Skip to content

chore(deps): update dependency @semantic-release/npm to v13 #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency @semantic-release/npm to v13 #71

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 18, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@semantic-release/npm 9.0.2 -> 13.1.1 age confidence

Release Notes

semantic-release/npm (@​semantic-release/npm)

v13.1.1

Compare Source

v13.1.0

Compare Source

Features
  • trusted-publishing: verify auth, considering OIDC vs tokens from various registries (e3319f1), closes #​958
  • trusted-publishing: refine the messages for related errors (316ce21), closes #​958
  • trusted-publishing: make request to verify if OIDC token exchange can succeed (c80ecb0), closes #​958
  • trusted-publishing: pass id-token as bearer header for github actions (d83b727), closes #​958
  • trusted-publishing: pass id-token as bearer header for gitlab pipelines (6d1c3cf), closes #​958
  • trusted-publishing: handle failure to retrieve id-token in the context of github actions (b673257), closes #​958
  • auth-error: update messaging for auth failure to be less token specific (e24967d)
  • auth: attempt a dry-run publish to determine auth status (841dc67)
Bug Fixes
  • auth: throw appropriate error when auth context fails to enable publishing (f5c8d85)
  • auth: throw error if dry-run publish determines lack of auth (8f88e9d)
  • deps: depend on the oidc branch for npm (733fe89)
  • deps: depend on the released version of the cli branch now that the oidc features are merged (fc30c21)
  • dry-run: look for the warning in stderr output rather than stdout (86f65a6)
  • dry-run: stop searching for "warn" to avoid ANSI color complications (bee5db6)
  • errors: bring back the invalid token error (c9f0da5), closes #​958
  • errors: resolve syntax problem (d825403)
  • error: throw an aggregate error rather than a simple error (1967d72)
  • stdout: fix the reference of stdout from execa (4ab3e74)
  • token: temporarily disable configuring token into .npmrc (73185a3), closes #​958
  • trusted-publishing: properly await the check for trusted publishing context (23c8610), closes #​958
  • trusted-publishing: uri encode the package name for the token exchange request (3dd95d0), closes #​958
  • verify-auth: enable the publish dry-run to work for projects publishing from a sub-directory (e7d684c)
  • verify-auth: stream output of the dry-run for custom registries (67ee603), closes #​958
  • whoami: temporarily disable verifying token validity (0fc050d), closes #​958

v13.0.0

Compare Source

Features
  • node-versions: drop support for node versions v20, v21, and v23
  • node-versions: raise the minimum node version requirement for the v24 range (935439e)
Bug Fixes
BREAKING CHANGES
  • node-versions: the minimum node version for the v24 range is now v24.10.0
  • deps: a minimum of node v22.14 is now required

v12.0.2

Compare Source

Bug Fixes

v12.0.1

Compare Source

Bug Fixes
  • deps: update dependency execa to v9 (9ac5ed0)

v12.0.0

Compare Source

Features
  • exports: defined exports to point at ./index.js (9e193c2)
  • node-versions: dropped support for node v18 and v19 (2df962b)
BREAKING CHANGES
  • exports: exports has been defined, which prevents access to private apis (which arent
    intended for consumption anyway)
  • node-versions: node v18 and v19 are no longer supported

v11.0.3

Compare Source

Bug Fixes

even though our existing range allowed anyone to update as soon as the new npm version was available, this will encourage being on a version that does not report the ip vulnerability a bit more forcefully

v11.0.2

Compare Source

Bug Fixes
  • deps: update dependency npm to v10.2.5 (42b5dec)

v11.0.1

Compare Source

Bug Fixes

v11.0.0

Compare Source

Bug Fixes
  • deps: update dependency npm to v10 (819f257)
Features
  • node-versions: raised the minimum required node version to v18.17 and dropped v19 support (6413130)
BREAKING CHANGES
  • node-versions: node v18.17 is now the minimum required version and support for v19 has been dropped

v10.0.6

Compare Source

Bug Fixes

v10.0.5

Compare Source

Bug Fixes

v10.0.4

Compare Source

Bug Fixes

v10.0.3

Compare Source

Bug Fixes

v10.0.2

Compare Source

Bug Fixes

v10.0.1

Compare Source

Bug Fixes

v10.0.0

Compare Source

Bug Fixes
  • aggregate-error: upgraded to the latest version (7285e05)
  • deps: upgraded npm to v9 (2a79f80)
  • execa: upgraded to the latest version (7c74660)
  • normalize-url: upgraded to the latest version (b55bb01)
  • remove support for legacy auth (51ab3c8)
  • tempy: upgraded to the latest version of tempy (f1992a5)
Code Refactoring
  • esm: converted the package to esm (2d8ff15)
Features
  • node-versions: dropped support for node versions below v18 (aff3574)
  • semantic-release-peer: raised the minimum peer requirement to the first version that supports loading esm plugins (22e70ad)
BREAKING CHANGES
  • deps: the direct dependency on npm has been upgraded to v9. details of breaking changes
    can be found at https://github.com/npm/cli/releases/tag/v9.0.0
  • semantic-release-peer: the required version of semantic-release has been
    raised to v20.1.0 in order to support loading of ESM plugins
  • aggregate-error: due to the aggregate-error upgrade, thrown errors are no longer iterable, but instead list the errors under an errors property
  • legacy authentication using NPM_USERNAME and NPM_PASSWORD is no longer supported. Use NPM_TOKEN instead.
  • node-versions: node v18 is now the minimum required node version
  • esm: @semantic-release/npm is now a native ES Module. It
    has named exports for each plugin hook (verifyConditions, prepare,
    publish, addChannel)

Configuration

📅 Schedule: Branch creation - "after 4pm on friday,before 9am on monday,every weekend" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/major-13-semantic-release-monorepo branch from cb33421 to 6fcf5f1 Compare October 19, 2025 18:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants