[Snyk] Security upgrade semantic-release from 17.4.2 to 20.0.1

[randytarampi]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Uncaught Exception SNYK-JS-YAML-5458867	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: semantic-release

The new version differs by 171 commits.

• f914c1e fix(deps): update dependency cosmiconfig to v8
• c4da008 fix(deps): update dependency hosted-git-info to v6
• b707475 chore(deps): update dependency sinon to v15 (#2653)
• b957934 chore(deps): update dependency fs-extra to v11 (#2650)
• 4b74f00 chore(deps): update dependency ava to v5 (#2649)
• bbb5e5a chore(deps): update dependency testdouble to v3.16.8 (#2646)
• a1e0467 chore(deps): update dependency sinon to v14.0.2 (#2645)
• b9b5c76 Merge pull request #2607 from semantic-release/beta
• 91bcb6b Merge branch 'master' of github.com:semantic-release/semantic-release into beta
• 0716d62 build(deps): bump json5 and tsconfig-paths (#2643)
• caa8b95 test(integration): used token auth for registry interactions rather than legacy auth
• 0973513 Merge branch 'master' of github.com:semantic-release/semantic-release into beta
• fa241a2 build(deps): bump minimatch from 3.0.4 to 3.1.2
• ba05e08 docs(node-version): raised the minimum version to align with `engines.node`
• eddbbb8 Merge branch 'master' of github.com:semantic-release/semantic-release into beta
• aa0c9d6 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2
• 7365012 chore(overrides): removed the `overrides` definition (#2634)
• 918eb59 fix(env-ci): updated to the stable esm-only version (#2632)
• c4cd639 Merge branch 'master' of github.com:semantic-release/semantic-release into beta
• 6051fae Revert "test(integration): ran tests serially in hope of avoiding conflicts in the ci environment"
• 62846a1 test(integration): omitted the `GITHUB_ACTION` env var as well
• 71f45f9 test(integration): ran tests serially in hope of avoiding conflicts in the ci environment
• f32fd58 test(integration): updated the simulated environment to omit the `GITHUB_ACTIONS` variable from the test env
• d13ea92 style: prettier (#2624)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.