Skip to content

chore(deps): bump @tootallnate/once, semantic-release, @semantic-release/github and @semantic-release/npm#475

Merged
cameri merged 5 commits intomainfrom
dependabot/npm_and_yarn/multi-8794fb37d7
Apr 18, 2026
Merged

chore(deps): bump @tootallnate/once, semantic-release, @semantic-release/github and @semantic-release/npm#475
cameri merged 5 commits intomainfrom
dependabot/npm_and_yarn/multi-8794fb37d7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 15, 2026
edited
Loading

Removes @tootallnate/once. It's no longer used after updating ancestor dependencies @tootallnate/once, semantic-release, @semantic-release/github and @semantic-release/npm. These dependencies need to be updated together.

Removes @tootallnate/once

Updates semantic-release from 19.0.5 to 25.0.3

Release notes

Sourced from semantic-release's releases.

v25.0.3

25.0.3 (2026-01-30)

Bug Fixes

v25.0.2

25.0.2 (2025-11-07)

Bug Fixes

  • deps: update dependency read-package-up to v12 (#3935) (1494cb9)

v25.0.1

25.0.1 (2025-10-19)

Bug Fixes

v25.0.1-beta.3

25.0.1-beta.3 (2025-10-19)

Bug Fixes

  • deps: update to latest npm plugin (a96aced)

v25.0.1-beta.2

25.0.1-beta.2 (2025-10-19)

Bug Fixes

v25.0.1-beta.1

25.0.1-beta.1 (2025-10-16)

Bug Fixes

... (truncated)

Commits
  • f404124 fix(deps): remove deprecated semver-diff (#3980)
  • fef7e34 docs: warn against using registry-url in setup-node (#4024)
  • 699d470 chore(deps): update dependency lockfile-lint to v5 (#4022)
  • c7c6f7a chore(deps): update dependency tempy to v3.1.2 (#4021)
  • 1ce5088 ci(action): update github/codeql-action action to v4.32.0 (#4019)
  • 9bb0d87 chore(deps): lock file maintenance (#4016)
  • 490171c chore(deps): update npm to v11.8.0 (#4015)
  • f6411e9 chore(deps): update dependency prettier to v3.8.1 (#4014)
  • c71c576 chore(deps): update dependency publint to v0.3.17 (#4013)
  • 989e18c chore(deps): update dependency tempy to v3.1.1 (#4012)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for semantic-release since your current version.


Updates @semantic-release/github from 8.0.6 to 8.1.0

Release notes

Sourced from @​semantic-release/github's releases.

v8.1.0

8.1.0 (2023-05-28)

Features

v8.0.9

8.0.9 (2023-05-28)

Bug Fixes

  • deps: update dependency https-proxy-agent to v7 (#636) (0f12010)

v8.0.8

Bug Fixes

  • Use Octokit for request retries and throttling to prevent rate limit errors (#487) (3dc59ec)

v8.0.7

8.0.7 (2022-11-28)

Bug Fixes

  • deps: update dependency fs-extra to v11 (8bba5f0)
Commits
  • 3c42e02 feat: add 'draftRelease' option (#379)
  • 0f12010 fix(deps): update dependency https-proxy-agent to v7 (#636)
  • 3dc59ec fix: use retry and throttle octokit plugins (#487)
  • 94a0a7b chore(deps): update dependency sinon to v15.1.0 (#633)
  • 8efe794 chore(deps): lock file maintenance (#626)
  • 31e65c6 chore(deps): pin dependencies (#625)
  • b804981 chore(deps): update dependency semantic-release to v21.0.2 (#623)
  • cf73cad chore(deps): update dependency nock to v13.3.1 (#621)
  • 8ee5a57 chore(deps): lock file maintenance (#618)
  • c03b19d chore(deps): update dependency sinon to v15.0.4 (#617)
  • Additional commits viewable in compare view

Updates @semantic-release/npm from 9.0.1 to 13.1.5

Release notes

Sourced from @​semantic-release/npm's releases.

v13.1.5

13.1.5 (2026-03-01)

Bug Fixes

  • deps: update dependency normalize-url to v9 (#1095) (daec492)

v13.1.4

13.1.4 (2026-02-06)

Bug Fixes

  • deps: update dependency @​actions/core to v3 (#1085) (17abfe1)

v13.1.3

13.1.3 (2025-12-12)

Bug Fixes

  • deps: update dependency @​actions/core to v2 (#1055) (fa4a3ab)

v13.1.2

13.1.2 (2025-11-14)

Bug Fixes

v13.1.1

13.1.1 (2025-10-19)

Bug Fixes

  • publish-dry-run: temporarily remove the addition of dry-running the publish step (30bd176)

v13.1.0

13.1.0 (2025-10-19)

Features

  • trusted-publishing: verify auth, considering OIDC vs tokens from various registries (e3319f1), closes #958
  • trusted-publishing: refine the messages for related errors (316ce21), closes #958
  • trusted-publishing: make request to verify if OIDC token exchange can succeed (c80ecb0), closes #958
  • trusted-publishing: pass id-token as bearer header for github actions (d83b727), closes #958
  • trusted-publishing: pass id-token as bearer header for gitlab pipelines (6d1c3cf), closes #958

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​semantic-release/npm since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 15, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 15, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​semantic-release/​github@​8.0.6 ⏵ 8.1.09810010090 -3100
Updated@​semantic-release/​npm@​9.0.1 ⏵ 13.1.59810010093100

View full report

@dependabot
chore(deps): bump @tootallnate/once, semantic-release, @semantic-rele…
43ef6f6 
…ase/github and @semantic-release/npm

Removes [@tootallnate/once](https://github.com/TooTallNate/once). It's no longer used after updating ancestor dependencies [@tootallnate/once](https://github.com/TooTallNate/once), [semantic-release](https://github.com/semantic-release/semantic-release), [@semantic-release/github](https://github.com/semantic-release/github) and [@semantic-release/npm](https://github.com/semantic-release/npm). These dependencies need to be updated together.


Removes `@tootallnate/once`

Updates `semantic-release` from 19.0.5 to 25.0.3
- [Release notes](https://github.com/semantic-release/semantic-release/releases)
- [Commits](semantic-release/semantic-release@v19.0.5...v25.0.3)

Updates `@semantic-release/github` from 8.0.6 to 8.1.0
- [Release notes](https://github.com/semantic-release/github/releases)
- [Commits](semantic-release/github@v8.0.6...v8.1.0)

Updates `@semantic-release/npm` from 9.0.1 to 13.1.5
- [Release notes](https://github.com/semantic-release/npm/releases)
- [Commits](semantic-release/npm@v9.0.1...v13.1.5)

---
updated-dependencies:
- dependency-name: "@tootallnate/once"
  dependency-version: 
  dependency-type: indirect
- dependency-name: semantic-release
  dependency-version: 25.0.3
  dependency-type: direct:development
- dependency-name: "@semantic-release/github"
  dependency-version: 8.1.0
  dependency-type: direct:development
- dependency-name: "@semantic-release/npm"
  dependency-version: 13.1.5
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-8794fb37d7 branch from 0c121da to 43ef6f6 Compare April 17, 2026 03:24
@cameri
Copy link
Copy Markdown
Owner

cameri commented Apr 18, 2026

@copilot can you make it so the commitlint rule allows commit messages longer than 120 characters? that way dependabot commits don't always fail commitlint

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 18, 2026

@copilot can you make it so the commitlint rule allows commit messages longer than 120 characters? that way dependabot commits don't always fail commitlint

Done in 475e69b. Added 'header-max-length': [0, 'always'] to commitlint.config.js, which disables the header length check entirely (severity 0 = off), so dependabot commit messages of any length will pass.

Copilot AI requested a review from cameri April 18, 2026 01:12
@cameri
Copy link
Copy Markdown
Owner

cameri commented Apr 18, 2026

@copilot now commitlint is failing with this error:
✖ body's lines must not be longer than 250 characters [body-max-line-length]
let's disable body-max-line-length as well.

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 18, 2026

@copilot now commitlint is failing with this error:
✖ body's lines must not be longer than 250 characters [body-max-line-length]
let's disable body-max-line-length as well.

Done in 4687e0d. Changed body-max-line-length severity from 2 (error) to 0 (off) in commitlint.config.js.

cameri
cameri previously approved these changes Apr 18, 2026
View reviewed changes
@cameri
Copy link
Copy Markdown
Owner

cameri commented Apr 18, 2026

@copilot resolve the merge conflicts in this pull request

@cameri
Merge remote-tracking branch 'origin/main' into dependabot/npm_and_ya…
e391730 
…rn/multi-8794fb37d7

# Conflicts:
#	package-lock.json

Co-authored-by: cameri <378886+cameri@users.noreply.github.com>
Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 18, 2026

@copilot resolve the merge conflicts in this pull request

Done in e391730. The only conflict was in package-lock.json — resolved by merging origin/main and regenerating the lockfile with npm install --package-lock-only.

Copilot AI requested a review from cameri April 18, 2026 04:51
@cameri cameri merged commit 862cc29 into main Apr 18, 2026
10 checks passed
@cameri cameri deleted the dependabot/npm_and_yarn/multi-8794fb37d7 branch April 18, 2026 04:54
@coveralls
Copy link
Copy Markdown
Collaborator

coveralls commented Apr 18, 2026

Coverage Report for CI Build 24597261388

Coverage remained the same at 49.987%

Details

  • Coverage remained the same as the base build.
  • Patch coverage: No coverable lines changed in this PR.
  • No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.

Coverage Stats

Coverage Status
Relevant Lines: 2756
Covered Lines: 1435
Line Coverage: 52.07%
Relevant Branches: 1109
Covered Branches: 497
Branch Coverage: 44.82%
Branches in Coverage %: Yes
Coverage Strength: 9.23 hits per line
💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cameri cameri cameri approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cameri @coveralls