fixed in v17.2.3

Workarounds

Secrets that do not contain characters that become encoded when included in a URL are already masked properly.

Release Notes

semantic-release/semantic-release

v17.2.3

Compare Source

Bug Fixes
  • mask secrets when characters get uri encoded (ca90b34)

v17.2.2

Compare Source

Bug Fixes
  • don't parse port as part of the path in repository URLs (#​1671) (77a75f0)
  • use valid git credentials when multiple are provided (#​1669) (2bf3771)

v17.2.1

Compare Source

Reverts

v17.2.0

Compare Source

Features
  • throw an Error if package.json has duplicate "repository" key (#​1656) (b8fb35c)

v17.1.2

Compare Source

Bug Fixes

v17.1.1

Compare Source

Bug Fixes

v17.1.0

Compare Source

Features
  • bitbucket-basic-auth: support for bitbucket server basic auth (#​1578) (a465801)

v17.0.8

Compare Source

Bug Fixes
  • prevent false positive secret replacement for Golang projects (#​1562) (eed1d3c)

v17.0.7

Compare Source

Bug Fixes

v17.0.6

Compare Source

Bug Fixes

v17.0.5

Compare Source

Bug Fixes
  • adapt for semver to version 7.3.2 (0363790)

Configuration

📅 Schedule: "" in timezone America/New_York.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot added renovate Triggered by renovatebot type: dependencies labels Nov 20, 2021
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Nov 20, 2021

See the guidelines for reviewing dependency updates for info on how to review dependency update PRs.

@cypress
Copy link

cypress bot commented Nov 20, 2021
edited
Loading


Test summary

18709 0 202 0Flakiness 1

Run details
Project cypress
Status Passed
Commit 48e586d
Started Nov 23, 2021 9:01 PM
Ended Nov 23, 2021 9:14 PM
Duration 12:22 💡
OS Linux Debian - 10.10
Browser Multiple

View run in Cypress Dashboard ➡️

Flakiness

cypress/integration/cypress/proxy-logging-spec.ts Flakiness
1 Proxy Logging > request logging > xhr log has response body/status code

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch 2 times, most recently from f5cc9d7 to e1cfce4 Compare November 22, 2021 15:36
emilyrohrbough
emilyrohrbough previously approved these changes Nov 22, 2021
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch 6 times, most recently from 4c5a041 to c059e0d Compare November 23, 2021 16:41
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch from c059e0d to 6986957 Compare November 23, 2021 18:08
@emilyrohrbough emilyrohrbough merged commit cbfb3ca into develop Nov 24, 2021
@emilyrohrbough emilyrohrbough deleted the renovate/npm-semantic-release-vulnerability branch November 24, 2021 16:07
tgriesser added a commit that referenced this pull request Nov 28, 2021
@tgriesser
Merge branch 'develop' into 10.0-release
20d66a8 
* develop:
  test: node_modules installs for system-tests, other improvements (#18574)
  chore(deps): update dependency semantic-release to v17.2.3 [security] (#19022)
  chore: remove flaky ci jobs for main builds (#19071)
  chore(contributing): clarify PULL_REQUEST_TEMPLATE (#19068)
  fix: the shadow root container element is ignored when clicking an element in it. (#18908)
  'Fix' flaky redirect test (#19042)
  release 9.1.0 [skip ci]
  fix: Allow 'this' to be used in overridden commands (#18899)
  fix(react): link to rerender example (#19020)
  chore(deps): update dependency aws-sdk to v2.814.0 [security] (#18948)
  fix: test config overrides leak for .only execution (#18961)
  feat: Set CYPRESS=true as env var in child processes where Cypress runs user code in Node (#18981)
  fix: Restore broken gif (#18987)
  chore: release @cypress/vite-dev-server-v2.2.1
lmiller1990 pushed a commit that referenced this pull request Nov 29, 2021
@renovate @renovate-bot
@emilyrohrbough @lmiller1990
chore(deps): update dependency semantic-release to v17.2.3 [security] (
bb7b82d 
…#19022)

Co-authored-by: Renovate Bot <[email protected]>
Co-authored-by: Emily Rohrbough <[email protected]>
tgriesser added a commit that referenced this pull request Nov 29, 2021
@tgriesser
Merge branch '10.0-release' into tgriesser/chore/e2e-data-clean-refactor
d79a5b7 
* 10.0-release:
  feat(graphql): ability to update/query for appData (#19082)
  fix system test
  fix failing tests due to merge
  resolve conflicts
  test: node_modules installs for system-tests, other improvements (#18574)
  update yarn.lock
  chore(deps): update dependency semantic-release to v17.2.3 [security] (#19022)
  chore: remove flaky ci jobs for main builds (#19071)
  chore(contributing): clarify PULL_REQUEST_TEMPLATE (#19068)
  fix: the shadow root container element is ignored when clicking an element in it. (#18908)
  'Fix' flaky redirect test (#19042)
  release 9.1.0 [skip ci]
  fix: Allow 'this' to be used in overridden commands (#18899)
  fix(react): link to rerender example (#19020)
  chore(deps): update dependency aws-sdk to v2.814.0 [security] (#18948)
  fix: test config overrides leak for .only execution (#18961)
  feat: Set CYPRESS=true as env var in child processes where Cypress runs user code in Node (#18981)
  fix: Restore broken gif (#18987)
  chore: release @cypress/vite-dev-server-v2.2.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tbiethman tbiethman tbiethman approved these changes

@emilyrohrbough emilyrohrbough emilyrohrbough approved these changes

Assignees
No one assigned
Labels
renovate Triggered by renovatebot type: dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tbiethman @emilyrohrbough @renovate-bot