This repository was archived by the owner on Jul 8, 2025. It is now read-only.
[renovate] Update dependency semantic-release to v17.2.3 [SECURITY]#747
Open
renovate[bot] wants to merge 1 commit intomasterfrom
Open
[renovate] Update dependency semantic-release to v17.2.3 [SECURITY]#747renovate[bot] wants to merge 1 commit intomasterfrom
renovate[bot] wants to merge 1 commit intomasterfrom
Conversation
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
c97efbe to
6436213
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
6436213 to
14ce040
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
14ce040 to
575760e
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
3 times, most recently
from
e5f3a14 to
5f135e1
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
5f135e1 to
83253e8
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
83253e8 to
a7130f2
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
a7130f2 to
bd5c63b
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
bd5c63b to
f908f9e
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
32fc9d0 to
122332f
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
f6cc15c to
a0b25c7
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
a0b25c7 to
6a8df5e
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
16a39bb to
d5b3fdc
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
d5b3fdc to
4675c54
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
3 times, most recently
from
2ae52b2 to
a19e531
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
3 times, most recently
from
0d8a00f to
811844a
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
d56f07d to
985879c
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
985879c to
b2f23b7
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
b2f23b7 to
ea4e629
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
2 times, most recently
from
3c2cb99 to
4e26d78
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
4e26d78 to
bcaccaf
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
bcaccaf to
65e8b45
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
65e8b45 to
7c84489
Compare
renovate
bot
force-pushed
the
fix/renovate/npm-semantic-release-vulnerability
branch
from
7c84489 to
6efe928
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
17.1.1->17.2.3GitHub Vulnerability Alerts
CVE-2020-26226
Impact
Secrets that would normally be masked by
semantic-releasecan be accidentally disclosed if they contain characters that become encoded when included in a URL.Patches
Fixed in v17.2.3
Workarounds
Secrets that do not contain characters that become encoded when included in a URL are already masked properly.
Release Notes
semantic-release/semantic-release (semantic-release)
v17.2.3Compare Source
Bug Fixes
v17.2.2Compare Source
Bug Fixes
v17.2.1Compare Source
Reverts
v17.2.0Compare Source
Features
v17.1.2Compare Source
Bug Fixes
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.