lib/get-config.js aktualisiert

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/workflows/release.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+      - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
         with:
           cache: npm
           node-version: lts/*

.github/workflows/scorecard.yml

@@ -25,12 +25,12 @@ jobs:
           results_format: sarif
           publish_results: true
       - name: Upload artifact
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
+        uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
         with:
           sarif_file: results.sarif

.github/workflows/test.yml

@@ -25,9 +25,9 @@ jobs:
     strategy:
       matrix:
         node-version:
-          - 18.17.0
-          - 20.6.1
+          - 20.8.1
           - 20
+          - 21
 
     runs-on: ubuntu-latest
     timeout-minutes: 5
@@ -37,7 +37,7 @@ jobs:
       - run: git config --global user.name github-actions
       - run: git config --global user.email github-actions@github.com
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
         with:
           node-version: ${{ matrix.node-version }}
           cache: npm
@@ -55,7 +55,7 @@ jobs:
       - run: git config --global user.name github-actions
       - run: git config --global user.email github-actions@github.com
       - name: Use Node.js from .nvmrc
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
         with:
           node-version-file: .nvmrc
           cache: npm
@@ -70,7 +70,7 @@ jobs:
     needs:
       - test_dev
       - test_matrix
-    if: always()
+    if: ${{ !cancelled() }}
     steps:
       - name: All matrix versions passed
         if: ${{ !(contains(needs.*.result, 'failure')) }}

README.md

@@ -69,7 +69,7 @@ The table below shows which commit message gets you which release type when `sem
 ### Automation with CI
 
 **semantic-release** is meant to be executed on the CI environment after every successful build on the release branch.
-This way no human is directly involved in the release process and the releases are guaranteed to be [unromantic and unsentimental](http://sentimentalversioning.org).
+This way no human is directly involved in the release process and the releases are guaranteed to be [unromantic and unsentimental](https://github.com/dominictarr/sentimental-versioning#readme).
 
 ### Triggering a release
 
@@ -110,9 +110,9 @@ In order to use **semantic-release** you need:
 ## Documentation
 
 - Usage
-  - [Getting started](docs/usage/getting-started.md#getting-started)
-  - [Installation](docs/usage/installation.md#installation)
-  - [CI Configuration](docs/usage/ci-configuration.md#ci-configuration)
+  - [Getting started](docs/usage/getting-started.md)
+  - [Installation](docs/usage/installation.md)
+  - [CI Configuration](docs/usage/ci-configuration.md)
   - [Configuration](docs/usage/configuration.md#configuration)
   - [Plugins](docs/usage/plugins.md)
   - [Workflow configuration](docs/usage/workflow-configuration.md)

SUMMARY.md

@@ -2,7 +2,7 @@
 
 ## Usage
 
-- [Getting started](docs/usage/getting-started.md#getting-started)
+- [Getting started](docs/usage/getting-started.md)
 - [Installation](docs/usage/installation.md)
 - [CI Configuration](docs/usage/ci-configuration.md)
 - [Configuration](docs/usage/configuration.md)

docs/developer-guide/js-api.md

@@ -127,7 +127,7 @@ It allows to configure **semantic-release** to write errors to a specific stream
 
 Type: `Object` `Boolean`<br>
 
-And object with [`lastRelease`](#lastrelease), [`nextRelease`](#nextrelease), [`commits`](#commits) and [`releases`](#releases) if a release is published or `false` if no release was published.
+An object with [`lastRelease`](#lastrelease), [`nextRelease`](#nextrelease), [`commits`](#commits) and [`releases`](#releases) if a release is published or `false` if no release was published.
 
 #### lastRelease
 
@@ -159,7 +159,7 @@ Example:
 
 Type: `Array<Object>`
 
-The list of commit included in the new release.<br>
+The list of commit(s) included in the new release.<br>
 Each commit object has the following properties:
 
 | Name            | Type     | Description                                     |

docs/support/node-version.md

@@ -1,6 +1,6 @@
 # Node version requirement
 
-**semantic-release** is written using the latest [ECMAScript 2017](https://www.ecma-international.org/publications/standards/Ecma-262.htm) features, without transpilation which **requires Node version 18.0.0 or higher**.
+**semantic-release** is written using the latest [ECMAScript 2017](https://www.ecma-international.org/publications/standards/Ecma-262.htm) features, without transpilation which **requires Node version 20.8.1 or higher**.
 
 **semantic-release** is meant to be used in a CI environment as a development support tool, not as a production dependency.
 Therefore, the only constraint is to run the `semantic-release` in a CI environment providing version of Node that meets our version requirement.

docs/usage/getting-started.md

@@ -6,16 +6,3 @@ In order to use **semantic-release** you must follow these steps:
 2. Configure your Continuous Integration service to [run **semantic-release**](./ci-configuration.md#run-semantic-release-only-after-all-tests-succeeded)
 3. Configure your Git repository and package manager repository [authentication](ci-configuration.md#authentication) in your Continuous Integration service
 4. Configure **semantic-release** [options and plugins](./configuration.md#configuration)
-
-Alternatively those steps can be easily done with the [**semantic-release** interactive CLI](https://github.com/semantic-release/cli):
-
-```bash
-cd your-module
-npx semantic-release-cli setup
-```
-
-![dialogue](../../media/semantic-release-cli.png)
-
-See the [semantic-release-cli](https://github.com/semantic-release/cli#what-it-does) documentation for more details.
-
-**Note**: only a limited number of options, CI services and plugins are currently supported by `semantic-release-cli`.

index.js

@@ -123,12 +123,15 @@ async function run(context, plugins) {
       if (options.dryRun) {
         logger.warn(`Skip ${nextRelease.gitTag} tag creation in dry-run mode`);
       } else {
-        await addNote({ channels: [...currentRelease.channels, nextRelease.channel] }, nextRelease.gitHead, {
+        await addNote({ channels: [...currentRelease.channels, nextRelease.channel] }, nextRelease.gitTag, {
           cwd,
           env,
         });
         await push(options.repositoryUrl, { cwd, env });
-        await pushNotes(options.repositoryUrl, { cwd, env });
+        await pushNotes(options.repositoryUrl, nextRelease.gitTag, {
+          cwd,
+          env,
+        });
         logger.success(
           `Add ${nextRelease.channel ? `channel ${nextRelease.channel}` : "default channel"} to tag ${
             nextRelease.gitTag
@@ -203,9 +206,9 @@ async function run(context, plugins) {
   } else {
     // Create the tag before calling the publish plugins as some require the tag to exists
     await tag(nextRelease.gitTag, nextRelease.gitHead, { cwd, env });
-    await addNote({ channels: [nextRelease.channel] }, nextRelease.gitHead, { cwd, env });
+    await addNote({ channels: [nextRelease.channel] }, nextRelease.gitTag, { cwd, env });
     await push(options.repositoryUrl, { cwd, env });
-    await pushNotes(options.repositoryUrl, { cwd, env });
+    await pushNotes(options.repositoryUrl, nextRelease.gitTag, { cwd, env });
     logger.success(`Created tag ${nextRelease.gitTag}`);
   }
 

lib/branches/normalize.js

@@ -60,7 +60,7 @@ export function release({ release }) {
     return release;
   }
 
-  // The intial lastVersion is the last release from the base branch of `FIRST_RELEASE` (1.0.0)
+  // The initial lastVersion is the last release from the base branch of `FIRST_RELEASE` (1.0.0)
   let lastVersion = getLatestVersion(tagsToVersions(release[0].tags)) || FIRST_RELEASE;
 
   return release.map(({ name, tags, channel, ...rest }, idx) => {

lib/get-config.js

@@ -1,10 +1,10 @@
-import { dirname, extname } from "node:path";
+import { dirname } from "node:path";
 import { fileURLToPath } from "node:url";
 
 import { castArray, isNil, isPlainObject, isString, pickBy } from "lodash-es";
 import { readPackageUp } from "read-pkg-up";
 import { cosmiconfig } from "cosmiconfig";
-import resolveFrom from "resolve-from";
+import importFrom from "import-from-esm";
 import debugConfig from "debug";
 import { repoUrl } from "./git.js";
 import PLUGINS_DEFINITIONS from "./definitions/plugins.js";
@@ -33,17 +33,7 @@ export default async (context, cliOptions) => {
     options = {
       ...(await castArray(extendPaths).reduce(async (eventualResult, extendPath) => {
         const result = await eventualResult;
-        const resolvedPath = resolveFrom.silent(__dirname, extendPath) || resolveFrom(cwd, extendPath);
-        const importAssertions =
-          extname(resolvedPath) === ".json"
-            ? {
-                assert: {
-                  type: "json",
-                },
-              }
-            : undefined;
-
-        const { default: extendsOptions } = await import(resolvedPath, importAssertions);
+        const extendsOptions = (await importFrom.silent(__dirname, extendPath)) || (await importFrom(cwd, extendPath));
 
         // For each plugin defined in a shareable config, save in `pluginsPath` the extendable config path,
         // so those plugin will be loaded relative to the config file
@@ -84,8 +74,8 @@ export default async (context, cliOptions) => {
     plugins: [
       "@semantic-release/commit-analyzer",
       "@semantic-release/release-notes-generator",
-      "@semantic-release/npm",
-      "@semantic-release/github",
+      //"@semantic-release/npm",
+      //"@semantic-release/github",
     ],
     // Remove `null` and `undefined` options, so they can be replaced with default ones
     ...pickBy(options, (option) => !isNil(option)),

lib/get-git-auth-url.js

@@ -36,7 +36,7 @@ function formatAuthUrl(protocol, repositoryUrl, gitCredentials) {
  * @param {Object} context semantic-release context.
  * @param {String} authUrl Repository URL to verify
  *
- * @return {String} The authUrl as is if the connection was successfull, null otherwise
+ * @return {String} The authUrl as is if the connection was successful, null otherwise
  */
 async function ensureValidAuthUrl({ cwd, env, branch }, authUrl) {
   try {

lib/git.js

@@ -2,6 +2,7 @@ import gitLogParser from "git-log-parser";
 import getStream from "get-stream";
 import { execa } from "execa";
 import debugGit from "debug";
+import { merge } from "lodash-es";
 import { GIT_NOTE_REF } from "./definitions/constants.js";
 
 const debug = debugGit("semantic-release:git");
@@ -141,13 +142,9 @@ export async function fetch(repositoryUrl, branch, ciBranch, execaOptions) {
  */
 export async function fetchNotes(repositoryUrl, execaOptions) {
   try {
-    await execa(
-      "git",
-      ["fetch", "--unshallow", repositoryUrl, `+refs/notes/${GIT_NOTE_REF}:refs/notes/${GIT_NOTE_REF}`],
-      execaOptions
-    );
+    await execa("git", ["fetch", "--unshallow", repositoryUrl, `+refs/notes/*:refs/notes/*`], execaOptions);
   } catch {
-    await execa("git", ["fetch", repositoryUrl, `+refs/notes/${GIT_NOTE_REF}:refs/notes/${GIT_NOTE_REF}`], {
+    await execa("git", ["fetch", repositoryUrl, `+refs/notes/*:refs/notes/*`], {
       ...execaOptions,
       reject: false,
     });
@@ -246,8 +243,8 @@ export async function push(repositoryUrl, execaOptions) {
  *
  * @throws {Error} if the push failed.
  */
-export async function pushNotes(repositoryUrl, execaOptions) {
-  await execa("git", ["push", repositoryUrl, `refs/notes/${GIT_NOTE_REF}`], execaOptions);
+export async function pushNotes(repositoryUrl, ref, execaOptions) {
+  await execa("git", ["push", repositoryUrl, `refs/notes/${GIT_NOTE_REF}-${ref}`], execaOptions);
 }
 
 /**
@@ -307,8 +304,26 @@ export async function isBranchUpToDate(repositoryUrl, branch, execaOptions) {
  * @return {Object} the parsed JSON note if there is one, an empty object otherwise.
  */
 export async function getNote(ref, execaOptions) {
+  const handleError = (error) => {
+    if (error.exitCode === 1) {
+      return { stdout: "{}" };
+    }
+
+    debug(error);
+    throw error;
+  };
+
   try {
-    return JSON.parse((await execa("git", ["notes", "--ref", GIT_NOTE_REF, "show", ref], execaOptions)).stdout);
+    return merge(
+      JSON.parse(
+        // Used for retro-compatibility
+        (await execa("git", ["notes", "--ref", GIT_NOTE_REF, "show", ref], execaOptions).catch(handleError)).stdout
+      ),
+      JSON.parse(
+        (await execa("git", ["notes", "--ref", `${GIT_NOTE_REF}-${ref}`, "show", ref], execaOptions).catch(handleError))
+          .stdout
+      )
+    );
   } catch (error) {
     if (error.exitCode === 1) {
       return {};
@@ -327,5 +342,19 @@ export async function getNote(ref, execaOptions) {
  * @param {Object} [execaOpts] Options to pass to `execa`.
  */
 export async function addNote(note, ref, execaOptions) {
-  await execa("git", ["notes", "--ref", GIT_NOTE_REF, "add", "-f", "-m", JSON.stringify(note), ref], execaOptions);
+  await execa(
+    "git",
+    ["notes", "--ref", `${GIT_NOTE_REF}-${ref}`, "add", "-f", "-m", JSON.stringify(note), ref],
+    execaOptions
+  );
+}
+
+/**
+ * Get the reference of a tag
+ *
+ * @param {String} tag The tag name to get the reference of.
+ * @param {Object} [execaOpts] Options to pass to `execa`.
+ **/
+export async function getTagRef(tag, execaOptions) {
+  return (await execa("git", ["show-ref", tag, "--hash"], execaOptions)).stdout;
 }

package.json

@@ -33,9 +33,9 @@
     "@semantic-release/npm": "^11.0.0",
     "@semantic-release/release-notes-generator": "^12.0.0",
     "aggregate-error": "^5.0.0",
-    "cosmiconfig": "^8.0.0",
+    "cosmiconfig": "^9.0.0",
     "debug": "^4.0.0",
-    "env-ci": "^10.0.0",
+    "env-ci": "^11.0.0",
     "execa": "^8.0.0",
     "figures": "^6.0.0",
     "find-versions": "^5.1.0",
@@ -43,9 +43,10 @@
     "git-log-parser": "^1.2.0",
     "hook-std": "^3.0.0",
     "hosted-git-info": "^7.0.0",
+    "import-from-esm": "^1.3.1",
     "lodash-es": "^4.17.21",
-    "marked": "^9.0.0",
-    "marked-terminal": "^6.0.0",
+    "marked": "^11.0.0",
+    "marked-terminal": "^7.0.0",
     "micromatch": "^4.0.2",
     "p-each-series": "^3.0.0",
     "p-reduce": "^3.0.0",
@@ -57,31 +58,31 @@
     "yargs": "^17.5.1"
   },
   "devDependencies": {
-    "ava": "5.3.1",
-    "c8": "8.0.1",
+    "ava": "6.1.1",
+    "c8": "9.1.0",
     "clear-module": "4.1.2",
     "codecov": "3.8.3",
     "cz-conventional-changelog": "3.3.0",
-    "dockerode": "4.0.0",
+    "dockerode": "4.0.2",
     "file-url": "4.0.0",
-    "fs-extra": "11.1.1",
-    "got": "13.0.0",
+    "fs-extra": "11.2.0",
+    "got": "14.2.0",
     "js-yaml": "4.1.0",
     "lockfile-lint": "4.12.1",
-    "ls-engines": "0.9.0",
+    "ls-engines": "0.9.1",
     "mockserver-client": "5.15.0",
-    "nock": "13.3.8",
-    "npm-run-all2": "6.1.1",
-    "p-retry": "6.1.0",
-    "prettier": "3.0.3",
-    "publint": "0.2.5",
+    "nock": "13.5.1",
+    "npm-run-all2": "6.1.2",
+    "p-retry": "6.2.0",
+    "prettier": "3.2.5",
+    "publint": "0.2.7",
     "sinon": "17.0.1",
     "stream-buffers": "3.0.2",
     "tempy": "3.1.0",
-    "testdouble": "3.20.0"
+    "testdouble": "3.20.1"
   },
   "engines": {
-    "node": "^18.17 || >=20.6.1"
+    "node": ">=20.8.1"
   },
   "files": [
     "bin",
@@ -158,7 +159,7 @@
   },
   "renovate": {
     "extends": [
-      "github>semantic-release/.github"
+      "github>semantic-release/.github:renovate-config"
     ]
   }
 }

test/helpers/git-utils.js

@@ -98,7 +98,7 @@ export async function gitCommits(messages, execaOptions) {
 /**
  * Get the list of parsed commits since a git reference.
  *
- * @param {String} [from] Git reference from which to seach commits.
+ * @param {String} [from] Git reference from which to search commits.
  * @param {Object} [execaOpts] Options to pass to `execa`.
  *
  * @return {Array<Object>} The list of parsed commits.
@@ -240,7 +240,7 @@ export async function gitTagHead(tagName, execaOptions) {
  * Get the first commit sha referenced by the tag `tagName` in the remote repository.
  *
  * @param {String} repositoryUrl The repository remote URL.
- * @param {String} tagName The tag name to seach for.
+ * @param {String} tagName The tag name to search for.
  * @param {Object} [execaOpts] Options to pass to `execa`.
  *
  * @return {String} The sha of the commit associated with `tagName` on the remote repository.
@@ -315,7 +315,7 @@ export async function rebase(ref, execaOptions) {
  * @param {Object} [execaOpts] Options to pass to `execa`.
  */
 export async function gitAddNote(note, ref, execaOptions) {
-  await execa("git", ["notes", "--ref", GIT_NOTE_REF, "add", "-m", note, ref], execaOptions);
+  await execa("git", ["notes", "--ref", `${GIT_NOTE_REF}-${ref}`, "add", "-m", note, ref], execaOptions);
 }
 
 /**
@@ -325,5 +325,5 @@ export async function gitAddNote(note, ref, execaOptions) {
  * @param {Object} [execaOpts] Options to pass to `execa`.
  */
 export async function gitGetNote(ref, execaOptions) {
-  return (await execa("git", ["notes", "--ref", GIT_NOTE_REF, "show", ref], execaOptions)).stdout;
+  return (await execa("git", ["notes", "--ref", `${GIT_NOTE_REF}-${ref}`, "show", ref], execaOptions)).stdout;
 }

test/hide-sensitive.test.js

@@ -11,7 +11,7 @@ test("Replace multiple sensitive environment variable values", (t) => {
   );
 });
 
-test("Replace multiple occurences of sensitive environment variable values", (t) => {
+test("Replace multiple occurrences of sensitive environment variable values", (t) => {
   const env = { secretKey: "secret" };
   t.is(
     hideSensitive(env)(`https://user:${env.secretKey}@host.com?token=${env.secretKey}`),

test/plugins/normalize.test.js

@@ -96,7 +96,7 @@ test("Normalize and load plugin from function", async (t) => {
   t.is(typeof plugin, "function");
 });
 
-test("Normalize and load plugin that retuns multiple functions", async (t) => {
+test("Normalize and load plugin that returns multiple functions", async (t) => {
   const plugin = await normalize(
     { cwd, options: {}, logger: t.context.logger },
     "verifyConditions",

test/plugins/utils.test.js

@@ -52,7 +52,7 @@ test("validateStep: optional plugin configuration", (t) => {
   t.true(validateStep(type, { path: () => {}, options: "value" }));
   t.false(validateStep(type, { path: null }));
 
-  // Considered as an Array of 2 definitions and not as one Array definition in case of a muliple plugin type
+  // Considered as an Array of 2 definitions and not as one Array definition in case of a multiple plugin type
   t.false(validateStep(type, [() => {}, { options: "value" }]));
   t.false(validateStep(type, ["plugin-path.js", { options: "value" }]));
 
@@ -134,7 +134,7 @@ test("validateStep: required plugin configuration", (t) => {
   t.true(validateStep(type, { path: () => {}, options: "value" }));
   t.false(validateStep(type, { path: null }));
 
-  // Considered as an Array of 2 definitions and not as one Array definition in the case of a muliple plugin type
+  // Considered as an Array of 2 definitions and not as one Array definition in the case of a multiple plugin type
   t.false(validateStep(type, [() => {}, { options: "value" }]));
   t.false(validateStep(type, ["plugin-path.js", { options: "value" }]));