Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade @semantic-release/npm from 11.0.3 to 12.0.1 #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade @semantic-release/npm from 11.0.3 to 12.0.1 #5

wants to merge 1 commit into from

Conversation

YoutacRandS-VA
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade @semantic-release/npm from 11.0.3 to 12.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 2 versions ahead of your current version.

  • The recommended version was released on a month ago.

Release notes
Package name: @semantic-release/npm
  • 12.0.1 - 2024-05-09

    12.0.1 (2024-05-09)

    Bug Fixes

    • deps: update dependency execa to v9 (9ac5ed0)
  • 12.0.0 - 2024-03-16

    12.0.0 (2024-03-16)

    Features

    • exports: defined exports to point at ./index.js (9e193c2)
    • node-versions: dropped support for node v18 and v19 (2df962b)

    BREAKING CHANGES

    • exports: exports has been defined, which prevents access to private apis (which arent
      intended for consumption anyway)
    • node-versions: node v18 and v19 are no longer supported
  • 11.0.3 - 2024-03-01

    11.0.3 (2024-03-01)

    Bug Fixes

    even though our existing range allowed anyone to update as soon as the new npm version was available, this will encourage being on a version that does not report the ip vulnerability a bit more forcefully

from @semantic-release/npm GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade @semantic-release/npm from 11.0.3 to 12.0.1
c3b12b7 
Snyk has created this PR to upgrade @semantic-release/npm from 11.0.3 to 12.0.1.

See this package in npm:
@semantic-release/npm

See this project in Snyk:
https://app.snyk.io/org/youtacrands-va/project/29f306b6-b536-42fe-baf3-6a413c31be69?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Request for patched semantic-release version to address ip package vulnerability (CVE-2023-42282)
2 participants
@YoutacRandS-VA @snyk-bot