chore(deps): update dependency lerna to v8 #6003

core: export detectProjects utility function (#3740) (641fecb)
repair: add migration to remove unused "lerna" field from lerna.json (#3734) (4fb0427)
version: add --changelog-entry-additional-markdown option (#3751) (63671df)

7.0.2 (2023-06-15)

Note: Version bump only for package lerna

7.0.1 (2023-06-13)

Note: Version bump only for package lerna

`v7.0.2`

Compare Source

Note: Version bump only for package lerna

`v7.0.1`

Compare Source

Note: Version bump only for package lerna

`v7.0.0`

Compare Source

Bug Fixes

bump cosmiconfig to v8 (#3701) (898923d)
internal cli.js should not be bundled (53d73c6)
migration building/publishing issues (27bf800)
publish: use correct version in log messages (#3702) (4be9188)
support nx 16.3.1+ (#3707) (647dbb5)

Features

add migration for adding $schema, increase some strictness (73ceac3)

`v6.6.2`

Compare Source

Bug Fixes

deps: bump pacote to latest to remove install warning (#3624) (7c34521)
remove non-functional schema properties starting with "no" (#3645) (43c2a48)

`v6.6.1`

Compare Source

Bug Fixes

build-metadata reference in lerna schema (e2349ad)
deps: update to rimraf v4, remove path-exists (#3616) (2f2ee2a)
lerna schema type for contents should be string (1625757)

`v6.6.0`

Compare Source

Bug Fixes

update arborist package to get rid of deprecated warning (#3559) (aff38a7)

Features

add @lerna/legacy-package-management package (#3602) (4a03dd5)
version: add user-defined build metadata to bumped packages (#2880) (0b0e2a6)

6.5.1 (2023-02-14)

Bug Fixes

add missing dependency on js-yaml (187f480)

`v6.5.1`

Compare Source

Bug Fixes

add missing dependency on js-yaml (187f480)

`v6.5.0`

Compare Source

Features

publish: add --include-private option for testing private packages (#3503) (fa1f490)

6.4.1 (2023-01-12)

Bug Fixes

run: resolve erroneous failures (#3495) (24d0d5c)

`v6.4.1`

Compare Source

Bug Fixes

run: resolve erroneous failures (#3495) (24d0d5c)

`v6.4.0`

Compare Source

Features

watch: Add lerna watch command (#3466) (008b995)

`v6.3.0`

Compare Source

Features

version: use npmClientArgs in npm install after lerna version (#3434) (e019e3f)

`v6.2.0`

Compare Source

Bug Fixes

schema: add the other format changelogPreset can assume (#3441) (d286973)

Features

publish: add --summary-file option (#2653) (027d943)

`v6.1.0`

Compare Source

Features

version: bump prerelease versions from conventional commits (#3362) (2288b3a)

6.0.3 (2022-11-07)

Note: Version bump only for package lerna

6.0.2 (2022-11-02)

Note: Version bump only for package lerna

6.0.1 (2022-10-14)

Bug Fixes

run: allow for loading of env files to be skipped (#3375) (5dbd904)

`v6.0.3`

Compare Source

Note: Version bump only for package lerna

`v6.0.2`

Compare Source

Note: Version bump only for package lerna

`v6.0.1`

Compare Source

Bug Fixes

run: allow for loading of env files to be skipped (#3375) (5dbd904)

`v6.0.0`

Compare Source

Note: Version bump only for package lerna

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

socket-security · 2024-07-01T01:28:38Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@lerna/create@8.1.8	environment, filesystem, network	`0`	438 kB	jameshenry
npm/@npmcli/arborist@7.5.4	environment, network	`0`	460 kB	gar
npm/@npmcli/package-json@5.2.0	filesystem	`0`	39.5 kB	npm-cli-ops
npm/@npmcli/run-script@8.1.0	environment	`0`	18.3 kB	npm-cli-ops
npm/@nx/devkit@19.5.6	environment, filesystem, shell, unsafe	`0`	220 kB	nrwl-jason
npm/@octokit/plugin-enterprise-rest@6.0.1	None	`0`	8.99 MB	octokitbot
npm/@octokit/rest@19.0.11	None	`0`	9.85 kB	octokitbot
npm/aproba@2.0.0	None	`0`	8.05 kB	iarna
npm/byte-size@8.1.1	None	`0`	32.8 kB	75lb
npm/chalk@4.1.0	None	`0`	33.6 kB	sindresorhus
npm/clone-deep@4.0.1	None	`0`	8 kB	jonschlinkert
npm/cmd-shim@6.0.3	filesystem	`0`	12.2 kB	npm-cli-ops
npm/color-support@1.1.3	None	`0`	9.23 kB	isaacs
npm/columnify@1.6.0	None	`0`	38.8 kB	timoxley
npm/console-control-strings@1.1.0	None	`0`	12.7 kB	iarna
npm/conventional-changelog-angular@7.0.0	filesystem	`0`	13.7 kB	oss-bot
npm/conventional-changelog-core@5.0.1	shell	`0`	25.8 kB	oss-bot
npm/conventional-recommended-bump@7.0.1	None	`0`	16.7 kB	oss-bot
npm/cosmiconfig@8.3.6	filesystem	`0`	78.5 kB	d-fischer
npm/envinfo@7.13.0	environment, eval, filesystem, shell	`0`	162 kB	tabrindle
npm/execa@5.0.0	environment, shell	`0`	55.5 kB	sindresorhus
npm/fs-extra@11.2.0	None	`0`	54.9 kB	ryanzim
npm/get-port@5.1.1	network	`0`	8.74 kB	sindresorhus
npm/git-url-parse@14.0.0	None	`0`	31.5 kB	ionicabizau
npm/globby@11.1.0	filesystem	`0`	21.8 kB	sindresorhus
npm/graceful-fs@4.2.11	environment, filesystem	`0`	32.5 kB	isaacs
npm/has-unicode@2.0.1	environment	`0`	3.44 kB	iarna
npm/import-local@3.1.0	None	`0`	4.66 kB	sindresorhus
npm/init-package-json@6.0.3	filesystem	`0`	13.8 kB	npm-cli-ops
npm/inquirer@8.2.5	None	`0`	87.6 kB	sboudrias
npm/is-ci@3.0.1	None	`0`	3.81 kB	sibiraj-s
npm/jest-diff@29.7.0	None	`0`	78.5 kB	simenb
npm/js-yaml@4.1.0	None	`0`	405 kB	vitaly
npm/lerna@8.1.8	environment, filesystem, network, unsafe	`0`	8.15 MB	jameshenry
npm/libnpmaccess@8.0.6	None	`0`	8.49 kB	lukekarrys
npm/libnpmpublish@9.0.9	environment	`0`	27.2 kB	gar
npm/load-json-file@6.2.0	None	`0`	5.59 kB	sindresorhus
npm/lodash@4.17.21	None	`0`	1.41 MB	bnjmnt4n
npm/make-dir@4.0.0	filesystem	`0`	9.91 kB	sindresorhus
npm/minimatch@9.0.3	environment	`0`	434 kB	isaacs
npm/multimatch@5.0.0	None	`0`	6.03 kB	sindresorhus
npm/node-fetch@2.6.7	network	`0`	152 kB	endless
npm/npm-package-arg@11.0.3	None	`0`	19.2 kB	npm-cli-ops
npm/npm-packlist@8.0.2	filesystem	`0`	22.2 kB	npm-cli-ops
npm/npm-registry-fetch@17.1.0	environment, filesystem, network	`0`	44.1 kB	npm-cli-ops
npm/nx@19.5.6	environment, filesystem, network, shell, unsafe	`0`	7.18 MB	nrwl-jason
npm/p-map-series@2.1.0	None	`0`	5.63 kB	sindresorhus
npm/p-map@4.0.0	None	`0`	8.69 kB	sindresorhus
npm/p-pipe@3.1.0	None	`0`	8.52 kB	sindresorhus
npm/p-queue@6.6.2	None	`0`	30.9 kB	sindresorhus
npm/p-reduce@2.1.0	None	`0`	6.14 kB	sindresorhus
npm/p-waterfall@2.1.1	None	`0`	10.4 kB	sindresorhus
npm/pacote@18.0.6	environment, filesystem, network	`0`	73.2 kB	npm-cli-ops
npm/pify@5.0.0	None	`0`	8.87 kB	sindresorhus
npm/read-cmd-shim@4.0.0	filesystem	`0`	5.16 kB	lukekarrys
npm/resolve-from@5.0.0	filesystem, unsafe	`0`	5.82 kB	sindresorhus
npm/rimraf@4.4.1	environment, filesystem	`0`	284 kB	isaacs
npm/semver@7.6.2	None	`0`	95.4 kB	npm-cli-ops
npm/set-blocking@2.0.0	None	`0`	4.22 kB	bcoe
npm/slash@3.0.0	None	`0`	3.51 kB	sindresorhus
npm/ssri@10.0.6	None	`0`	38.7 kB	npm-cli-ops
npm/string-width@4.2.3	None	`0`	5.16 kB	sindresorhus
npm/strip-ansi-cjs@6.0.1	None	`0`	0 B
npm/strong-log-transformer@2.1.0	filesystem	`0`	16.4 kB	rmg
npm/wrap-ansi-cjs@7.0.0	None	`0`	0 B

🚮 Removed packages: npm/@lerna/bootstrap@5.6.2, npm/@lerna/changed@5.6.2, npm/@lerna/check-working-tree@5.6.2, npm/@lerna/child-process@5.6.2, npm/@lerna/clean@5.6.2, npm/@lerna/cli@5.6.2, npm/@lerna/collect-uncommitted@5.6.2, npm/@lerna/collect-updates@5.6.2, npm/@lerna/command@5.6.2, npm/@lerna/conventional-commits@5.6.2, npm/@lerna/create-symlink@5.6.2, npm/@lerna/describe-ref@5.6.2, npm/@lerna/diff@5.6.2, npm/@lerna/exec@5.6.2, npm/@lerna/filter-options@5.6.2, npm/@lerna/filter-packages@5.6.2, npm/@lerna/get-npm-exec-opts@5.6.2, npm/@lerna/get-packed@5.6.2, npm/@lerna/github-client@5.6.2, npm/@lerna/gitlab-client@5.6.2, npm/@lerna/global-options@5.6.2, npm/@lerna/has-npm-version@5.6.2, npm/@lerna/import@5.6.2, npm/@lerna/info@5.6.2, npm/@lerna/init@5.6.2, npm/@lerna/link@5.6.2, npm/@lerna/list@5.6.2, npm/@lerna/listable@5.6.2, npm/@lerna/log-packed@5.6.2, npm/@lerna/npm-conf@5.6.2, npm/@lerna/npm-dist-tag@5.6.2, npm/@lerna/npm-install@5.6.2, npm/@lerna/npm-publish@5.6.2, npm/@lerna/npm-run-script@5.6.2, npm/@lerna/otplease@5.6.2, npm/@lerna/output@5.6.2, npm/@lerna/pack-directory@5.6.2, npm/@lerna/package-graph@5.6.2, npm/@lerna/package@5.6.2, npm/@lerna/prerelease-id-from-version@5.6.2, npm/@lerna/profiler@5.6.2, npm/@lerna/project@5.6.2, npm/@lerna/prompt@5.6.2, npm/@lerna/publish@5.6.2, npm/@lerna/pulse-till-done@5.6.2, npm/@lerna/query-graph@5.6.2, npm/@lerna/resolve-symlink@5.6.2, npm/@lerna/rimraf-dir@5.6.2, npm/@lerna/run-lifecycle@5.6.2, npm/@lerna/run-topologically@5.6.2, npm/@lerna/run@5.6.2, npm/@lerna/symlink-binary@5.6.2, npm/@lerna/symlink-dependencies@5.6.2, npm/@lerna/temp-write@5.6.2, npm/@lerna/timer@5.6.2, npm/@lerna/validation-error@5.6.2, npm/@lerna/version@5.6.2, npm/@lerna/write-log-file@5.6.2, npm/@nrwl/cli@15.9.4, npm/@nrwl/nx-darwin-arm64@15.9.4, npm/@nrwl/nx-darwin-x64@15.9.4, npm/@nrwl/nx-linux-arm-gnueabihf@15.9.4, npm/@nrwl/nx-linux-arm64-gnu@15.9.4, npm/@nrwl/nx-linux-arm64-musl@15.9.4, npm/@nrwl/nx-linux-x64-gnu@15.9.4, npm/@nrwl/nx-linux-x64-musl@15.9.4, npm/@nrwl/nx-win32-arm64-msvc@15.9.4, npm/@nrwl/nx-win32-x64-msvc@15.9.4, npm/@parcel/watcher@2.0.4, npm/@types/minimatch@3.0.5, npm/builtins@1.0.3, npm/config-chain@1.1.13, npm/debuglog@1.0.1, npm/make-dir@3.1.0, npm/minipass-json-stream@1.0.1, npm/mkdirp-infer-owner@2.0.0, npm/proto-list@1.2.4, npm/q@1.5.1, npm/read-package-json@5.0.2, npm/readdir-scoped-modules@1.1.0, npm/tr46@0.0.3, npm/typedarray-to-buffer@3.1.5, npm/typescript@5.5.4, npm/validate-npm-package-license@3.0.4, npm/webidl-conversions@3.0.1, npm/whatwg-url@5.0.0, npm/yaml@2.5.0

