Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): raised the minimum accepted range of npm to v10.5.0 #759

Merged
merged 1 commit into from
Mar 1, 2024

Conversation

travi
Copy link
Member

@travi travi commented Mar 1, 2024

closes semantic-release/semantic-release#3202

even though our existing range allowed anyone to update as soon as the new npm version was available, this will encourage being on a version that does not report the ip vulnerability a bit more forcefully.

@travi travi requested a review from a team March 1, 2024 22:45
@gr2m gr2m enabled auto-merge (squash) March 1, 2024 22:46
@gr2m gr2m merged commit a0313f8 into master Mar 1, 2024
5 checks passed
@gr2m gr2m deleted the upgrade-npm branch March 1, 2024 22:46
Copy link

github-actions bot commented Mar 1, 2024

🎉 This PR is included in version 11.0.3 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Request for patched semantic-release version to address ip package vulnerability (CVE-2023-42282)
2 participants