chore(deps): update dependency lerna to v7 - autoclosed #163

mend-for-github-com · 2024-02-29T18:46:31Z

This PR contains the following updates:

Package	Type	Update	Change
lerna (source)	devDependencies	major	`^3.13.4` -> `^7.0.0`

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
Critical	9.8	CVE-2020-7677	#110
Critical	9.8	CVE-2020-7788	#31
Critical	9.8	CVE-2021-23369	#41
Critical	9.8	CVE-2021-23383	#44
Critical	9.8	CVE-2021-44906	#97
Critical	9.8	CVE-2022-2216	#106
Critical	9.8	CVE-2022-37598	#123
Critical	9.1	CVE-2022-2900	#118
High	8.6	CVE-2021-37701	#69
High	8.6	CVE-2021-37712	#72
High	8.6	CVE-2021-37713	#75
High	8.1	CVE-2021-32803	#68
High	8.1	CVE-2021-32804	#67
High	7.5	CVE-2020-28469	#57
High	7.5	CVE-2021-27290	#42
High	7.5	CVE-2021-33623	#58
High	7.5	CVE-2021-33623	#58
High	7.5	CVE-2021-3807	#74
High	7.5	CVE-2022-0722	#107
High	7.5	CVE-2022-25881	#138
High	7.5	WS-2022-0237	#114
High	7.5	WS-2022-0238	#115
High	7.3	CVE-2020-8116	#33
High	7.3	CVE-2020-8116	#33
High	7.3	CVE-2022-0624	#103

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	7.5	CVE-2022-25883	#148

Release Notes

lerna/lerna (lerna)

`v7.3.0`

Compare Source

Bug Fixes

update make-dir to 4.0.0 and npm audit fix (#3828) (373b8bc)

Features

version: add --sync-dist-version option (#3787) (ba8b946)
version: option to not ignore scripts on lock update (#3823) (4843c3c)

`v7.2.0`

Compare Source

Note: Version bump only for package lerna

7.1.5 (2023-08-09)

Note: Version bump only for package lerna

7.1.4 (2023-07-15)

Bug Fixes

add missing lodash dependency (#3778) (ef935c7)
bump nx to >=16.5.1 (#3767) (0bbd74d)
core: export cli.js for global installs (#3780) (e2e1629)

7.1.3 (2023-07-12)

Bug Fixes

changelog entries for 7.1.2 (f61b087)

7.1.2 (2023-07-12)

version: use async functions to support prettier 3+ (#3766) (8026a7b)

7.1.1 (2023-06-28)

Bug Fixes

schema: add missing ref to changelogEntryAdditionalMarkdown (b41afab)

`v7.1.5`

Compare Source

Note: Version bump only for package lerna

`v7.1.4`

Compare Source

Bug Fixes

add missing lodash dependency (#3778) (ef935c7)
bump nx to >=16.5.1 (#3767) (0bbd74d)
core: export cli.js for global installs (#3780) (e2e1629)

`v7.1.3`

Compare Source

Bug Fixes

changelog entries for 7.1.2 (f61b087)

`v7.1.2`

Compare Source

version: use async functions to support prettier 3+ (#3766) (8026a7b)

`v7.1.1`

Compare Source

Bug Fixes

schema: add missing ref to changelogEntryAdditionalMarkdown (b41afab)

`v7.1.0`

Compare Source

Features

core: export detectProjects utility function (#3740) (641fecb)
repair: add migration to remove unused "lerna" field from lerna.json (#3734) (4fb0427)
version: add --changelog-entry-additional-markdown option (#3751) (63671df)

7.0.2 (2023-06-15)

Note: Version bump only for package lerna

7.0.1 (2023-06-13)

Note: Version bump only for package lerna

`v7.0.2`

Compare Source

Note: Version bump only for package lerna

`v7.0.1`

Compare Source

Note: Version bump only for package lerna

`v7.0.0`

Compare Source

Bug Fixes

bump cosmiconfig to v8 (#3701) (898923d)
internal cli.js should not be bundled (53d73c6)
migration building/publishing issues (27bf800)
publish: use correct version in log messages (#3702) (4be9188)
support nx 16.3.1+ (#3707) (647dbb5)

Features

add migration for adding $schema, increase some strictness (73ceac3)

`v6.6.2`

Compare Source

Bug Fixes

deps: bump pacote to latest to remove install warning (#3624) (7c34521)
remove non-functional schema properties starting with "no" (#3645) (43c2a48)

`v6.6.1`

Compare Source

Bug Fixes

build-metadata reference in lerna schema (e2349ad)
deps: update to rimraf v4, remove path-exists (#3616) (2f2ee2a)
lerna schema type for contents should be string (1625757)

`v6.6.0`

Compare Source

Bug Fixes

update arborist package to get rid of deprecated warning (#3559) (aff38a7)

Features

add @lerna/legacy-package-management package (#3602) (4a03dd5)
version: add user-defined build metadata to bumped packages (#2880) (0b0e2a6)

6.5.1 (2023-02-14)

Bug Fixes

add missing dependency on js-yaml (187f480)

`v6.5.1`

Compare Source

Bug Fixes

add missing dependency on js-yaml (187f480)

`v6.5.0`

Compare Source

Features

publish: add --include-private option for testing private packages (#3503) (fa1f490)

6.4.1 (2023-01-12)

Bug Fixes

run: resolve erroneous failures (#3495) (24d0d5c)

`v6.4.1`

Compare Source

Bug Fixes

run: resolve erroneous failures (#3495) (24d0d5c)

`v6.4.0`

Compare Source

Features

watch: Add lerna watch command (#3466) (008b995)

`v6.3.0`

Compare Source

Features

version: use npmClientArgs in npm install after lerna version (#3434) (e019e3f)

`v6.2.0`

Compare Source

Bug Fixes

schema: add the other format changelogPreset can assume (#3441) (d286973)

Features

publish: add --summary-file option (#2653) (027d943)

`v6.1.0`

Compare Source

Features

version: bump prerelease versions from conventional commits (#3362) (2288b3a)

6.0.3 (2022-11-07)

Note: Version bump only for package lerna

6.0.2 (2022-11-02)

Note: Version bump only for package lerna

6.0.1 (2022-10-14)

Bug Fixes

run: allow for loading of env files to be skipped (#3375) (5dbd904)

`v6.0.3`

Compare Source

Note: Version bump only for package lerna

`v6.0.2`

Compare Source

Note: Version bump only for package lerna

`v6.0.1`

Compare Source

Bug Fixes

run: allow for loading of env files to be skipped (#3375) (5dbd904)

`v6.0.0`

Compare Source

Note: Version bump only for package lerna

`v5.6.2`

Compare Source

Note: Version bump only for package lerna

`v5.6.1`

Compare Source

Bug Fixes

add-caching: ensure lerna.json is configured automatically (9677cda)

`v5.6.0`

Compare Source

Features

core: add add-caching command (#3350) (ef09a06)
repair: add lerna repair command (#3314) (7defab3)

5.5.4 (2022-09-28)

Note: Version bump only for package lerna

5.5.3 (2022-09-28)

Note: Version bump only for package lerna

5.5.2 (2022-09-20)

Note: Version bump only for package lerna

5.5.1 (2022-09-09)

Bug Fixes

run: exclude dependencies with --scope when nx.json is not present (#3316) (99a13a9)

`v5.5.4`

Compare Source

Note: Version bump only for package lerna

`v5.5.2`

Compare Source

Note: Version bump only for package lerna

`v5.5.1`

Compare Source

Bug Fixes

run: exclude dependencies with --scope when nx.json is not present (#3316) (99a13a9)

`v5.5.0`

Compare Source

Features

pnpm workspaces support (#3284) (1b18dbe)
repair: add lerna repair command (#3302) (aae1a2b)

Reverts

Revert "feat(repair): add lerna repair command" (#3313) (d261112), closes #3313 #3302

5.4.3 (2022-08-16)

Note: Version bump only for package lerna

5.4.2 (2022-08-14)

Note: Version bump only for package lerna

5.4.1 (2022-08-12)

Note: Version bump only for package lerna

`v5.4.3`

Compare Source

Note: Version bump only for package lerna

`v5.4.2`

Compare Source

Note: Version bump only for package lerna

`v5.4.1`

Compare Source

Note: Version bump only for package lerna

`v5.4.0`

Compare Source

Bug Fixes

core: update nx version range base to latest (#3283) (241cdde)

`v5.3.0`

Compare Source

Features

publish: include all dependencies in package graph by default, allow no-sort (#3263) (3b0c79c)

`v5.2.0`

Compare Source

Features

add json schema for lerna.json (#3229) (5075eae)
init: default useNx and useWorkspaces to true for new lerna workspaces (#3255) (a0e83e5)

5.1.8 (2022-07-07)

Note: Version bump only for package lerna

5.1.7 (2022-07-06)

Note: Version bump only for package lerna

5.1.6 (2022-06-24)

Note: Version bump only for package lerna

5.1.5 (2022-06-24)

Note: Version bump only for package lerna

5.1.4 (2022-06-15)

Note: Version bump only for package lerna

5.1.3 (2022-06-15)

Note: Version bump only for package lerna

5.1.2 (2022-06-13)

