[Snyk] Upgrade @semantic-release/npm from 7.0.10 to 9.0.1

[LadyK-21]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @semantic-release/npm from 7.0.10 to 9.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 15 versions ahead of your current version.
• The recommended version was released 4 months ago, on 2022-02-28.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @semantic-release/npm

• 9.0.1 - 2022-02-28
  

  9.0.1 (2022-02-28)

  Bug Fixes

  • add missed preferLocal option for execa call (#458) (c817a88)
• 9.0.0 - 2022-01-18
  

  9.0.0 (2022-01-18)

  Bug Fixes

  • add preferLocal option to allow execa to use local npm version (#445) (002439e)
  • updated the peer requirement for semantic-release to the new stable version (575a5a4)
  • updated the peer requirement on semantic-release to a version matching the engines definition of this package (2d1f5f2)
  • upgrade npm dependency to v8 (a12d6e5)

  BREAKING CHANGES

  • the minimum required peer of semantic-release has been raised to match the engines.node requirements of this package
  • npm v8 dropped support for node v15, so it is no longer supported in this plugin. this should be low impact since node v15 is already EOL

  Co-authored-by: Matt Travi programmer@travi.org

• 9.0.0-beta.3 - 2022-01-18
  

  9.0.0-beta.3 (2022-01-18)

  Bug Fixes

  • updated the peer requirement for semantic-release to the new stable version (575a5a4)
• 9.0.0-beta.2 - 2022-01-17
  

  9.0.0-beta.2 (2022-01-17)

  Bug Fixes

  • updated the peer requirement on semantic-release to a version matching the engines definition of this package (2d1f5f2)

  BREAKING CHANGES

  • the minimum required peer of semantic-release has been raised to match the engines.node requirements of this package
• 9.0.0-beta.1 - 2022-01-17
  

  9.0.0-beta.1 (2022-01-17)

  Bug Fixes

  • upgrade npm dependency to v8 (a12d6e5)

  BREAKING CHANGES

  • npm v8 dropped support for node v15, so it is no longer supported in this plugin. this should be low impact since node v15 is already EOL

  Co-authored-by: Matt Travi programmer@travi.org

• 8.0.4-beta.1 - 2022-01-17
  

  8.0.4-beta.1 (2022-01-17)

  Bug Fixes

  • add preferLocal option to allow execa to use local npm version (#445) (002439e)
• 8.0.3 - 2021-11-04
  

  8.0.3 (2021-11-04)

  Reverts

  • Revert "chore(deps): update dependency p-retry to v5 (#424)" (#425) (df11027), closes #424 #425
• 8.0.2 - 2021-10-20
  

  8.0.2 (2021-10-20)

  Bug Fixes

  • README: correct docs on authentication (#413) (f089d9d)
• 8.0.1 - 2021-10-18
  

  8.0.1 (2021-10-18)

  Bug Fixes

  • deps: update dependency @ semantic-release/error to v3 (#402) (60832fb)
• 8.0.0 - 2021-09-17
  

  8.0.0 (2021-09-17)

  Features

  • node-version: raised the minimum required version to v14.17 (#387) (#399) (f65e49d)

  BREAKING CHANGES

  • node-version: the minimum required version of node is now v14.17

  Co-authored-by: Matt Travi programmer@travi.org

• 8.0.0-beta.1 - 2021-08-30
• 7.1.3 - 2021-05-04
• 7.1.2 - 2021-05-04
• 7.1.1 - 2021-04-08
• 7.1.0 - 2021-03-30
• 7.0.10 - 2021-01-17

from @semantic-release/npm GitHub release notes

Commit messages

Package name: @semantic-release/npm

• c817a88 fix: add missed `preferLocal` option for execa call (Allow to recover from ENOTINHISTORY with a tag and handle detached head repo semantic-release/semantic-release#458)
• 43b15c9 docs(readme): removed a duplicated word (feat: allow pre-releases on GitHub semantic-release/semantic-release#457)
• 1b3e020 chore(deps): lock file maintenance (ES6 migration, repo harminization semantic-release/semantic-release#451)
• 12fe2e1 chore(deps): update dependency semantic-release to v19.0.2 (New shearable config: APM semantic-release/semantic-release#456)
• 11e18bb chore(deps): pin dependency semantic-release to v19.0.0 (An in-range update of @semantic-release/commit-analyzer is breaking the build 🚨 semantic-release/semantic-release#455)
• e644a9c Merge pull request Set default branch in codecov.yml semantic-release/semantic-release#454 from semantic-release/next
• 2aa642c Merge pull request Release fails with ERR! pre undefined after update to v8 semantic-release/semantic-release#452 from semantic-release/beta
• 575a5a4 fix: updated the peer requirement for `semantic-release` to the new stable version
• 2d1f5f2 fix: updated the peer requirement on `semantic-release` to a version matching the engines definition of this package
• a12d6e5 fix: upgrade npm dependency to v8
• 002439e fix: add `preferLocal` option to allow execa to use local npm version (Proposal regarding the node 8 limitation semantic-release/semantic-release#445)
• 19761ed chore(deps): update dependency ava to v4.0.1 (Update coveralls to the latest version 🚀 semantic-release/semantic-release#450)
• 7a1aacf chore(deps): update dependency ava to v4 (Failing CI when no new changes found for publishing semantic-release/semantic-release#449)
• bc91420 chore(deps): lock file maintenance (Error in Travis CI: Cannot find module 'request-promise-core/configure/request2' semantic-release/semantic-release#448)
• 57d7721 chore(deps): lock file maintenance (fix: handle missing gitHead issue semantic-release/semantic-release#447)
• 708c29b chore(deps): lock file maintenance (Update @semantic-release/last-release-npm to the latest version 🚀 semantic-release/semantic-release#443)
• 696d8f7 chore(deps): lock file maintenance
• 96a20d8 chore(deps): lock file maintenance (ENOCHANGE There are no relevant changes – although commit is fix: ... semantic-release/semantic-release#439)
• bec47ab chore(deps): lock file maintenance
• 102ecb4 chore(deps): update dependency semantic-release to v18.0.1 (Update @semantic-release/release-notes-generator to the latest version 🚀 semantic-release/semantic-release#435)
• b065386 chore(deps): lock file maintenance (Yarn fails to install semantic-release on node version < 8 semantic-release/semantic-release#433)
• 2ca494b chore(deps): update dependency got to v11.8.3 (fix: Remove loglevel notice error semantic-release/semantic-release#432)
• bd6a849 chore(deps): lock file maintenance (Invalid config warning semantic-release/semantic-release#430)
• 2f052e5 chore(deps): lock file maintenance (Update commit lint suggestion semantic-release/semantic-release#429)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs