Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

semantic-release

Package Overview
Dependencies
Maintainers
4
Versions
411
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

semantic-release - npm Package Compare versions

Comparing version 21.0.2 to 21.0.3

2

docs/developer-guide/js-api.md

@@ -145,3 +145,3 @@ # JavaScript API

**Notes**: If no previous release is found, `lastRelease` will be an empty `Object`.
**Note**: If no previous release is found, `lastRelease` will be an empty `Object`.

@@ -148,0 +148,0 @@ Example:

8

docs/extending/plugins-list.md

@@ -177,1 +177,9 @@ # Plugins list

- `publish` add a release tag to Coralogix
- [semantic-release-major-tag](https://github.com/doteric/semantic-release-major-tag)
- `success` Create major version tag, for example `v1`.
- [semantic-release-yarn](https://github.com/hongaar/semantic-release-yarn)
- **Note**: this is an alternative to the default `@semantic-release/npm` plugin and adds support for monorepos.
- `verifyConditions` Verify Yarn 2 or higher is installed, verify the presence of a NPM auth token (either in an environment variable or a `.yarnrc.yml` file) and verify the authentication method is valid.
- `prepare` Update the `package.json` version and create the package tarball.
- `addChannel` Add a tag for the release.
- `publish` Publish to the npm registry.

29

docs/usage/installation.md

@@ -27,7 +27,26 @@ # Installation

**Note**: For a global installation, it's recommended to specify the major **semantic-release** version to install (for example with `npx semantic-release@18`).
This way your build will not automatically use the next major **semantic-release** release that could possibly break your build.
You will have to upgrade manually when a new major version is released.
### Notes
**Note**: `npx` is a tool bundled with `npm@>=5.2.0`. It is used to conveniently install the semantic-release binary and to execute it.
See [What is npx](../support/FAQ.md#what-is-npx) for more details.
1. If you've globally installed **semantic-release** then we recommend that you set the major **semantic-release** version to install.
For example, by using `npx semantic-release@18`.
This way you control which major version of **semantic-release** is used by your build, and thus avoid breaking the build when there's a new major version of **semantic-release**.
This also means you, or a bot, must upgrade **semantic-release** when a new major version is released.
2. Pinning **semantic-release** to an exact version makes your releases even more deterministic.
But pinning also means you, or a bot, must update to newer versions of **semantic-release** more often.
3. You can use [Renovate's regex manager](https://docs.renovatebot.com/modules/manager/regex/) to get automatic updates for **semantic-release** in either of the above scenarios.
Put this in your Renovate configuration file:
```json
{
"regexManagers": [
{
"description": "Update semantic-release version used by npx",
"fileMatch": ["^\\.github/workflows/[^/]+\\.ya?ml$"],
"matchStrings": ["\\srun: npx semantic-release@(?<currentValue>.*?)\\s"],
"datasourceTemplate": "npm",
"depNameTemplate": "semantic-release"
}
]
}
```
4. `npx` is a tool bundled with `npm@>=5.2.0`. You can use it to install (and run) the **semantic-release** binary.
See [What is npx](../support/FAQ.md#what-is-npx) for more details.

17

package.json
{
"name": "semantic-release",
"description": "Automated semver compliant package publishing",
"version": "21.0.2",
"version": "21.0.3",
"type": "module",

@@ -29,5 +29,5 @@ "author": "Stephan Bönnemann <stephan@boennemann.me> (http://boennemann.me)",

"dependencies": {
"@semantic-release/commit-analyzer": "^9.0.2",
"@semantic-release/commit-analyzer": "^10.0.0",
"@semantic-release/error": "^3.0.0",
"@semantic-release/github": "^8.0.0",
"@semantic-release/github": "^9.0.0",
"@semantic-release/npm": "^10.0.2",

@@ -61,6 +61,5 @@ "@semantic-release/release-notes-generator": "^11.0.0",

"ava": "5.2.0",
"c8": "7.13.0",
"c8": "7.14.0",
"clear-module": "4.1.2",
"codecov": "3.8.3",
"delay": "5.0.0",
"dockerode": "3.3.5",

@@ -72,9 +71,9 @@ "file-url": "4.0.0",

"mockserver-client": "5.15.0",
"nock": "13.3.0",
"nock": "13.3.1",
"p-retry": "5.1.2",
"prettier": "2.8.7",
"sinon": "15.0.4",
"prettier": "2.8.8",
"sinon": "15.1.0",
"stream-buffers": "3.0.2",
"tempy": "3.0.0",
"testdouble": "3.17.2"
"testdouble": "3.18.0"
},

@@ -81,0 +80,0 @@ "engines": {

1

README.md

@@ -44,2 +44,3 @@ <h1 align="center" style="border-bottom: none;">📦🚀 semantic-release</h1>

- Simple and reusable configuration via [shareable configurations](docs/usage/shareable-configurations.md)
- Support for [npm package provenance](https://github.com/semantic-release/npm#npm-provenance) that promotes increased supply-chain security via signed attestations on GitHub Actions

@@ -46,0 +47,0 @@ ## How does it work?

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc