backstage-plugin-gitlab icon indicating copy to clipboard operation
backstage-plugin-gitlab copied to clipboard
verified publisher icon immobiliare

chore(deps-dev): bump @semantic-release/npm from 9.0.2 to 13.1.1

Open dependabot[bot] opened this issue 3 months ago • 2 comments

Bumps @semantic-release/npm from 9.0.2 to 13.1.1.

Release notes

Sourced from @​semantic-release/npm's releases.

v13.1.1

13.1.1 (2025-10-19)

Bug Fixes

  • publish-dry-run: temporarily remove the addition of dry-running the publish step (30bd176)

v13.1.0

13.1.0 (2025-10-19)

Features

  • trusted-publishing: verify auth, considering OIDC vs tokens from various registries (e3319f1), closes #958
  • trusted-publishing: refine the messages for related errors (316ce21), closes #958
  • trusted-publishing: make request to verify if OIDC token exchange can succeed (c80ecb0), closes #958
  • trusted-publishing: pass id-token as bearer header for github actions (d83b727), closes #958
  • trusted-publishing: pass id-token as bearer header for gitlab pipelines (6d1c3cf), closes #958
  • trusted-publishing: handle failure to retrieve id-token in the context of github actions (b673257), closes #958
  • auth-error: update messaging for auth failure to be less token specific (e24967d)
  • auth: attempt a dry-run publish to determine auth status (841dc67)

Bug Fixes

  • trusted-publishing: uri encode the package name for the token exchange request (3dd95d0), closes #958
  • auth: throw appropriate error when auth context fails to enable publishing (f5c8d85)
  • auth: throw error if dry-run publish determines lack of auth (8f88e9d)
  • verify-auth: enable the publish dry-run to work for projects publishing from a sub-directory (e7d684c)

v13.1.0-beta.3

13.1.0-beta.3 (2025-10-18)

Features

  • trusted-publishing: refine the messages for related errors (316ce21), closes #958

v13.1.0-beta.2

13.1.0-beta.2 (2025-10-18)

Bug Fixes

  • verify-auth: enable the publish dry-run to work for projects publishing from a sub-directory (e7d684c)

v13.1.0-beta.1

13.1.0-beta.1 (2025-10-16)

Bug Fixes

... (truncated)

Commits
  • 05c19df Merge pull request #1019 from semantic-release/disable-dry-run
  • 30bd176 fix(publish-dry-run): temporarily remove the addition of dry-running the publ...
  • d321e46 Merge pull request #1017 from semantic-release/beta
  • 316ce21 feat(trusted-publishing): refine the messages for related errors
  • cf14bd9 docs(trusted-publishing): expand further around details for publishing in var...
  • e7d684c fix(verify-auth): enable the publish dry-run to work for projects publishing ...
  • 2d37cf7 chore(deps): update dependency got to v14.6.0 (#1018)
  • a160d8d Merge pull request #1015 from semantic-release/alpha
  • d351eca ci(node-versions): disable node v24 from the verification matrix for now
  • 38b0466 refactor: resolve prettier issues
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Nov 04 '25 03:11 dependabot[bot]

:white_check_mark: Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
:white_check_mark: Open Source Security 0 0 0 0 0 issues

:computer: Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

simonecorsi avatar Nov 04 '25 03:11 simonecorsi

[!IMPORTANT]

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot] avatar Nov 04 '25 03:11 coderabbitai[bot]