[Snyk] Upgrade semantic-release from 19.0.3 to 20.0.0

[DamionWaltermeyer]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade semantic-release from 19.0.3 to 20.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 7 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2023-01-06.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: semantic-release

• 20.0.0 - 2023-01-06
  

  BREAKING CHANGES

  • esm: semantic-release is now ESM-only. since it is used through its own executable, the impact on consuming projects should be minimal
  • esm: references to plugin files in configs need to include the file extension because of executing in an ESM context
  • node-versions: node v18 is now the minimum required version of node. this is in line with our node support policy. please see our recommendations for releasing with a different node version than your project normally uses, if necessary.

  Features

  • esm: convert to esm (#2569) (9eab1ad), closes #2543
  • node-versions: raised the minimum required node version to v18 (#2620) (8a0d8be)

  Bug Fixes

  • env-ci: updated to the stable esm-only version (#2632) (918eb59)
  • secrets-masking: used the proper named import from hook-std to enable masking for stderr (#2619) (cf6befa)
• 20.0.0-beta.4 - 2022-12-07
  

  20.0.0-beta.4 (2022-12-07)

  Bug Fixes

  • env-ci: updated to the stable esm-only version (#2632) (918eb59)
• 20.0.0-beta.3 - 2022-11-21
  

  20.0.0-beta.3 (2022-11-21)

  Features

  • node-versions: raised the minimum required node version to v18 (#2620) (8a0d8be)
• 20.0.0-beta.2 - 2022-11-21
  

  20.0.0-beta.2 (2022-11-21)

  Bug Fixes

  • secrets-masking: used the proper named import from hook-std to enable masking for stderr (#2619) (cf6befa)
• 20.0.0-beta.1 - 2022-11-11
  

  20.0.0-beta.1 (2022-11-11)

  Features

  • esm: convert to esm (#2569) (9eab1ad), closes #2543

  BREAKING CHANGES

  • esm: semantic-release is now ESM-only. since it is used through its own executable, the impact on consuming projects should be minimal
  • esm: references to plugin files in configs need to include the file extension because of executing in an ESM context
• 19.0.5 - 2022-08-23
  

  19.0.5 (2022-08-23)

  Reverts

  • Revert "fix(deps): update dependency yargs to v17" (#2534) (8f07522), closes #2534 #2533
• 19.0.4 - 2022-08-22
  

  19.0.4 (2022-08-22)

  Bug Fixes

  • deps: update dependency yargs to v17 (#1912) (f419080)
• 19.0.3 - 2022-06-09
  

  19.0.3 (2022-06-09)

  Bug Fixes

  • log-repo: use the original form of the repo url to remove the need to mask credentials (#2459) (58a226f), closes #2449

from semantic-release GitHub release notes

Commit messages

Package name: semantic-release

• b9b5c76 Merge pull request #2607 from semantic-release/beta
• 91bcb6b Merge branch 'master' of github.com:semantic-release/semantic-release into beta
• 0716d62 build(deps): bump json5 and tsconfig-paths (#2643)
• caa8b95 test(integration): used token auth for registry interactions rather than legacy auth
• 0973513 Merge branch 'master' of github.com:semantic-release/semantic-release into beta
• fa241a2 build(deps): bump minimatch from 3.0.4 to 3.1.2
• ba05e08 docs(node-version): raised the minimum version to align with `engines.node`
• eddbbb8 Merge branch 'master' of github.com:semantic-release/semantic-release into beta
• aa0c9d6 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2
• 7365012 chore(overrides): removed the `overrides` definition (#2634)
• 918eb59 fix(env-ci): updated to the stable esm-only version (#2632)
• c4cd639 Merge branch 'master' of github.com:semantic-release/semantic-release into beta
• 6051fae Revert "test(integration): ran tests serially in hope of avoiding conflicts in the ci environment"
• 62846a1 test(integration): omitted the `GITHUB_ACTION` env var as well
• 71f45f9 test(integration): ran tests serially in hope of avoiding conflicts in the ci environment
• f32fd58 test(integration): updated the simulated environment to omit the `GITHUB_ACTIONS` variable from the test env
• d13ea92 style: prettier (#2624)
• 8a0d8be feat(node-versions): raised the minimum required node version to v18 (#2620)
• cf6befa fix(secrets-masking): used the proper named import from hook-std to enable masking for stderr (#2619)
• 0ab8d9a Merge pull request #2610 from semantic-release/index-test
• 27b1053 Merge pull request #2613 from kyletsang/patch-1
• 60f3bb0 docs(plugins): fix typo
• 1b62548 test: aligned pluginName with naming for functions
• 78ea3ba Merge pull request #2606 from semantic-release/travi/esm

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs