Skip to content

⬆️ Updates semantic-release monorepo (major)#317

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/major-semantic-release-monorepo
Open

⬆️ Updates semantic-release monorepo (major)#317
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/major-semantic-release-monorepo

Conversation

@renovate

@renovate renovate Bot commented Mar 26, 2022

Copy link
Copy Markdown

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@semantic-release/changelog ^5.0.1^6.0.0 age confidence
@semantic-release/commit-analyzer ^8.0.1^13.0.0 age confidence
@semantic-release/git ^9.0.0^10.0.0 age confidence
@semantic-release/github ^7.2.0^12.0.0 age confidence
@semantic-release/npm ^7.0.10^13.0.0 age confidence
@semantic-release/release-notes-generator ^9.0.1^14.0.0 age confidence

Release Notes

semantic-release/changelog (@​semantic-release/changelog)

v6.0.3

Compare Source

Bug Fixes

v6.0.2

Compare Source

Bug Fixes

v6.0.1

Compare Source

Bug Fixes

v6.0.0

Compare Source

Features
  • node-version: raised the minimum required version to v14.17 (#​170) (5cf74e4)
BREAKING CHANGES
  • node-version: the minimum required version of node is now v14.17
semantic-release/commit-analyzer (@​semantic-release/commit-analyzer)

v13.0.1

Compare Source

Bug Fixes

v13.0.0

Compare Source

Bug Fixes
  • log the raw message again (e2f5d6c)
Features
  • support latest conventional-changelog packages (0254d7a)
BREAKING CHANGES
  • by supporting the latest major versions of conventional-changelog packages, we are
    dropping support for previous major versions of those packages due to the breaking changes between
    majors. this only impacts your project if you are installing alongside semantic-release, so updating
    those packages to latest version should be the only change you need for this update. no action
    should be necessary if you are using default semantic-release config

v12.0.0

Compare Source

Features
  • exports: defined exports to point at ./index.js (f3358dd)
  • node-versions: dropped support for node v18 and v19 (0a23b82)
BREAKING CHANGES
  • exports: exports has been defined, which prevents access to private apis (which arent
    intended for consumption anyway)
  • node-versions: node v18 and v19 are no longer supported

v11.1.0

Compare Source

Features

v11.0.0

Compare Source

Bug Fixes
  • config-loader: accounted for normalization of preset interfaces (3ff9458)
  • deps: update dependency conventional-commits-filter to v4 (99dcf7e)
Features
  • conventional-changelog-presets: supported new preset format (f3b88d3)
  • node-versions: raised the minimum node version to v18.17 and dropped v19 support (a681fbd)
BREAKING CHANGES
  • node-versions: the minimum required node version is now v18.17, v19 support has been dropped, and the minimum required in the v20 range is v20.6.1
  • conventional-changelog-presets: the new preset format is a breaking change when compared to the previous preset format. updating to support the new format means that the old preset format is no longer supported. update your preset to the latest version to maintain compatibility

v10.0.4

Compare Source

Bug Fixes
  • deps: update dependency conventional-commits-parser to v5 (a7201b6)

v10.0.3

Compare Source

Reverts
  • Revert "fix(deps): update dependency conventional-commits-parser to v5 (#​501)" (ab3ee9f), closes #​501
  • Revert "chore(deps): update dependency conventional-changelog-atom to v4 (#​502)" (f21eb8e), closes #​502
  • Revert "chore(deps): update dependency conventional-changelog-ember to v4 (#​504)" (c48b533), closes #​504

v10.0.2

Compare Source

Bug Fixes
  • deps: update dependency conventional-commits-parser to v5 (#​501) (91cf4d5)

v10.0.1

Compare Source

Bug Fixes
  • deps: update dependency conventional-changelog-angular to v6 (#​460) (0607201)
  • deps: update dependency conventional-commits-filter to v3 (#​461) (97d683f)
  • deps: update dependency conventional-commits-parser to v4 (#​462) (5d94efa)

v10.0.0

Compare Source

Code Refactoring
Features
  • deps: raised the peer-dependency requirement on semantic-release to v20.1.0 (e1ab8ea)
  • node-versions: raised the minimum required node version to v18 (affeb23)
BREAKING CHANGES
  • deps: the minimum required version of semantic-release is now v20.1.0 in order to support
    loading ESM plugins
  • node-versions: the minimum required version of node is now v18
  • esm: @semantic-release/commit-analyzer is now a native ES Module. It has named exports
    for each plugin hook (analyzeCommits)

v9.0.2

Compare Source

Bug Fixes
  • bump conventional commits parser to version 3.2.3 (#​289) (fc0a88a)

v9.0.1

Compare Source

Bug Fixes

v9.0.0

Compare Source

Features
BREAKING CHANGES
  • the minimum required version of node is now v14.17
semantic-release/git (@​semantic-release/git)

v10.0.1

Compare Source

Bug Fixes

v10.0.0

Compare Source

Features
  • node-version: raised the minimum required version to v14.17 (7ab65f8)
BREAKING CHANGES
  • node-version: the minimum required version of node is now v14.17

v9.0.1

Compare Source

Bug Fixes
semantic-release/github (@​semantic-release/github)

v12.0.2

Compare Source

Bug Fixes
  • add undici ProxyAgent support for GitHub Enterprise Server behind proxies (#​1104) (15def77)

v12.0.1

Compare Source

Bug Fixes

v12.0.0

Compare Source

Features
  • node-versions: drop support for node versions v20, v21, and v23 (6e2ac27)
  • node-versions: raise the minimum node version requirement for the v24 range (4d6924d)
  • remove github search api consumption (#​1037) (d260bfd), closes #​1022
BREAKING CHANGES
  • node-versions: the minimum node version for the v24 range is now v24.10.0
  • @semantic-release/github no longer consumes the GitHub Search API in the plugin
  • node-versions: a minimum of node v22.14 is now required

v11.0.6

Compare Source

Bug Fixes

v11.0.5

Compare Source

Bug Fixes

v11.0.4

Compare Source

Bug Fixes

v11.0.3

Compare Source

Bug Fixes

v11.0.2

Compare Source

Bug Fixes

v11.0.1

Compare Source

Bug Fixes

v11.0.0

Compare Source

chore
  • update peer dependency for semantic-release (95c7cdd)
Code Refactoring
  • modify commit associatedPRs and relatedIssues label property data type. (718134a)
Features
  • integrate warn in fail script (7a9914a)
  • integrate warn in success script (792720d)
BREAKING CHANGES
  • the commit associatedPR and relatedIssues label prop is now an array of objects with more properties
  • the minimum required version of semantic-release to use
    @​semantic-release/github is now v24.1.0

v10.3.5

Compare Source

Bug Fixes
  • replace searchAPI usage with GraphQL in findSRIssue util (#​907) (7fb46a3)

v10.3.4

Compare Source

Bug Fixes
  • glob-assets: remove unnecessary option when invoking globby() (#​924) (efe9f49)

v10.3.3

Compare Source

Bug Fixes
  • Revert: feat: verify OAuth scopes of classic GitHub PATs (#​915) (990bd73)

v10.3.2

Compare Source

Bug Fixes
  • missing "PullRequest".canBeRebased field on GHES graphql api (#​913) (4393578)

v10.3.1

Compare Source

Bug Fixes
  • max_node_limit_exceeded error when fetching associatedPRs (#​912) (bb806af)

v10.3.0

Compare Source

Features
  • allow conditional skip on success and fail comments (#​874) (e097d1c)

v10.2.0

Compare Source

Features

v10.1.7

Compare Source

Bug Fixes

v10.1.6

Compare Source

Bug Fixes
  • edge-case: fetching associatedPRs on 100+ context.commits in success lifecycle (#​892) (dfe47e9)

v10.1.5

Compare Source

Bug Fixes

v10.1.4

Compare Source

Bug Fixes
  • docs: correct docs branch for fail-comment links (#​893) (b591730)

v10.1.3

Compare Source

Bug Fixes

v10.1.2

Compare Source

Bug Fixes

v10.1.1

Compare Source

Bug Fixes
  • invalid GraphQL query generated when no release commits are found (#​876) (8ee2744)

v10.1.0

Compare Source

Features

v10.0.7

Compare Source

Bug Fixes
  • replace github search api with graphql in success lifecycle method (#​857) (be394cf)

v10.0.6

Compare Source

Bug Fixes
  • corrected homepage link in package.json so the generated links in the errors are valid (#​848) (865762d)

v10.0.5

Compare Source

Bug Fixes

v10.0.4

Compare Source

Bug Fixes
  • introduce dedicated option for GitHub API endpoint (#​829) (908ff83)

v10.0.3

Compare Source

Bug Fixes

v10.0.2

Compare Source

Bug Fixes

v10.0.1

Compare Source

Bug Fixes

v10.0.0

Compare Source

Features
  • node-versions: dropped support for node v18 and v19 (#​797) (aea314f)
BREAKING CHANGES
  • node-versions: node v18 and v19 are no longer supported

v9.2.6

Compare Source

Bug Fixes

v9.2.5

Compare Source

Bug Fixes

v9.2.4

Compare Source

Bug Fixes

v9.2.3

Compare Source

Bug Fixes

v9.2.2

Compare Source

Bug Fixes

v9.2.1

Compare Source

v9.2.0

Compare Source

Features

v9.1.0

Compare Source

Features
  • releaseNameTemplate and releaseBodyTemplate options for customizing release body and name (#​704) (9e2678c)

v9.0.7

Compare Source

Bug Fixes

v9.0.6

Compare Source

Bug Fixes

v9.0.5

Compare Source

Bug Fixes

v9.0.4

Compare Source

Bug Fixes

v9.0.3

Compare Source

Bug Fixes

v9.0.2

Compare Source

Bug Fixes

v9.0.1

Compare Source

Bug Fixes

v9.0.0

Compare Source

BREAKING CHANGES
  • @semantic-release/github is now a native ES Module
  • Node 14 and 16 are no longer supported

v8.1.0

Compare Source

Features

v8.0.9

Compare Source

Bug Fixes

v8.0.8

Compare Source

Bug Fixes
  • Use Octokit for request retries and throttling to prevent rate limit errors (#​487) (3dc59ec)

v8.0.7

Compare Source

Bug Fixes
  • deps: update dependency fs-extra to v11 (8bba5f0)

v8.0.6

Compare Source

Bug Fixes

v8.0.5

Compare Source

Bug Fixes

v8.0.4

Compare Source

Bug Fixes
  • revert "fix(deps): update dependency url-join to v5" (6e4dfca)

v8.0.3

Compare Source

Bug Fixes
  • deps: update dependency url-join to v5 (7725391)

v8.0.2

Compare Source

Bug Fixes

v8.0.1

Compare Source

Bug Fixes

v8.0.0

Compare Source

BREAKING CHANGES
  • node-version: the minimum required version of node is now v14.17

v7.2.3

Compare Source

Bug Fixes

v7.2.2

Compare Source

Bug Fixes
  • deps: update dependency fs-extra to v10 (1a28625)
semantic-release/npm (@​semantic-release/npm)

v13.1.3

Compare Source

Bug Fixes

v13.1.2

Compare Source

Bug Fixes

v13.1.1

Compare Source

Bug Fixes
  • publish-dry-run: temporarily remove the addition of dry-running the publish step (30bd176)

v13.1.0

Compare Source

Features
  • trusted-publishing: verify auth, considering OIDC vs tokens from various registries (e3319f1), closes #​958
  • trusted-publishing: refine the messages for related errors (316ce21), closes #​958
  • trusted-publishing: make request to verify if OIDC token exchange can succeed (c80ecb0), closes #​958
  • trusted-publishing: pass id-token as bearer header for github actions (d83b727), closes #​958
  • trusted-publishing: pass id-token as bearer header for gitlab pipelines (6d1c3cf), closes #​958
  • trusted-publishing: handle failure to retrieve id-token in the context of github actions (b673257), closes #​958
  • auth-error: update messaging for auth failure to be less token specific (e24967d)
  • auth: attempt a dry-run publish to determine auth status (841dc67)
Bug Fixes
  • trusted-publishing: uri encode the package name for the token exchange request (3dd95d0), closes #​958
  • auth: throw appropriate error when auth context fails to enable publishing (f5c8d85)
  • auth: throw error if dry-run publish determines lack of auth (8f88e9d)
  • verify-auth: enable the publish dry-run to work for projects publishing from a sub-directory (e7d684c)

