Skip to content

chore(deps): bump npm, semantic-release, @semantic-release/commit-analyzer, @semantic-release/git, @semantic-release/github and @semantic-release/npm#77

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-9eddef2542
Open

chore(deps): bump npm, semantic-release, @semantic-release/commit-analyzer, @semantic-release/git, @semantic-release/github and @semantic-release/npm#77
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-9eddef2542

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 5, 2026

Bumps npm to 11.9.0 and updates ancestor dependencies npm, semantic-release, @semantic-release/commit-analyzer, @semantic-release/git, @semantic-release/github and @semantic-release/npm. These dependencies need to be updated together.

Updates npm from 7.24.2 to 11.9.0

Release notes

Sourced from npm's releases.

v11.9.0

11.9.0 (2026-02-04)

Features

Bug Fixes

Dependencies

Chores

v11.8.0

11.8.0 (2026-01-21)

Features

  • 545e861 #8828 show proxy environment variables in npm config list (Max Black)

Bug Fixes

Documentation

Dependencies

Chores

... (truncated)

Changelog

Sourced from npm's changelog.

11.9.0 (2026-02-04)

Features

Bug Fixes

Dependencies

Chores

11.8.0 (2026-01-21)

Features

  • 545e861 #8828 show proxy environment variables in npm config list (Max Black)

Bug Fixes

Documentation

Dependencies

Chores

... (truncated)

Commits

Updates semantic-release from 17.2.3 to 25.0.3

Release notes

Sourced from semantic-release's releases.

v25.0.3

25.0.3 (2026-01-30)

Bug Fixes

v25.0.2

25.0.2 (2025-11-07)

Bug Fixes

  • deps: update dependency read-package-up to v12 (#3935) (1494cb9)

v25.0.1

25.0.1 (2025-10-19)

Bug Fixes

v25.0.1-beta.3

25.0.1-beta.3 (2025-10-19)

Bug Fixes

  • deps: update to latest npm plugin (a96aced)

v25.0.1-beta.2

25.0.1-beta.2 (2025-10-19)

Bug Fixes

v25.0.1-beta.1

25.0.1-beta.1 (2025-10-16)

Bug Fixes

... (truncated)

Commits
  • f404124 fix(deps): remove deprecated semver-diff (#3980)
  • fef7e34 docs: warn against using registry-url in setup-node (#4024)
  • 699d470 chore(deps): update dependency lockfile-lint to v5 (#4022)
  • c7c6f7a chore(deps): update dependency tempy to v3.1.2 (#4021)
  • 1ce5088 ci(action): update github/codeql-action action to v4.32.0 (#4019)
  • 9bb0d87 chore(deps): lock file maintenance (#4016)
  • 490171c chore(deps): update npm to v11.8.0 (#4015)
  • f6411e9 chore(deps): update dependency prettier to v3.8.1 (#4014)
  • c71c576 chore(deps): update dependency publint to v0.3.17 (#4013)
  • 989e18c chore(deps): update dependency tempy to v3.1.1 (#4012)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for semantic-release since your current version.


Updates @semantic-release/commit-analyzer from 8.0.1 to 13.0.1

Release notes

Sourced from @​semantic-release/commit-analyzer's releases.

v13.0.1

13.0.1 (2025-01-03)

Bug Fixes

  • deps: update dependency import-from-esm to v2 (#741) (f106b76)

v13.0.0

13.0.0 (2024-05-31)

Bug Fixes

  • log the raw message again (e2f5d6c)

Features

  • support latest conventional-changelog packages (0254d7a)

BREAKING CHANGES

  • by supporting the latest major versions of conventional-changelog packages, we are dropping support for previous major versions of those packages due to the breaking changes between majors. this only impacts your project if you are installing alongside semantic-release, so updating those packages to latest version should be the only change you need for this update. no action should be necessary if you are using default semantic-release config

v13.0.0-beta.2

13.0.0-beta.2 (2024-05-25)

Bug Fixes

  • log the raw message again (e2f5d6c)

v13.0.0-beta.1

13.0.0-beta.1 (2024-05-25)

Features

  • support latest conventional-changelog packages (0254d7a)

BREAKING CHANGES

  • by supporting the latest major versions of conventional-changelog packages, we are

... (truncated)

Commits

Updates @semantic-release/git from 9.0.0 to 10.0.1

Release notes

Sourced from @​semantic-release/git's releases.

v10.0.1

10.0.1 (2021-10-30)

Bug Fixes

  • deps: update dependency @​semantic-release/error to v3 (#295) (3e934d4)

v10.0.0

10.0.0 (2021-09-20)

Features

  • node-version: raised the minimum required version to v14.17 (7ab65f8)

BREAKING CHANGES

  • node-version: the minimum required version of node is now v14.17

v9.0.1

9.0.1 (2021-09-05)

Bug Fixes

Commits
  • 3e934d4 fix(deps): update dependency @​semantic-release/error to v3 (#295)
  • 01aad76 chore(deps): lock file maintenance (#304)
  • eae607b chore(deps): lock file maintenance (#302)
  • f9e1a09 chore(deps): lock file maintenance (#301)
  • 51280ff chore(deps): lock file maintenance (#300)
  • 7a41029 chore(deps): lock file maintenance (#299)
  • 7ab65f8 feat(node-version): raised the minimum required version to v14.17
  • 9105df6 chore(deps): lock file maintenance (#296)
  • fccf23d build(release.yml): set node-version to 16
  • 9d20879 chore(deps): lock file maintenance (#294)
  • Additional commits viewable in compare view

Updates @semantic-release/github from 7.1.1 to 12.0.3

Release notes

Sourced from @​semantic-release/github's releases.

v12.0.3

12.0.3 (2026-01-30)

Bug Fixes

  • extend GraphQL alias prefix to prevent hash collisions (#1134) (ea6386d)

v12.0.2

12.0.2 (2025-11-08)

Bug Fixes

  • add undici ProxyAgent support for GitHub Enterprise Server behind proxies (#1104) (15def77)

v12.0.1

12.0.1 (2025-10-31)

Bug Fixes

  • deps: update dependency @​octokit/plugin-paginate-rest to v14 (#1112) (8df8d4a)

v12.0.0

12.0.0 (2025-10-15)

Features

  • node-versions: drop support for node versions v20, v21, and v23 (6e2ac27)
  • node-versions: raise the minimum node version requirement for the v24 range (4d6924d)
  • remove github search api consumption (#1037) (d260bfd), closes #1022

BREAKING CHANGES

  • node-versions: the minimum node version for the v24 range is now v24.10.0
  • @semantic-release/github no longer consumes the GitHub Search API in the plugin
  • node-versions: a minimum of node v22.14 is now required

v12.0.0-beta.4

12.0.0-beta.4 (2025-10-13)

Features

  • node-versions: raise the minimum node version requirement for the v24 range (4d6924d)

... (truncated)

Commits
  • ea6386d fix: extend GraphQL alias prefix to prevent hash collisions (#1134)
  • 01e5746 chore(deps): update dependency lockfile-lint to v5 (#1156)
  • cfc4fc6 chore(deps): update dependency tempy to v3.1.2 (#1155)
  • a852069 chore(deps): lock file maintenance (#1154)
  • f8c7895 chore(deps): update npm to v11.8.0 (#1153)
  • 588531a chore(deps): update dependency prettier to v3.8.1 (#1152)
  • deedabd chore(deps): update dependency publint to v0.3.17 (#1151)
  • abc0151 chore(deps): update dependency tempy to v3.1.1 (#1150)
  • 2efa6d1 chore(deps): update dependency lodash-es to v4.17.23 [security] (#1149)
  • faaac4e build(deps): bump tar and npm (#1148)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​semantic-release/github since your current version.


Updates @semantic-release/npm from 7.1.3 to 13.1.3

Release notes

Sourced from @​semantic-release/npm's releases.

v13.1.3

13.1.3 (2025-12-12)

Bug Fixes

  • deps: update dependency @​actions/core to v2 (#1055) (fa4a3ab)

v13.1.2

13.1.2 (2025-11-14)

Bug Fixes

v13.1.1

13.1.1 (2025-10-19)

Bug Fixes

  • publish-dry-run: temporarily remove the addition of dry-running the publish step (30bd176)

v13.1.0

13.1.0 (2025-10-19)

Features

  • trusted-publishing: verify auth, considering OIDC vs tokens from various registries (e3319f1), closes #958
  • trusted-publishing: refine the messages for related errors (316ce21), closes #958
  • trusted-publishing: make request to verify if OIDC token exchange can succeed (c80ecb0), closes #958
  • trusted-publishing: pass id-token as bearer header for github actions (d83b727), closes #958
  • trusted-publishing: pass id-token as bearer header for gitlab pipelines (6d1c3cf), closes #958
  • trusted-publishing: handle failure to retrieve id-token in the context of github actions (b673257), closes #958
  • auth-error: update messaging for auth failure to be less token specific (e24967d)
  • auth: attempt a dry-run publish to determine auth status (841dc67)

Bug Fixes

  • trusted-publishing: uri encode the package name for the token exchange request (3dd95d0), closes #958
  • auth: throw appropriate error when auth context fails to enable publishing (f5c8d85)
  • auth: throw error if dry-run publish determines lack of auth (8f88e9d)
  • verify-auth: enable the publish dry-run to work for projects publishing from a sub-directory (e7d684c)

v13.1.0-beta.3

13.1.0-beta.3 (2025-10-18)

Features

... (truncated)

Commits
  • fa4a3ab fix(deps): update dependency @​actions/core to v2 (#1055)
  • b1d3557 chore(deps): lock file maintenance (#1053)
  • 9a08900 chore(deps): update dependency prettier to v3.7.4 (#1052)
  • f2dcce8 ci(action): update actions/setup-node action to v6.1.0 (#1050)
  • afab89c chore(deps): update dependency prettier to v3.7.3 (#1048)
  • ab3cc83 ci(action): update actions/checkout action to v6.0.1 (#1049)
  • 42f1b8f chore(deps): update dependency prettier to v3.7.2 (#1047)
  • f7c7de5 chore(deps): lock file maintenance (#1046)
  • d27a09f chore(deps): update dependency prettier to v3.7.1 (#1045)
  • 0927a79 chore(deps): update dependency prettier to v3.7.0 (#1044)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​semantic-release/npm since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump npm, semantic-release, @semantic-release/commit-ana…
4561a67 
…lyzer, @semantic-release/git, @semantic-release/github and @semantic-release/npm

Bumps [npm](https://github.com/npm/cli) to 11.9.0 and updates ancestor dependencies [npm](https://github.com/npm/cli), [semantic-release](https://github.com/semantic-release/semantic-release), [@semantic-release/commit-analyzer](https://github.com/semantic-release/commit-analyzer), [@semantic-release/git](https://github.com/semantic-release/git), [@semantic-release/github](https://github.com/semantic-release/github) and [@semantic-release/npm](https://github.com/semantic-release/npm). These dependencies need to be updated together.


Updates `npm` from 7.24.2 to 11.9.0
- [Release notes](https://github.com/npm/cli/releases)
- [Changelog](https://github.com/npm/cli/blob/latest/CHANGELOG.md)
- [Commits](npm/cli@v7.24.2...v11.9.0)

Updates `semantic-release` from 17.2.3 to 25.0.3
- [Release notes](https://github.com/semantic-release/semantic-release/releases)
- [Commits](semantic-release/semantic-release@v17.2.3...v25.0.3)

Updates `@semantic-release/commit-analyzer` from 8.0.1 to 13.0.1
- [Release notes](https://github.com/semantic-release/commit-analyzer/releases)
- [Commits](semantic-release/commit-analyzer@v8.0.1...v13.0.1)

Updates `@semantic-release/git` from 9.0.0 to 10.0.1
- [Release notes](https://github.com/semantic-release/git/releases)
- [Commits](semantic-release/git@v9.0.0...v10.0.1)

Updates `@semantic-release/github` from 7.1.1 to 12.0.3
- [Release notes](https://github.com/semantic-release/github/releases)
- [Commits](semantic-release/github@v7.1.1...v12.0.3)

Updates `@semantic-release/npm` from 7.1.3 to 13.1.3
- [Release notes](https://github.com/semantic-release/npm/releases)
- [Commits](semantic-release/npm@v7.1.3...v13.1.3)

---
updated-dependencies:
- dependency-name: npm
  dependency-version: 11.9.0
  dependency-type: indirect
- dependency-name: semantic-release
  dependency-version: 25.0.3
  dependency-type: direct:development
- dependency-name: "@semantic-release/commit-analyzer"
  dependency-version: 13.0.1
  dependency-type: direct:development
- dependency-name: "@semantic-release/git"
  dependency-version: 10.0.1
  dependency-type: direct:development
- dependency-name: "@semantic-release/github"
  dependency-version: 12.0.3
  dependency-type: direct:development
- dependency-name: "@semantic-release/npm"
  dependency-version: 13.1.3
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 5, 2026
@dependabot dependabot bot requested review from a team as code owners February 5, 2026 23:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code one-app-team-review-requested

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants