Skip to content

Bump @changesets/changelog-github from 1.0.0-next.3 to 1.0.0-next.6#24

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/changesets/changelog-github-1.0.0-next.5
Open

Bump @changesets/changelog-github from 1.0.0-next.3 to 1.0.0-next.6#24
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/changesets/changelog-github-1.0.0-next.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps @changesets/changelog-github from 1.0.0-next.3 to 1.0.0-next.6.

Commits
  • 8969434 Version Packages (next) (#2085)
  • 01f4da4 Improve default changelog new lines handling (#2118)
  • 087d814 Use split publishing workflow (#2112)
  • 960ea99 Fix lint-staged:setup script (#2119)
  • b8222e6 Fixed accidental success logs on failed npm publishes (#2113)
  • 021a4c2 Disable git's background maintenance in test fixtures (#2114)
  • 124ad07 Auto-create the directory for the target publish plan file when executing `ch...
  • 0721ca1 add lint-staged and scripts to set it up (#2105)
  • b0fbf85 Build(deps-dev): Bump the development-dependencies group across 1 directory w...
  • ba38ed0 Rename --from-plan to --from-publish-plan (#2108)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 1, 2026
@socket-security

socket-security Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Added@​changesets/​changelog-github@​1.0.0-next.61001008491100

View full report

@socket-security

socket-security Bot commented Jul 1, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/vitest@4.1.8npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot dependabot Bot changed the title Bump @changesets/changelog-github from 1.0.0-next.3 to 1.0.0-next.5 Bump @changesets/changelog-github from 1.0.0-next.3 to 1.0.0-next.6 Jul 19, 2026
Bumps [@changesets/changelog-github](https://github.com/changesets/changesets) from 1.0.0-next.3 to 1.0.0-next.6.
- [Release notes](https://github.com/changesets/changesets/releases)
- [Commits](https://github.com/changesets/changesets/compare/@changesets/changelog-github@1.0.0-next.3...@changesets/read@1.0.0-next.6)

---
updated-dependencies:
- dependency-name: "@changesets/changelog-github"
  dependency-version: 1.0.0-next.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/changesets/changelog-github-1.0.0-next.5 branch from b64d1db to b0bda98 Compare July 19, 2026 11:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants