[Snyk] Security upgrade semantic-release from 12.4.1 to 15.8.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	Yes	No Known Exploit
	663/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	Yes	Proof of Concept
	633/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4.8	Information Exposure SNYK-JS-PARSEURL-2935947	Yes	Proof of Concept
	863/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 9.4	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: semantic-release

The new version differs by 147 commits.

• a94e08d feat: pass `cwd` and `env` context to plugins
• 12e4155 refactor: pass `argv` via `proxyquire` for cli tests
• 264472c chore(package): update fs-extra to version 7.0.0
• d3c7232 fix(package): update git-url-parse to version 10.0.1
• 89e5847 docs: migration to new GitBook version
• ed6a381 chore(package): update clear-module to version 3.0.0
• d8e59cc fix: set default path to `generateNotes` object config
• 24ce560 refactor: build plugin pipeline parameters at initialization
• eb26254 refactor: use `Object.entries` rather than `Object.keys`
• 50061bb refactor: remove unnecessary object destructuring
• 5989989 feat: allow to define multiple `generateNotes` plugins
• 576eb60 refactor: simplify plugin validation
• f7f4aab refactor: use the `lastInput` arg to compute the `prepare` pipeline next input
• 12de628 refactor: fix incorrect comments in `lib/plugins/pipeline.js`
• d303286 docs: fix default value for `analyzeCommits` plugin
• ed9c456 refactor: always return an `Array` of results/errors from a plugin pipeline
• cac4882 docs: clarify `verifyRelease` plugin description
• 09348f1 style: disable `max-params` warning for `lib/plugins/normalize.js`
• f93eeb7 fix: do not set `path` to plugin config defined as a Function or an Array
• 071dcce fix: use unauthenticated URL to check if branch is up to date
• eb22f99 docs: FAQ for reverting a release
• 5847514 fix: allow empty release notes in dry-run mode
• a39ccb8 docs: add missing link in GitBook summary
• 0862480 fix(package): update hosted-git-info to version 2.7.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
🦉 Server-side Request Forgery (SSRF)