[Snyk] Upgrade semantic-release from 15.13.16 to 19.0.5

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade semantic-release from 15.13.16 to 19.0.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 122 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2022-08-23.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Information Disclosure SNYK-JS-SEMANTICRELEASE-1041706	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-NPM-537606	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-NPM-537603	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHSET-1320032	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-469063	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write SNYK-JS-BINLINKS-537610	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-BINLINKS-537608	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) npm:mem:20180117	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIMOFFNEWLINES-1296850	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-NODENOTIFIER-1035794	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451341	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-567742	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Unauthorized File Access SNYK-JS-NPM-537604	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-534988	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Unauthorized File Access SNYK-JS-BINLINKS-537609	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: semantic-release

• 19.0.5 - 2022-08-23
  

  19.0.5 (2022-08-23)

  Reverts

  • Revert "fix(deps): update dependency yargs to v17" (#2534) (8f07522), closes #2534 #2533
• 19.0.4 - 2022-08-22
  

  19.0.4 (2022-08-22)

  Bug Fixes

  • deps: update dependency yargs to v17 (#1912) (f419080)
• 19.0.3 - 2022-06-09
  

  19.0.3 (2022-06-09)

  Bug Fixes

  • log-repo: use the original form of the repo url to remove the need to mask credentials (#2459) (58a226f), closes #2449
• 19.0.2 - 2022-01-18
  

  19.0.2 (2022-01-18)

  Bug Fixes

  • npm-plugin: upgraded to the stable version (0eca144)
• 19.0.1 - 2022-01-18
  

  19.0.1 (2022-01-18)

  Bug Fixes

  • npm-plugin: upgraded to the latest beta version (8097afb)
• 19.0.0 - 2022-01-18
  

  19.0.0 (2022-01-18)

  Bug Fixes

  • npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)
  • upgrade marked to resolve ReDos vulnerability (#2330) (d9e5bc0)

  BREAKING CHANGES

  • npm-plugin: @ semantic-release/npm has also dropped support for node v15
  • node v15 has been removed from our defined supported versions of node. this was done to upgrade to compatible versions of marked and marked-terminal that resolved the ReDoS vulnerability. removal of support of this node version should be low since it was not an LTS version and has been EOL for several months already.
• 19.0.0-beta.2 - 2022-01-17
  

  19.0.0-beta.2 (2022-01-17)

  Bug Fixes

  • npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)

  BREAKING CHANGES

  • npm-plugin: @ semantic-release/npm has also dropped support for node v15
• 19.0.0-beta.1 - 2022-01-17
  

  19.0.0-beta.1 (2022-01-17)

  Bug Fixes

  • upgrade marked to resolve ReDos vulnerability (#2330) (d9e5bc0)

  BREAKING CHANGES

  • node v15 has been removed from our defined supported versions of node. this was done to upgrade to compatible versions of marked and marked-terminal that resolved the ReDoS vulnerability. removal of support of this node version should be low since it was not an LTS version and has been EOL for several months already.
• 18.0.1 - 2021-11-24
  

  18.0.1 (2021-11-24)

  Bug Fixes

  • bump @ semantic-release/commit-analyzer to 9.0.2 (#2258) (7f971f3)
• 18.0.0 - 2021-09-17
  

  This is a maintenance release. An increasing amount of dependencies required a node version higher than the Node 10 version supported by semantic-release@17. We decided to go straight to a recent Node LTS version because the release build is usually independent of others, requiring a higher node version is less disruptive to users, but helps us reduce the maintenance overhead.

  If you use GitHub Actions and need to bump the node version set up by actions/node-setup, you can use octoherd-script-bump-node-version-in-workflows

  BREAKING CHANGES

  node-version: the minimum required version of node is now v14.17

• 18.0.0-beta.8 - 2021-09-17
• 18.0.0-beta.7 - 2021-09-03
• 18.0.0-beta.6 - 2021-09-03
• 18.0.0-beta.5 - 2021-09-03
• 18.0.0-beta.4 - 2021-09-03
• 18.0.0-beta.3 - 2021-08-30
• 18.0.0-beta.2 - 2021-08-26
• 18.0.0-beta.1 - 2021-08-20
• 17.4.7 - 2021-08-25
• 17.4.6 - 2021-08-23
• 17.4.5 - 2021-08-16
• 17.4.4 - 2021-06-15
• 17.4.3 - 2021-05-12
• 17.4.2 - 2021-03-11
• 17.4.1 - 2021-03-03
• 17.4.0 - 2021-02-26
• 17.3.9 - 2021-02-12
• 17.3.8 - 2021-02-08
• 17.3.7 - 2021-01-22
• 17.3.6 - 2021-01-21
• 17.3.5 - 2021-01-20
• 17.3.4 - 2021-01-19
• 17.3.3 - 2021-01-15
• 17.3.2 - 2021-01-13
• 17.3.1 - 2020-12-29
• 17.3.0 - 2020-11-22
• 17.2.4 - 2020-11-19
• 17.2.3 - 2020-11-16
• 17.2.2 - 2020-10-29
• 17.2.1 - 2020-10-12
• 17.2.0 - 2020-10-11
• 17.1.2 - 2020-09-17
• 17.1.1 - 2020-06-25
• 17.1.0 - 2020-06-22
• 17.0.8 - 2020-05-24
• 17.0.7 - 2020-04-21
• 17.0.6 - 2020-04-16
• 17.0.5 - 2020-04-16
• 17.0.4 - 2020-02-17
• 17.0.3 - 2020-02-13
• 17.0.2 - 2020-01-31
• 17.0.1 - 2020-01-28
• 17.0.0 - 2020-01-27
• 16.0.4 - 2020-01-27
• 16.0.3 - 2020-01-22
• 16.0.2 - 2020-01-15
• 16.0.1 - 2020-01-10
• 16.0.0 - 2020-01-09
• 16.0.0-beta.47 - 2020-01-09
• 16.0.0-beta.46 - 2019-12-13
• 16.0.0-beta.45 - 2019-12-10
• 16.0.0-beta.44 - 2019-12-10
• 16.0.0-beta.43 - 2019-12-05
• 16.0.0-beta.42 - 2019-12-04
• 16.0.0-beta.41 - 2019-12-04
• 16.0.0-beta.40 - 2019-12-03
• 16.0.0-beta.39 - 2019-12-03
• 16.0.0-beta.38 - 2019-11-28
• 16.0.0-beta.37 - 2019-11-27
• 16.0.0-beta.36 - 2019-11-23
• 16.0.0-beta.35 - 2019-11-21
• 16.0.0-beta.34 - 2019-11-21
• 16.0.0-beta.33 - 2019-11-20
• 16.0.0-beta.32 - 2019-11-20
• 16.0.0-beta.31 - 2019-11-08
• 16.0.0-beta.30 - 2019-11-07
• 16.0.0-beta.29 - 2019-11-02
• 16.0.0-beta.28 - 2019-11-01
• 16.0.0-beta.27 - 2019-10-29
• 16.0.0-beta.26 - 2019-10-14
• 16.0.0-beta.25 - 2019-10-04
• 16.0.0-beta.24 - 2019-09-13
• 16.0.0-beta.23 - 2019-09-12
• 16.0.0-beta.22 - 2019-06-07
• 16.0.0-beta.21 - 2019-06-06
• 16.0.0-beta.20 - 2019-06-05
• 16.0.0-beta.19 - 2019-05-09
• 16.0.0-beta.18 - 2019-01-31
• 16.0.0-beta.17 - 2019-01-14
• 16.0.0-beta.16 - 2019-01-07
• 16.0.0-beta.15 - 2018-12-27
• 16.0.0-beta.14 - 2018-12-27
• 16.0.0-beta.13 - 2018-12-18
• 16.0.0-beta.12 - 2018-12-18
• 16.0.0-beta.11 - 2018-12-17
• 16.0.0-beta.10 - 2018-12-17
• 16.0.0-beta.9 - 2018-12-16
• 16.0.0-beta.8 - 2018-12-15
• 16.0.0-beta.7 - 2018-12-15
• 16.0.0-beta.6 - 2018-12-14
• 16.0.0-beta.5 - 2018-12-14
• 16.0.0-beta.4 - 2018-12-13
• 16.0.0-beta.3 - 2018-12-12
• 16.0.0-beta.2 - 2018-11-30
• 16.0.0-beta.1 - 2018-11-30
• 15.14.0 - 2019-12-21
• 15.13.32 - 2019-12-15
• 15.13.31 - 2019-11-17
• 15.13.30 - 2019-11-02
• 15.13.29 - 2019-11-02
• 15.13.28 - 2019-10-26
• 15.13.27 - 2019-10-18
• 15.13.26 - 2019-10-09
• 15.13.25 - 2019-09-27
• 15.13.24 - 2019-08-22
• 15.13.23 - 2019-08-19
• 15.13.22 - 2019-08-16
• 15.13.21 - 2019-08-12
• 15.13.20 - 2019-08-06
• 15.13.19 - 2019-07-06
• 15.13.18 - 2019-06-26
• 15.13.17 - 2019-06-25
• 15.13.16 - 2019-06-07

from semantic-release GitHub release notes

Commit messages

Package name: semantic-release

• 8f07522 Revert "fix(deps): update dependency yargs to v17" (#2534)
• 2f4bcef docs: add semantic-release-react-native to plugin list (#2523)
• f419080 fix(deps): update dependency yargs to v17 (#1912)
• 3bbf08c test(integration): upgrade the gitbox image to support arm architecture in addition to x86 (#2516)
• 846f4c2 build(deps): bump terser from 5.14.0 to 5.14.2 (#2513)
• bd294eb docs(plugin-list): add semantic-release-space plugin (#2502)
• c69445e docs: remove deprecated keyword in gitlab-ci.md (#2498)
• d80e2ea build(deps-dev): bump got from 11.8.3 to 11.8.5 (#2485)
• 9589a96 docs: fix typos (#2476)
• ec89bab docs: replace issue templates with forms (#2474)
• db620aa docs: fix typo (#2473)
• dd77f1f docs: fix typo (#2472)
• e66b4b5 docs: drop duplicate word (#2471)
• 3387fb7 docs: fix typo (#2468)
• 587bb91 docs(configuration.md): `addChannel` step is skipped when `dryRun` is enabled (#2465)
• 05c9360 build(deps): bump semantic-release from 19.0.0 to 19.0.3
• f1d7ad4 build(deps): bump semver-regex from 3.1.3 to 3.1.4 (#2451)
• 58a226f fix(log-repo): use the original form of the repo url to remove the need to mask credentials (#2459)
• 17d60d3 build(deps): bump npm from 8.3.1 to 8.12.0 (#2447)
• ab45ab1 chore(lint): disabled rules that dont apply to this project (#2408)
• ea389c3 chore(deps): update dependency yargs-parser to 13.1.2 [security] (#2402)
• fa994db build(deps): bump node-fetch from 2.6.1 to 2.6.7 (#2399)
• b79116b build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
• 6fd7e56 build(deps): bump minimist from 1.2.5 to 1.2.6

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs