Skip to content
This repository was archived by the owner on Feb 28, 2023. It is now read-only.

chore(deps): update dependency semantic-release to 19.0.3 [security] #234

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency semantic-release to 19.0.3 [security] #234

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 9, 2022
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change
semantic-release 17.4.7 -> 19.0.3

GitHub Vulnerability Alerts

CVE-2022-31051

Impact

What kind of vulnerability is it? Who is impacted?

Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by encodeURI. Occurrence is further limited to execution contexts where push access to the related repository is not available without modifying the repository url to inject credentials.

Patches

Has the problem been patched? What versions should users upgrade to?

Fixed in 19.0.3

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

Secrets that do not contain characters that are excluded from encoding with encodeURI when included in a URL are already masked properly.

References

Are there any links users can visit to find out more?

For more information

If you have any questions or comments about this advisory:

Configuration

📅 Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch from 920c499 to 0975b0f Compare June 11, 2022 06:57
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch from 0975b0f to 9b0b612 Compare June 22, 2022 14:49
@renovate renovate bot changed the title chore(deps): update dependency semantic-release to 19.0.3 [security] chore(deps): update dependency semantic-release to 19.0.3 [SECURITY] Jun 27, 2022
@renovate renovate bot changed the title chore(deps): update dependency semantic-release to 19.0.3 [SECURITY] chore(deps): update dependency semantic-release to 19.0.3 [security] Jun 28, 2022
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch from 9b0b612 to a8d88e1 Compare July 20, 2022 13:35
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch from a8d88e1 to d6bdcbd Compare August 2, 2022 19:17
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch from d6bdcbd to 6e1d409 Compare August 16, 2022 01:33
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch 2 times, most recently from 293e33c to 521fc38 Compare August 31, 2022 15:24
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch from 521fc38 to a48139d Compare September 13, 2022 22:18
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch 5 times, most recently from f7ea025 to dcdb068 Compare September 28, 2022 01:29
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch 2 times, most recently from 5ffd00f to faa337d Compare October 26, 2022 12:46
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch 2 times, most recently from 8b4d38c to aba09c1 Compare November 15, 2022 22:07
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch 2 times, most recently from 33bbc8c to 366148b Compare November 26, 2022 08:02
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch from 366148b to caeef1d Compare December 8, 2022 15:57
@renovate renovate bot changed the title chore(deps): update dependency semantic-release to 19.0.3 [security] chore(deps): update dependency semantic-release to v19 [security] Dec 9, 2022
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch from caeef1d to 86f974e Compare December 9, 2022 16:37
@renovate renovate bot changed the title chore(deps): update dependency semantic-release to v19 [security] chore(deps): update dependency semantic-release to 19.0.3 [security] Dec 13, 2022
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch 2 times, most recently from ab3d569 to 5a90a7c Compare December 13, 2022 16:37
@renovate renovate bot changed the title chore(deps): update dependency semantic-release to 19.0.3 [security] Update dependency semantic-release to 19.0.3 [SECURITY] Dec 17, 2022
@renovate renovate bot changed the title Update dependency semantic-release to 19.0.3 [SECURITY] chore(deps): update dependency semantic-release to 19.0.3 [security] Dec 17, 2022
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch 4 times, most recently from 15f279e to b15b981 Compare December 28, 2022 20:19
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch from b15b981 to e84c43d Compare January 3, 2023 23:38
@emilyrohrbough emilyrohrbough mentioned this pull request Jan 3, 2023
Closed
1 task
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch 4 times, most recently from e7f57d2 to 1cb1369 Compare January 4, 2023 16:21
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch 2 times, most recently from 135b66c to efd9f0f Compare February 2, 2023 17:31
@renovate renovate bot changed the title chore(deps): update dependency semantic-release to 19.0.3 [security] chore(deps): update dependency semantic-release to 19.0.3 [security] - autoclosed Feb 8, 2023
@renovate renovate bot closed this Feb 8, 2023
@renovate renovate bot deleted the renovate/npm-semantic-release-vulnerability branch February 8, 2023 02:14
@renovate renovate bot changed the title chore(deps): update dependency semantic-release to 19.0.3 [security] - autoclosed chore(deps): update dependency semantic-release to 19.0.3 [security] Feb 8, 2023
@renovate renovate bot reopened this Feb 8, 2023
@renovate renovate bot restored the renovate/npm-semantic-release-vulnerability branch February 8, 2023 06:15
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch from efd9f0f to 6708f35 Compare February 17, 2023 17:30
@renovate renovate bot force-pushed the renovate/npm-semantic-release-vulnerability branch from 6708f35 to 67a912c Compare February 25, 2023 03:12
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
renovate type: dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants