semantic-release 21.0.2 → 21.0.3-beta.1

package/README.md

@@ -41,6 +41,7 @@ This removes the immediate connection between human emotions and version numbers
 - Avoid potential errors associated with manual releases
 - Support any [package managers and languages](docs/recipes/release-workflow/README.md#package-managers-and-languages) via [plugins](docs/usage/plugins.md)
 - Simple and reusable configuration via [shareable configurations](docs/usage/shareable-configurations.md)
+- Support for [npm package provenance](https://github.com/semantic-release/npm#npm-provenance) that promotes increased supply-chain security via signed attestations on GitHub Actions
 
 ## How does it work?
 

package/docs/developer-guide/js-api.md

@@ -142,7 +142,7 @@ Information related to the last release found:
 | gitTag  | `String` | The [Git tag](https://git-scm.com/book/en/v2/Git-Basics-Tagging) associated with the last release.                                  |
 | channel | `String` | The distribution channel on which the last release was initially made available (`undefined` for the default distribution channel). |
 
-**Notes**: If no previous release is found, `lastRelease` will be an empty `Object`.
+**Note**: If no previous release is found, `lastRelease` will be an empty `Object`.
 
 Example:
 

package/docs/extending/plugins-list.md

@@ -174,3 +174,11 @@
 - [semantic-release-coralogix](https://github.com/adobe/semantic-release-coralogix)
   - `verifyConditions` Verified that required credentials are provided and API is accessible
   - `publish` add a release tag to Coralogix
+- [semantic-release-major-tag](https://github.com/doteric/semantic-release-major-tag)
+  - `success` Create major version tag, for example `v1`.
+- [semantic-release-yarn](https://github.com/hongaar/semantic-release-yarn)
+  - **Note**: this is an alternative to the default `@semantic-release/npm` plugin and adds support for monorepos.
+  - `verifyConditions` Verify Yarn 2 or higher is installed, verify the presence of a NPM auth token (either in an environment variable or a `.yarnrc.yml` file) and verify the authentication method is valid.
+  - `prepare` Update the `package.json` version and create the package tarball.
+  - `addChannel` Add a tag for the release.
+  - `publish` Publish to the npm registry.

package/docs/usage/installation.md

@@ -24,9 +24,28 @@ For other type of projects we recommend installing **semantic-release** directly
 $ npx semantic-release
 ```
 
-**Note**: For a global installation, it's recommended to specify the major **semantic-release** version to install (for example with `npx semantic-release@18`).
-This way your build will not automatically use the next major **semantic-release** release that could possibly break your build.
-You will have to upgrade manually when a new major version is released.
-
-**Note**: `npx` is a tool bundled with `npm@>=5.2.0`. It is used to conveniently install the semantic-release binary and to execute it.
-See [What is npx](../support/FAQ.md#what-is-npx) for more details.
+### Notes
+
+1. If you've globally installed **semantic-release** then we recommend that you set the major **semantic-release** version to install.
+   For example, by using `npx semantic-release@18`.
+   This way you control which major version of **semantic-release** is used by your build, and thus avoid breaking the build when there's a new major version of **semantic-release**.
+   This also means you, or a bot, must upgrade **semantic-release** when a new major version is released.
+2. Pinning **semantic-release** to an exact version makes your releases even more deterministic.
+   But pinning also means you, or a bot, must update to newer versions of **semantic-release** more often.
+3. You can use [Renovate's regex manager](https://docs.renovatebot.com/modules/manager/regex/) to get automatic updates for **semantic-release** in either of the above scenarios.
+   Put this in your Renovate configuration file:
+   ```json
+   {
+     "regexManagers": [
+       {
+         "description": "Update semantic-release version used by npx",
+         "fileMatch": ["^\\.github/workflows/[^/]+\\.ya?ml$"],
+         "matchStrings": ["\\srun: npx semantic-release@(?<currentValue>.*?)\\s"],
+         "datasourceTemplate": "npm",
+         "depNameTemplate": "semantic-release"
+       }
+     ]
+   }
+   ```
+4. `npx` is a tool bundled with `npm@>=5.2.0`. You can use it to install (and run) the **semantic-release** binary.
+   See [What is npx](../support/FAQ.md#what-is-npx) for more details.

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "semantic-release",
   "description": "Automated semver compliant package publishing",
-  "version": "21.0.2",
+  "version": "21.0.3-beta.1",
   "type": "module",
   "author": "Stephan Bönnemann <stephan@boennemann.me> (http://boennemann.me)",
   "ava": {
@@ -28,7 +28,7 @@
   "dependencies": {
     "@semantic-release/commit-analyzer": "^9.0.2",
     "@semantic-release/error": "^3.0.0",
-    "@semantic-release/github": "^8.0.0",
+    "@semantic-release/github": "9.0.0-beta.2",
     "@semantic-release/npm": "^10.0.2",
     "@semantic-release/release-notes-generator": "^11.0.0",
     "aggregate-error": "^4.0.1",
@@ -57,23 +57,22 @@
   },
   "devDependencies": {
     "ava": "5.2.0",
-    "c8": "7.13.0",
+    "c8": "7.14.0",
     "clear-module": "4.1.2",
     "codecov": "3.8.3",
-    "delay": "5.0.0",
     "dockerode": "3.3.5",
     "file-url": "4.0.0",
     "fs-extra": "11.1.1",
     "got": "12.6.0",
     "js-yaml": "4.1.0",
     "mockserver-client": "5.15.0",
-    "nock": "13.3.0",
+    "nock": "13.3.1",
     "p-retry": "5.1.2",
-    "prettier": "2.8.7",
-    "sinon": "15.0.4",
+    "prettier": "2.8.8",
+    "sinon": "15.1.0",
     "stream-buffers": "3.0.2",
     "tempy": "3.0.0",
-    "testdouble": "3.17.2"
+    "testdouble": "3.18.0"
   },
   "engines": {
     "node": ">=18"