Skip to content

Commit f28e7bb

Browse files
Sarah Dayanclaude
Sarah Dayan
and
claude
committed
chore: fix transitive dependency vulnerabilities
Update dependencies to resolve security vulnerabilities in transitive deps: - patch-package: 6.2.2 → 8.0.1 - Fixes: [email protected] (CVE-2024-4068), [email protected] (CVE-2024-21538) - conventional-changelog-core: 4.1.4 → 9.0.0 - conventional-changelog-angular: 5.0.6 → 8.1.0 - conventional-changelog-preset-loader: 2.3.0 → 5.0.0 - Fixes: [email protected] (multiple CVEs), [email protected] (CVE-2021-23362) - all-contributors-cli: 6.15.0 → 6.26.1 - Fixes: [email protected] (multiple CVEs) Co-Authored-By: Claude Opus 4.5 <[email protected]>
1 parent c7e24d9 commit f28e7bb

4 files changed

Lines changed: 252 additions & 1505 deletions

File tree

package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,11 +31,11 @@
3131
},
3232
"name": "shipjs",
3333
"devDependencies": {
34-
"all-contributors-cli": "6.15.0",
34+
"all-contributors-cli": "6.26.1",
3535
"lerna": "8.2.4"
3636
},
3737
"dependencies": {
38-
"patch-package": "^6.2.2",
38+
"patch-package": "^8.0.1",
3939
"postinstall-postinstall": "^2.1.0"
4040
},
4141
"packageManager": "[email protected]+sha512.ff4579ab459bb25aa7c0ff75b62acebe576f6084b36aa842971cf250a5d8c6cd3bc9420b22ce63c7f93a0857bc6ef29291db39c3e7a23aab5adfd5a4dd6c5d71"

packages/shipjs/package.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -39,9 +39,9 @@
3939
"arg": "5.0.2",
4040
"chalk": "^5.4.1",
4141
"change-case": "^5.4.4",
42-
"conventional-changelog-angular": "^5.0.6",
43-
"conventional-changelog-core": "^4.1.4",
44-
"conventional-changelog-preset-loader": "^2.3.0",
42+
"conventional-changelog-angular": "^8.1.0",
43+
"conventional-changelog-core": "^9.0.0",
44+
"conventional-changelog-preset-loader": "^5.0.0",
4545
"deepmerge": "^4.3.1",
4646
"dotenv": "^16.5.0",
4747
"ejs": "^3.1.10",

packages/shipjs/src/step/prepare/updateChangelog.js

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,8 @@ import path from 'path';
33

44
import addStream from 'add-stream';
55
import conventionalChangelogCore from 'conventional-changelog-core';
6-
import conventionalChangelogPresetLoader from 'conventional-changelog-preset-loader';
6+
// eslint-disable-next-line import/no-unresolved -- ESM-only package with exports field
7+
import { loadPreset } from 'conventional-changelog-preset-loader';
78
import merge from 'deepmerge';
89
import tempfile from 'tempfile';
910

@@ -134,10 +135,7 @@ export async function prepareParams({
134135
: {};
135136
if (args.preset) {
136137
try {
137-
args.config = merge(
138-
await conventionalChangelogPresetLoader(args.preset),
139-
args.config
140-
);
138+
args.config = merge(await loadPreset(args.preset), args.config);
141139
} catch (err) {
142140
/* eslint-disable no-console */
143141
if (typeof args.preset === 'object') {

0 commit comments

Comments
 (0)