semantic-release
Advanced tools
Comparing version
@@ -1,4 +0,3 @@ | ||
import { dirname, resolve } from "node:path"; | ||
import { dirname, extname } from "node:path"; | ||
import { fileURLToPath } from "node:url"; | ||
import { createRequire } from "node:module"; | ||
@@ -17,3 +16,2 @@ import { castArray, isNil, isPlainObject, isString, pickBy } from "lodash-es"; | ||
const __dirname = dirname(fileURLToPath(import.meta.url)); | ||
const require = createRequire(import.meta.url); | ||
@@ -39,4 +37,14 @@ const CONFIG_NAME = "release"; | ||
const result = await eventualResult; | ||
const extendsOptions = require(resolveFrom.silent(__dirname, extendPath) || resolveFrom(cwd, extendPath)); | ||
const resolvedPath = resolveFrom.silent(__dirname, extendPath) || resolveFrom(cwd, extendPath); | ||
const importAssertions = | ||
extname(resolvedPath) === ".json" | ||
? { | ||
assert: { | ||
type: "json", | ||
}, | ||
} | ||
: undefined; | ||
const { default: extendsOptions } = await import(resolvedPath, importAssertions); | ||
// For each plugin defined in a shareable config, save in `pluginsPath` the extendable config path, | ||
@@ -43,0 +51,0 @@ // so those plugin will be loaded relative to the config file |
{ | ||
"name": "semantic-release", | ||
"description": "Automated semver compliant package publishing", | ||
"version": "22.0.6", | ||
"version": "22.0.7", | ||
"type": "module", | ||
@@ -52,3 +52,3 @@ "author": "Stephan Bönnemann <stephan@boennemann.me> (http://boennemann.me)", | ||
"p-reduce": "^3.0.0", | ||
"read-pkg-up": "^10.0.0", | ||
"read-pkg-up": "^11.0.0", | ||
"resolve-from": "^5.0.0", | ||
@@ -74,3 +74,3 @@ "semver": "^7.3.2", | ||
"mockserver-client": "5.15.0", | ||
"nock": "13.3.7", | ||
"nock": "13.3.8", | ||
"npm-run-all2": "6.1.1", | ||
@@ -80,3 +80,3 @@ "p-retry": "6.1.0", | ||
"publint": "0.2.5", | ||
"sinon": "17.0.0", | ||
"sinon": "17.0.1", | ||
"stream-buffers": "3.0.2", | ||
@@ -83,0 +83,0 @@ "tempy": "3.1.0", |
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
283907
0.07%2628
0.27%4
-20%+ Added
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
Updated