Bug Fixes

update all transitive inclusions of ansi-regex (#3166) (56eaa15)

5.1.1 (2022-06-09)

Bug Fixes

allow maintenance LTS node 14 engines starting at 14.15.0 (#3161) (72305e4)

`v5.1.8`

Compare Source

Note: Version bump only for package lerna

`v5.1.7`

Compare Source

Note: Version bump only for package lerna

`v5.1.6`

Compare Source

Note: Version bump only for package lerna

`v5.1.5`

Compare Source

Note: Version bump only for package lerna

`v5.1.4`

Compare Source

Note: Version bump only for package lerna

`v5.1.3`

Compare Source

Note: Version bump only for package lerna

`v5.1.2`

Compare Source

Bug Fixes

update all transitive inclusions of ansi-regex (#3166) (56eaa15)

`v5.1.1`

Compare Source

Bug Fixes

allow maintenance LTS node 14 engines starting at 14.15.0 (#3161) (72305e4)

`v5.1.0`

Compare Source

Note: Version bump only for package lerna

`v5.0.0`

Compare Source

Note: Version bump only for package lerna

`v4.0.0`

Compare Source

Features

Consume named exports of sibling modules (63499e3)
deps: import-local@^3.0.2 (e0e74d4)
Drop support for Node v6.x & v8.x (ff4bb4d)

BREAKING CHANGES

Node v6.x & v8.x are no longer supported. Please upgrade to the latest LTS release.

Here's the gnarly one-liner I used to make these changes:

npx lerna exec --concurrency 1 --stream -- 'json -I -f package.json -e '"'"'this.engines=this.engines||{};this.engines.node=">= 10.18.0"'"'"

(requires npm i -g json beforehand)

3.22.1 (2020-06-09)

Note: Version bump only for package lerna

`v3.22.1`

Compare Source

Note: Version bump only for package lerna

`v3.22.0`

Compare Source

Note: Version bump only for package lerna

`v3.21.0`

Compare Source

Note: Version bump only for package lerna

3.20.2 (2020-01-02)

Note: Version bump only for package lerna

3.20.1 (2019-12-29)

Note: Version bump only for package lerna

If you want to rebase/retry this PR, check this box

chore(deps): update dependency lerna to v7

8e9fa41

mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Feb 29, 2024

mend-for-github-com bot changed the title ~~chore(deps): update dependency lerna to v7~~ chore(deps): update dependency lerna to v7 - autoclosed Mar 3, 2024

mend-for-github-com bot closed this Mar 3, 2024

mend-for-github-com bot deleted the whitesource-remediate/lerna-7.x branch March 3, 2024 19:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency lerna to v7 - autoclosed #163

chore(deps): update dependency lerna to v7 - autoclosed #163

mend-for-github-com bot commented Feb 29, 2024

chore(deps): update dependency lerna to v7 - autoclosed #163

chore(deps): update dependency lerna to v7 - autoclosed #163

Conversation

mend-for-github-com bot commented Feb 29, 2024

Release Notes

Bug Fixes

Features

7.1.5 (2023-08-09)

7.1.4 (2023-07-15)

Bug Fixes

7.1.3 (2023-07-12)

Bug Fixes

7.1.2 (2023-07-12)

7.1.1 (2023-06-28)

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

7.0.2 (2023-06-15)

7.0.1 (2023-06-13)

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Features

6.5.1 (2023-02-14)

Bug Fixes

Bug Fixes

Features

6.4.1 (2023-01-12)

Bug Fixes

Bug Fixes

Features

Features

Bug Fixes

Features

Features

6.0.3 (2022-11-07)

6.0.2 (2022-11-02)

6.0.1 (2022-10-14)

Bug Fixes

Bug Fixes

Bug Fixes

Features

5.5.4 (2022-09-28)

5.5.3 (2022-09-28)

5.5.2 (2022-09-20)

5.5.1 (2022-09-09)

Bug Fixes

Bug Fixes

Features

Reverts

5.4.3 (2022-08-16)

5.4.2 (2022-08-14)

5.4.1 (2022-08-12)

Bug Fixes

Features

Features

5.1.8 (2022-07-07)

5.1.7 (2022-07-06)

5.1.6 (2022-06-24)

5.1.5 (2022-06-24)

5.1.4 (2022-06-15)

5.1.3 (2022-06-15)

5.1.2 (2022-06-13)

Bug Fixes

5.1.1 (2022-06-09)

Bug Fixes

Bug Fixes

Bug Fixes

Features

BREAKING CHANGES

3.22.1 (2020-06-09)

3.20.2 (2020-01-02)

3.20.1 (2019-12-29)