View full report↗︎

socket-security · 2024-07-01T01:28:41Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Install scripts	npm/nx@19.5.6	Install script: postinstall Source: `node ./bin/post-install`	`yarn.lock`	🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/nx@19.5.6

renovate bot added the dependencies Pull requests that update a dependency file label Jul 1, 2024

renovate bot force-pushed the renovate/major-lerna-monorepo branch from c71a769 to 401a187 Compare August 5, 2024 08:28

renovate bot had a problem deploying to review August 5, 2024 08:28 Error

chore(deps): update dependency lerna to v8

7411412

renovate bot force-pushed the renovate/major-lerna-monorepo branch from 401a187 to 7411412 Compare August 7, 2024 12:17

renovate bot had a problem deploying to review August 7, 2024 12:17 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency lerna to v8 #6003

chore(deps): update dependency lerna to v8 #6003

renovate bot commented Jul 1, 2024 •

edited

Loading

socket-security bot commented Jul 1, 2024 •

edited

Loading

socket-security bot commented Jul 1, 2024 •

edited

Loading

chore(deps): update dependency lerna to v8 #6003

Are you sure you want to change the base?

chore(deps): update dependency lerna to v8 #6003

Conversation

renovate bot commented Jul 1, 2024 • edited Loading

Release Notes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

8.0.2 (2024-01-05)

Bug Fixes

8.0.1 (2023-12-15)

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

7.3.1 (2023-10-10)

Bug Fixes

Bug Fixes

Bug Fixes

Features

7.1.5 (2023-08-09)

7.1.4 (2023-07-15)

Bug Fixes

7.1.3 (2023-07-12)

Bug Fixes

7.1.2 (2023-07-12)

7.1.1 (2023-06-28)

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

7.0.2 (2023-06-15)

7.0.1 (2023-06-13)

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Features

6.5.1 (2023-02-14)

Bug Fixes

Bug Fixes

Features

6.4.1 (2023-01-12)

Bug Fixes

Bug Fixes

Features

Features

Bug Fixes

Features

Features

6.0.3 (2022-11-07)

6.0.2 (2022-11-02)

6.0.1 (2022-10-14)

Bug Fixes

Bug Fixes

Configuration

socket-security bot commented Jul 1, 2024 • edited Loading

socket-security bot commented Jul 1, 2024 • edited Loading

Next steps

renovate bot commented Jul 1, 2024 •

edited

Loading

socket-security bot commented Jul 1, 2024 •

edited

Loading

socket-security bot commented Jul 1, 2024 •

edited

Loading