v13.0.0

Compare Source

Features
  • node-versions: drop support for node versions v20, v21, and v23
  • node-versions: raise the minimum node version requirement for the v24 range (935439e)
Bug Fixes
BREAKING CHANGES
  • node-versions: the minimum node version for the v24 range is now v24.10.0
  • deps: a minimum of node v22.14 is now required

v12.0.2

Compare Source

Bug Fixes

v12.0.1

Compare Source

Bug Fixes
  • deps: update dependency execa to v9 (9ac5ed0)

v12.0.0

Compare Source

Features
  • exports: defined exports to point at ./index.js (9e193c2)
  • node-versions: dropped support for node v18 and v19 (2df962b)
BREAKING CHANGES
  • exports: exports has been defined, which prevents access to private apis (which arent
    intended for consumption anyway)
  • node-versions: node v18 and v19 are no longer supported

v11.0.3

Compare Source

Bug Fixes

even though our existing range allowed anyone to update as soon as the new npm version was available, this will encourage being on a version that does not report the ip vulnerability a bit more forcefully

v11.0.2

Compare Source

Bug Fixes
  • deps: update dependency npm to v10.2.5 (42b5dec)

v11.0.1

Compare Source

Bug Fixes

v11.0.0

Compare Source

Bug Fixes
  • deps: update dependency npm to v10 (819f257)
Features
  • node-versions: raised the minimum required node version to v18.17 and dropped v19 support (6413130)
BREAKING CHANGES
  • node-versions: node v18.17 is now the minimum required version and support for v19 has been dropped

v10.0.6

Compare Source

Bug Fixes

v10.0.5

Compare Source

Bug Fixes

v10.0.4

Compare Source

Bug Fixes

v10.0.3

[C


Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Moscow, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@viezly

viezly Bot commented Mar 26, 2022

Copy link
Copy Markdown

Pull request by bot. No need to analyze

@auto-assign
auto-assign Bot requested a review from AlexRogalskiy March 26, 2022 12:09
@github-actions

Copy link
Copy Markdown

Thanks for opening an issue! Make sure you've followed CONTRIBUTING.md.

@github-actions

Copy link
Copy Markdown

Hello from PR Helper

Is your PR ready for review and processing? Mark the PR ready by including #pr-ready in a comment.

If you still have work to do, even after marking this ready. Put the PR on hold by including #pr-onhold in a comment.

@github-actions

Copy link
Copy Markdown

Thanks for the PR!

This section of the codebase is owner by https://github.com/AlexRogalskiy/ - if they write a comment saying "LGTM" then it will be merged.

@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from 3f72b01 to b8540ff Compare September 25, 2022 19:27

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scan Summary

Tool Critical High Medium Low Status
Dependency Scan (nodejs) 3 18 5 2
Security Audit for Infrastructure 0 0 0 3

Recommendation

Please review the findings from Code scanning alerts before approving this pull request. You can also configure the build rules or add suppressions to customize this bot 👍

@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from b8540ff to 250b69e Compare March 24, 2023 19:42

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scan Summary

Tool Critical High Medium Low Status
Dependency Scan (universal) 2 20 7 0
Security Audit for Infrastructure 0 0 0 3

Recommendation

Please review the findings from Code scanning alerts before approving this pull request. You can also configure the build rules or add suppressions to customize this bot 👍

@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from 250b69e to 3d260c7 Compare May 28, 2023 21:51
@socket-security

socket-security Bot commented May 28, 2023

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @pnpm/network.ca-file is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/@semantic-release/npm@13.1.5npm/@pnpm/network.ca-file@1.0.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@pnpm/network.ca-file@1.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm execa is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/@semantic-release/npm@13.1.5npm/semantic-release@25.0.5npm/execa@9.6.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/execa@9.6.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm highlight.js is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/semantic-release@25.0.5npm/highlight.js@10.7.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/highlight.js@10.7.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm npm is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/@semantic-release/npm@13.1.5npm/npm@11.18.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/npm@11.18.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm npm is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/@semantic-release/npm@13.1.5npm/npm@11.18.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/npm@11.18.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scan Summary

Tool Critical High Medium Low Status
Dependency Scan (universal) 2 16 5 0
Security Audit for Infrastructure 0 0 0 3

Recommendation

Please review the findings from Code scanning alerts before approving this pull request. You can also configure the build rules or add suppressions to customize this bot 👍

@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from 3d260c7 to 8e8a010 Compare June 3, 2023 05:37

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scan Summary

Tool Critical High Medium Low Status
Dependency Scan (universal) 2 17 5 0
Security Audit for Infrastructure 0 0 0 3

Recommendation

Please review the findings from Code scanning alerts before approving this pull request. You can also configure the build rules or add suppressions to customize this bot 👍

@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from 8e8a010 to 045b777 Compare September 16, 2023 14:38

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scan Summary

Tool Critical High Medium Low Status
Dependency Scan (universal) 2 16 7 0
Security Audit for Infrastructure 0 0 0 3

Recommendation

Please review the findings from Code scanning alerts before approving this pull request. You can also configure the build rules or add suppressions to customize this bot 👍

@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from 045b777 to e1e675f Compare September 19, 2023 23:24
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch 3 times, most recently from 84c179c to ed192ce Compare March 18, 2024 05:28
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from ed192ce to ee23a98 Compare March 26, 2024 05:30
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from ee23a98 to dca04d5 Compare June 1, 2024 11:51

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scan Summary

Tool Critical High Medium Low Status
Dependency Scan (universal) 2 17 7 0
Security Audit for Infrastructure 0 0 0 3

Recommendation

Please review the findings from Code scanning alerts before approving this pull request. You can also configure the build rules or add suppressions to customize this bot 👍

@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from dca04d5 to 8439f98 Compare September 24, 2024 20:46
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from 8439f98 to 9d948a2 Compare August 11, 2025 20:02
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from 9d948a2 to 5e097d4 Compare August 23, 2025 07:16

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scan Summary

Tool Critical High Medium Low Status
Security Audit for Infrastructure 0 0 0 3

Recommendation

Looks good ✔️

@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch 2 times, most recently from 7513a97 to bb80d6c Compare October 20, 2025 20:11
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from bb80d6c to ef9a7f8 Compare November 20, 2025 16:18
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from ef9a7f8 to b9593a4 Compare December 5, 2025 08:01
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from b9593a4 to a3ac837 Compare December 13, 2025 08:16
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from a3ac837 to 16de46f Compare January 1, 2026 00:58
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from 16de46f to 6cea172 Compare January 9, 2026 11:49
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch 2 times, most recently from 95fff2f to 6884754 Compare January 24, 2026 19:12
@socket-security

socket-security Bot commented Jan 24, 2026

Copy link
Copy Markdown

@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch 2 times, most recently from e44df61 to 4ddfe06 Compare February 3, 2026 11:54
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch 2 times, most recently from 015e624 to 513919a Compare February 14, 2026 00:12
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from 513919a to 85f60f6 Compare February 19, 2026 07:43
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch 2 times, most recently from e6a7ff5 to 85b9c53 Compare March 8, 2026 09:26
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from 85b9c53 to ad85bc0 Compare March 14, 2026 23:00
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from ad85bc0 to 695c9f3 Compare April 15, 2026 15:46
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from 695c9f3 to 3a1f848 Compare April 30, 2026 08:15
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch 2 times, most recently from d16169f to ed7430b Compare May 13, 2026 03:42
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from ed7430b to 7d3d169 Compare May 23, 2026 04:20
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch 2 times, most recently from 17e8ea0 to 5c25b09 Compare June 5, 2026 04:22
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from 5c25b09 to 5a2f6f5 Compare June 12, 2026 23:44
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from 5a2f6f5 to f10be69 Compare July 2, 2026 04:17
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate
renovate Bot force-pushed the renovate/major-semantic-release-monorepo branch from f10be69 to b5cb0b1 Compare July 16, 2026 12:18
@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @pnpm/network.ca-file is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/@semantic-release/npm@13.1.5npm/@pnpm/network.ca-file@1.0.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@pnpm/network.ca-file@1.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm execa is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/@semantic-release/npm@13.1.5npm/semantic-release@25.0.7npm/execa@9.6.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/execa@9.6.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm highlight.js is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/semantic-release@25.0.7npm/highlight.js@10.7.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/highlight.js@10.7.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm npm is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/@semantic-release/npm@13.1.5npm/npm@11.18.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/npm@11.18.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm npm is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/@semantic-release/npm@13.1.5npm/npm@11.18.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/npm@11.18.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants