[Snyk] Upgrade jira-changelog from 1.5.0 to 1.6.3

[opedge]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade jira-changelog from 1.5.0 to 1.6.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released 3 years ago, on 2020-09-02.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Information Exposure SNYK-JS-NODEFETCH-2342118	104/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0011, Social Trends: No, Days since published: 613, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.73, Score Version: V4	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	104/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0011, Social Trends: No, Days since published: 613, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.73, Score Version: V4	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: jira-changelog

• 1.6.3 - 2020-09-02
• 1.6.2 - 2020-04-13
  

  For some reason, the 1.2.1 version of html-entities was suddenly failing. This version does an upgrade to that and other libraries and fixed a couple failing tests.

• 1.6.1 - 2020-03-12
  

  More info: #14

• 1.6.0 - 2020-02-20
  

  The goal of this release was to remove a lot of unneeded noise from the changelogs. These involve some changes in functionality, please read.

  Changes

  • Upgrade core libraries to remove security warnings (core-js, lodash, babel, etc)
  • Rollup merge commits into a single entry.
  • Detect revert commits
  • Add unit test coverage.
  • Cleaned up a lot of code.

  Detect Reverts

  Previously, if you reverted a commit tagged with a Jira ticket, that ticket will still show up in the changelog even though it's no longer there. This is because the git commit would be something like: "Revert [ENG-123] lorem ipsum".

  Now, as long as you use the default git revert commit message, jira-changelog will remove those reverted commits from the changelog. It will also intelligently detect a revert of a revert, which reincludes the ticket in the changelog as well as a revert, of a revert, of a revert, and so on.

  Rollup Merge Commits

  When merging a branch without squashing the commits first, all the commits from that branch will also be added to the git logs; which can cause a lot of noise in the changelog.

  Now jira-changelog will attempt to rollup all those commits into the single merge commit. NOTE: This will still use the commit messages for all those commits to detect which tickets were included, but only a single commit will be presented in the changelog.

  How it works

  Every git log has a "parents" value, which is a list of git commit shas. The first value is the commit which came before this one. If there is more than one parent, it signals a merge and each git commit sha is one of the revisions merged into this. We can use that and then walk backward, to determine all the commits included with a merge.

• 1.6.0-beta.1 - 2020-02-10
  

  v1.6.0-beta.1

• 1.6.0-beta.0 - 2020-02-06
  

  v1.6.0-beta.0

• 1.5.0 - 2019-06-13
  

  Jira has deprecated authenticating APIs with username and password. Now API requests need to be authenticated with the user's email address and Auth token.

  How to upgrade

  • Login to Jira with the user used by the jira-changelog script.
  • Follow these instructions to get an auth token.
  • Update your configuration file:
    • Change username to email and replace the value with the user's login email address.
    • Change password to token and the auth token to it.

  Before

  module.exports = {
    jira: {
      api: {
        host: 'myapp.atlassian.net',
        username: 'jirauser',
        password: 'pa55word'
      },
    }
  }

  After

  module.exports = {
    jira: {
      api: {
        host: 'myapp.atlassian.net',
        email: '[email protected]',
        token: 'qWoJBdlEp6pJy15fc9tGpsOOR2L5i35v'
      },
    }
  }

from jira-changelog GitHub release notes

Commit messages

Package name: jira-changelog

• a4b7f50 Support slack formatting in template. Decode HTML entities.
• 95e8145 Bump acorn from 6.4.0 to 6.4.1 (Can you add a LICENSE? connorsmallman/github-jira-changelog-action#15)
• fb2d7af Bump lodash from 4.17.15 to 4.17.19 (Bump @actions/core from 1.2.0 to 1.9.1 connorsmallman/github-jira-changelog-action#16)
• 5d89e69 v1.6.2
• 7cedda5 Fix html-entities usage.
• 18a20a3 v1.6.1
• bb8fc85 Don't use symmetric comparison between branches (NPM Package does not exist connorsmallman/github-jira-changelog-action#14)
• a18da0e Version 1.6 (Bump ajv from 6.10.2 to 6.12.6 connorsmallman/github-jira-changelog-action#13)
• 16b899e Fix defaultRange link (Add setting to not exclude sub-tasks connorsmallman/github-jira-changelog-action#11)
• a0a795d Update readme and error handling.

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs