Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[renovate] Update dependency semantic-release to v17.2.3 [SECURITY] #747

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Jun 18, 2022

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
semantic-release 17.1.1 -> 17.2.3 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-26226

Impact

Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL.

Patches

Fixed in v17.2.3

Workarounds

Secrets that do not contain characters that become encoded when included in a URL are already masked properly.


Release Notes

semantic-release/semantic-release (semantic-release)

v17.2.3

Compare Source

Bug Fixes
  • mask secrets when characters get uri encoded (ca90b34)

v17.2.2

Compare Source

Bug Fixes
  • don't parse port as part of the path in repository URLs (#​1671) (77a75f0)
  • use valid git credentials when multiple are provided (#​1669) (2bf3771)

v17.2.1

Compare Source

Reverts

v17.2.0

Compare Source

Features
  • throw an Error if package.json has duplicate "repository" key (#​1656) (b8fb35c)

v17.1.2

Compare Source

Bug Fixes

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the renovate label Jun 18, 2022
@renovate renovate bot force-pushed the fix/renovate/npm-semantic-release-vulnerability branch from c97efbe to 6436213 Compare September 25, 2022 21:48
@renovate renovate bot force-pushed the fix/renovate/npm-semantic-release-vulnerability branch from 6436213 to 14ce040 Compare November 20, 2022 19:46
@renovate renovate bot force-pushed the fix/renovate/npm-semantic-release-vulnerability branch from 14ce040 to 575760e Compare August 6, 2024 08:05
@renovate renovate bot changed the title [renovate] Update dependency semantic-release to v19 [SECURITY] [renovate] Update dependency semantic-release to v17.2.3 [SECURITY] Aug 6, 2024
@renovate renovate bot force-pushed the fix/renovate/npm-semantic-release-vulnerability branch 3 times, most recently from e5f3a14 to 5f135e1 Compare August 12, 2024 17:59
@renovate renovate bot force-pushed the fix/renovate/npm-semantic-release-vulnerability branch from 5f135e1 to 83253e8 Compare August 28, 2024 08:01
@renovate renovate bot force-pushed the fix/renovate/npm-semantic-release-vulnerability branch from 83253e8 to a7130f2 Compare September 21, 2024 15:26
@renovate renovate bot force-pushed the fix/renovate/npm-semantic-release-vulnerability branch from a7130f2 to bd5c63b Compare October 9, 2024 07:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants