semantic-release@18.0.1 vulnerabilities

Automated semver compliant package publishing

Direct Vulnerabilities

Known vulnerabilities in the semantic-release package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

semantic-release is an Automated semver compliant package publishing

Affected versions of this package are vulnerable to Information Exposure which can be accidentally disclosed if they contain characters that are excluded from URI encoding by encodeURI.

How to fix Information Exposure?

Upgrade semantic-release to version 19.0.3 or higher.

>=17.0.4 <19.0.3