Skip to content

upgrade: Bump lodash, @release-it/conventional-changelog and release-it#661

Merged
bmish merged 1 commit intomainfrom
dependabot/npm_and_yarn/multi-a63ce20b3b
Feb 7, 2026
Merged

upgrade: Bump lodash, @release-it/conventional-changelog and release-it#661
bmish merged 1 commit intomainfrom
dependabot/npm_and_yarn/multi-a63ce20b3b

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 7, 2026

Bumps lodash to 4.17.23 and updates ancestor dependencies lodash, @release-it/conventional-changelog and release-it. These dependencies need to be updated together.

Updates lodash from 4.17.21 to 4.17.23

Commits

Updates @release-it/conventional-changelog from 8.0.1 to 10.0.5

Release notes

Sourced from @​release-it/conventional-changelog's releases.

Release 10.0.5

  • test: add should generate changelog with remote origin urls (#132) (7e53f8ce957b1e2469acfff6bb2d1f9a46654b6f) - thanks @​Maxel01!
  • fix: pass parserOpts to both Bumper and ConventionalChangelog (#135) (4dce48ad332aeba00ae49c2f9df229961ab902eb) - thanks @​aarond-sp!

Release 10.0.4

  • fix: add readRepository to resolve correct urls (#131) (933bcc6aa5d854158dc3702f004b5cbd4caf4cad) - thanks @​Maxel01!
  • Update release-it (ac4426a38d5d2c948884901acf8adec065d54c4f)

Release 10.0.3

  • Remove verbose comments (eb178bd556e5939b93a374adc418d6be5cc85323)
  • fix: remove preset options filtering (#129) (1b9fb95608117bc3f0f3379188f5c82f3231a792) - thanks @​NateSmyth!

Release 10.0.2

  • Remove node 18 from test matrix (e00dabf5cdd374a33361aeda9aa9eaf8cb4be485)
  • feat: Preserve preReleaseBase config option (#111) (678faefe7049e30499d19d002c5ef6234a8a77b6) - thanks @​ChAyLom!
  • Bump tmp from 0.2.3 to 0.2.4 (#120) (5ccbc29ba2e54308b5ad6fbf5209d50f4268916c) - thanks @​dependabot[bot]!
  • Fix CVE-2025-59433: Update dependencies and enable all tests (#124) (c838c6789872c12916ccc63ea93813ade66040cf) - thanks @​nbouvrette!
  • Add Node 24 to CI workflow (8f5ac43899d8e43f0eb9e4cc57aa8f07483fb921)
  • Add github release notes + comments (2d0a4b396cfadb3f7a2807fdde6b763c773e668a)
  • Bump engines.node (not breaking as release-it has this too) (5fa0ce80e0604296128d95748b345c9ee5a3f5df)

Release 10.0.1

  • Add dummy config file in test (3e9f528)
  • Support release-it v19 (a2f5059)
  • Add note about conventional-changelog-conventionalcommits override (#110) (587be05)
  • docs: Show that whatBump accepts a function for recommending the new version (#109) (bf27526)

Release 10.0.0

  • Update dependencies + bump engines.node (273c84f)

Release 9.0.4

  • Add default header (resolves #108) (6197330)

Release 9.0.3

  • Format (09fdb3e)
  • fix: use whatBump option (#106) (09aac9e)

Release 9.0.2

  • Minor refactor for readability (ccdd687)
  • Format docs (73e212c)
  • fix: Resolve whatBump is not a function error (#105) (5e0af0c)

Release 9.0.1

  • Update dependencies (6059558)
  • fix: Allow whatBump to return undefined to skip versioning (#102) (3301fbe)

Release 9.0.0

  • Update dependencies (1db67c1)
  • Add .gitignore file (d9416d7)

... (truncated)

Commits

Updates release-it from 17.1.1 to 19.2.4

Release notes

Sourced from release-it's releases.

Release 19.2.4

  • chore: update dependencies to resolve security vulnerabilities (#1273) (b45dd1aa3749d74ce279600dea242cb3c9dd5e8d) - thanks @​Yeom-JinHo!
  • Update a few dev deps (cd8acdc8fdb50cf60ba45e8bd5128c4669a04f00)

Release 19.2.3

  • Reuse generated changelog (316dbfa458d670fc92d2da7fe7298ad90f44dc68)
  • Remove obsolete eslint compat packages/config (f6cc8f3622995ebe98c43a8a5adb8d62b2de70b8)
  • Update remark-preset-webpro and fix broken links (6e6dd4b893bd53a621ea2bee9ad48d5fa42f6279)

Release 19.2.2

  • Improve getChangelog method (7a56364997d8ca4a640251bc9be37ed7cbf8568c)

Release 19.2.1

  • Improve commit prompt (b7aca7c159b3d34fe45f6fb722bb5f664c4bae9a)
  • Remedy potential edge case in template helper (5c0a6eeeddf7ed1ce0e4cfcffc1c2c72ab63a01b)

Release 19.2.0

  • Add option to exit gracefully (e1f825dce259118401f17c1d9de0002233e21e67)
  • Update dependencies (424c9f6c1d9681f4e4a3a37552dd2a99a750a3d2)
  • Auto-format docs (06f41bbb4b0cbb59ef39a6bd426ee9034b6f396e)
  • fix: add shell mode for npm commands on windows (#1266) (382e3464095628c23ef9c85c363933f3bf1db09e) - thanks @​julienbenac!
  • Feat: Add publishPackageManager config option in NPM plugin to allow using different package manager for publishing (e.g. Bun) (#1169) (0dafc0b72159931f088e7232da6c34f0f1e8b06f) - thanks @​chrispader!
  • Only use --workspaces=false with npm (12bb89ccaacdc2cbc0ba231f93d7bd389241d6a4)
  • Fix up docs/types a bit (05a59863648a0b4ce9186b65cd21225a8421e181)
  • Format (c9d6ebf0415d264e42945f967baae845401d016b)

Release 19.1.0

  • Ignore .npmrc (8ccd060)
  • Update lockfile (c4cd2ba)
  • Support interactive shell in non-CI mode for 2FA flow (resolve #1263) (a10b20d)
  • Add --workspaces=false to get rid of the null/matches error (14a4907)
  • Remove npm config env var warnings (b8c1247)
  • doc(readme): add release-it-beautiful-changelog plugin to list of plugins (#1261) (1b68c21)
  • Add 403 to consider resource alive (7969849)

Release 19.0.6

  • Update list of projects using release-it (92b49d367d28f0eef8cebb7d29059ab54259edff)
  • Bump github/codeql-action from 2 to 4 (#1253) (21309d3dfcc29d6f87061f345610566070e092a8) - thanks @​dependabot[bot]!
  • Bump actions/setup-node from 5 to 6 (#1255) (3fbaab14e2e3240a6b442b84be6019c57685c30e) - thanks @​dependabot[bot]!
  • Test in node 24 (7a12b12a8f75006c72854b0a0934faf5a320067f)
  • Upgrade c12 (resolve #1254) (1f48d03ddfe5d0dff66e2b2211db688c01e5fff4)

Release 19.0.5

  • Add link to release-it-gitea plugin (bf6f1fbb77797ece76c24b47bb1bcd89a9dbd18b)
  • Bump actions/checkout from 4 to 5 (#1243) (e42e7dce72b1469ac1944a6d9eb6b6a8d987a919) - thanks @​dependabot[bot]!
  • Add OIDC publishing docs (#1245) (9933c0d3a3ea7a06513b01863098445552942fce) - thanks @​mceachen!
  • Bump actions/setup-node from 4 to 5 (#1247) (7d9b77fa7ea8f4772257d675036f691982317c08) - thanks @​dependabot[bot]!
  • Auto-format (96181f33ec493a239b32667bfc30f4c8841488f9)
  • Update dependencies (0b907d1cf621572b06663c5acfe989c422d0bf09)
  • Remove redundant knip entry (ca2f7b516585e115e0fbce7c96d0dbc219d2e665)

... (truncated)

Changelog

Sourced from release-it's changelog.

Changelog

This document lists breaking changes for each major release.

See the GitHub Releases page for detailed changelogs: https://github.com/release-it/release-it/releases

v19 (2025-04-18)

  • No breaking changes (dependency party)

v18 (2025-01-06)

  • Removed support for Node.js v18.

v17 (2023-11-11)

  • Removed support for Node.js v16.

v16 (2023-07-05)

  • Removed support for Node.js v14.

v15 (2022-04-30)

  • Removed support for Node.js v10 and v12.
  • Removed support for GitLab v12.4 and lower.
  • Removed anonymous metrics (and the option to disable it).
  • Programmatic usage and plugins only through ES Module syntax (import)

Use release-it v14 in legacy environments.

v14 (2020-09-03)

  • Removed global property from plugins. Use this.config[key] instead.
  • Removed deprecated npm.access option. Set this in package.json instead.

v13 (2020-03-07)

  • Dropped support for Node v8
  • Dropped support for GitLab v11.6 and lower.
  • Deprecated scripts are removed (in favor of hooks).
  • Removed deprecated --non-interactive (-n) argument. Use --ci instead.
  • Removed old %s and [REV_RANGE] syntax in command substitutions. Use ${version} and ${latestTag} instead.

v12 (2019-05-03)

  • The --follow-tags argument for git push has been moved to the default configuration. This is only a breaking change if git.pushArgs was not empty (it was empty by default).

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
upgrade: Bump lodash, @release-it/conventional-changelog and release-it
718d4a9 
Bumps [lodash](https://github.com/lodash/lodash) to 4.17.23 and updates ancestor dependencies [lodash](https://github.com/lodash/lodash), [@release-it/conventional-changelog](https://github.com/release-it/conventional-changelog) and [release-it](https://github.com/release-it/release-it). These dependencies need to be updated together.


Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `@release-it/conventional-changelog` from 8.0.1 to 10.0.5
- [Release notes](https://github.com/release-it/conventional-changelog/releases)
- [Commits](release-it/conventional-changelog@8.0.1...10.0.5)

Updates `release-it` from 17.1.1 to 19.2.4
- [Release notes](https://github.com/release-it/release-it/releases)
- [Changelog](https://github.com/release-it/release-it/blob/main/CHANGELOG.md)
- [Commits](release-it/release-it@17.1.1...19.2.4)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
- dependency-name: "@release-it/conventional-changelog"
  dependency-version: 10.0.5
  dependency-type: direct:development
- dependency-name: release-it
  dependency-version: 19.2.4
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 7, 2026
@coveralls
Copy link

coveralls commented Feb 7, 2026

Pull Request Test Coverage Report for Build 21775786897

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 92.12%
Totals Coverage Status
Change from base Build 21775772383: 0.0%
Covered Lines: 1012
Relevant Lines: 1086
💛 - Coveralls

@bmish bmish merged commit 4824da6 into main Feb 7, 2026
14 checks passed
@bmish bmish deleted the dependabot/npm_and_yarn/multi-a63ce20b3b branch February 7, 2026 06:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@coveralls @bmish