[Snyk] Upgrade jira-changelog from 1.5.0 to 1.6.3 #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade jira-changelog from 1.5.0 to 1.6.3. See this package in npm: https://www.npmjs.com/package/jira-changelog See this project in Snyk: https://app.snyk.io/org/prisma-wan/project/686e2c6c-e1dd-4d1f-a4cc-f0940f89a51f?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade jira-changelog from 1.5.0 to 1.6.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-NODEFETCH-2342118
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0011, Social Trends: No, Days since published: 613, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.73, Score Version: V4
SNYK-JS-NODEFETCH-674311
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0011, Social Trends: No, Days since published: 613, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.73, Score Version: V4
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: jira-changelog
-
1.6.3 - 2020-09-02
-
1.6.2 - 2020-04-13
-
1.6.1 - 2020-03-12
-
1.6.0 - 2020-02-20
- Upgrade core libraries to remove security warnings (core-js, lodash, babel, etc)
- Rollup merge commits into a single entry.
- Detect revert commits
- Add unit test coverage.
- Cleaned up a lot of code.
-
1.6.0-beta.1 - 2020-02-10
-
1.6.0-beta.0 - 2020-02-06
-
1.5.0 - 2019-06-13
- Login to Jira with the user used by the jira-changelog script.
- Follow these instructions to get an auth token.
- Update your configuration file:
- Change
- Change
from jira-changelog GitHub release notesFor some reason, the 1.2.1 version of
html-entitieswas suddenly failing. This version does an upgrade to that and other libraries and fixed a couple failing tests.More info: #14
The goal of this release was to remove a lot of unneeded noise from the changelogs. These involve some changes in functionality, please read.
Changes
Detect Reverts
Previously, if you reverted a commit tagged with a Jira ticket, that ticket will still show up in the changelog even though it's no longer there. This is because the git commit would be something like: "Revert [ENG-123] lorem ipsum".
Now, as long as you use the default git revert commit message, jira-changelog will remove those reverted commits from the changelog. It will also intelligently detect a revert of a revert, which reincludes the ticket in the changelog as well as a revert, of a revert, of a revert, and so on.
Rollup Merge Commits
When merging a branch without squashing the commits first, all the commits from that branch will also be added to the git logs; which can cause a lot of noise in the changelog.
Now jira-changelog will attempt to rollup all those commits into the single merge commit. NOTE: This will still use the commit messages for all those commits to detect which tickets were included, but only a single commit will be presented in the changelog.
How it works
Every git log has a "parents" value, which is a list of git commit shas. The first value is the commit which came before this one. If there is more than one parent, it signals a merge and each git commit sha is one of the revisions merged into this. We can use that and then walk backward, to determine all the commits included with a merge.
v1.6.0-beta.1
v1.6.0-beta.0
Jira has deprecated authenticating APIs with username and password. Now API requests need to be authenticated with the user's email address and Auth token.
How to upgrade
usernametoemailand replace the value with the user's login email address.passwordtotokenand the auth token to it.Before
After
Commit messages
Package name: jira-changelog
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs