[Snyk] Fix for 12 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451341	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS ) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	635/1000 Why? Has a fix available, CVSS 8.2	Information Disclosure SNYK-JS-SEMANTICRELEASE-1041706	Yes	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: semantic-release

The new version differs by 250 commits.

• 52238cb fix(deps): Require find-versions ^4.0.0 (#1722)
• af596a9 docs: semantic-release SVG logo (#1715) thanks @ bromso
• 6c7e4be docs: add semantic-release-helm plugin (#1713)
• c177d4b docs: add semantic-release-pypi plugin (#1707)
• eb70823 docs: add semantic-release-license-plugin (#1701)
• 885d87a feat(docs): note that publish token is required (#1700)
• f8f8fbc fix: escape uri encoded symbols (#1697)
• c8d38b6 style: removed line breaks to align with xo rule (#1689)
• ca90b34 fix: mask secrets when characters get uri encoded
• 63fa143 docs(plugins): add listing for new plugin (#1686)
• 2bf3771 fix: use valid git credentials when multiple are provided (#1669)
• 77a75f0 fix: don't parse port as part of the path in repository URLs (#1671)
• d74ffef docs: add npm-deprecate-old-versions in plugins list (#1667)
• 3abcbaf Revert "feat: throw an Error if package.json has duplicate "repository" key (#1656)"
• b8fb35c feat: throw an Error if package.json has duplicate "repository" key (#1656)
• 18e35b2 docs: reorder default plugins list (#1650)
• e35e5bb docs(contributing): fix commit message examples (#1648)
• 311c465 docs(README): welcome @ travi, add alumni section
• b4c5d0a fix: add logging for when ssh falls back to http (#1639)
• c982249 docs(contributing): typo fix (#1638)
• 9635f50 docs: improve github actions recipe on git plugin (#1626)
• d036a89 ci(docs): use actions/checkout@v2 (#1620)
• 9303d1d docs(resources.md): added more sematnic release article (#1610)
• b72cdb3 docs(configuration.md): Updated documentation for dry-run feature of semantic Release (#1607)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic