Medium severity5.3OSV Advisory· Published Sep 22, 2025· Updated Apr 15, 2026
CVE-2025-59433
CVE-2025-59433
Description
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags() API, which allows extra parameters to be passed to the git log command. In another API by this library, getRawCommits(), there are secure practices taken to ensure that the extra parameter path is unable to inject an argument by ending the git log command with the special shell syntax --. However, the library does not follow the same practice for getTags() as it does not attempt to sanitize for user input, validate the given params, or restrict them to an allow list. Nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options. Thus, allowing users to exploit an argument injection vulnerability in Git due to the --output= command-line option that results with overwriting arbitrary files. This issue has been patched in version 2.0.0.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@conventional-changelog/git-clientnpm | < 2.0.0 | 2.0.0 |
Affected products
1- Range: conventional-changelog-angular@1.3.1, conventional-changelog-angular@1.3.2, conventional-changelog-angular@1.3.3, …
Patches
2ce1fd981f88cchore(release): publish
40 files changed · +569 −49
packages/conventional-changelog-angular/CHANGELOG.md+38 −0 modified@@ -3,6 +3,44 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="4.0.0"></a> +# [4.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-angular@3.0.7...conventional-changelog-angular@4.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### Code Refactoring + +* remove anchor from header templates ([#301](https://github.com/conventional-changelog/conventional-changelog/issues/301)) ([346f24f](https://github.com/conventional-changelog/conventional-changelog/commit/346f24f)), closes [#186](https://github.com/conventional-changelog/conventional-changelog/issues/186) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). +* Anchor tags are removed from the changelog header templates. The +rendered Markdown will no longer contain anchor tags proceeding the +version number header that constitutes the changelog header. This means +that consumers of rendered markdown will not be able to use a URL that +has been constructed to contain a version number anchor tag reference, +since the anchor tag won't exist in the rendered markdown. + +It's stronly recomended consumers use the full URL path to the release +page for a given version, as that URL is a permalink to that verison, +contains all relavent release information, and does not, otherwise, rely +on the anchor tag being excessible from the current page view. + +As an example, for version `2.0.0` of a GitHub project, the following +URL should be used: +- https://github.com/conventional-changelog/releaser-tools/releases/tag/v2.0.0 + + + + <a name="3.0.7"></a> ## [3.0.7](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-angular@3.0.6...conventional-changelog-angular@3.0.7) (2018-04-16)
packages/conventional-changelog-angular/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "conventional-changelog-angular", - "version": "3.0.7", + "version": "4.0.0", "description": "conventional-changelog angular preset", "main": "index.js", "scripts": { @@ -36,7 +36,7 @@ "homepage": "https://github.com/conventional-changelog/conventional-changelog/tree/master/packages/conventional-changelog-angular#readme", "devDependencies": { "better-than-before": "^1.0.0", - "conventional-changelog-core": "^2.0.11", + "conventional-changelog-core": "^3.0.0", "git-dummy-commit": "^1.2.0", "shelljs": "^0.8.0", "through2": "^2.0.0"
packages/conventional-changelog-atom/CHANGELOG.md+38 −0 modified@@ -3,6 +3,44 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="1.0.0"></a> +# [1.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-atom@0.2.8...conventional-changelog-atom@1.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### Code Refactoring + +* remove anchor from header templates ([#301](https://github.com/conventional-changelog/conventional-changelog/issues/301)) ([346f24f](https://github.com/conventional-changelog/conventional-changelog/commit/346f24f)), closes [#186](https://github.com/conventional-changelog/conventional-changelog/issues/186) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). +* Anchor tags are removed from the changelog header templates. The +rendered Markdown will no longer contain anchor tags proceeding the +version number header that constitutes the changelog header. This means +that consumers of rendered markdown will not be able to use a URL that +has been constructed to contain a version number anchor tag reference, +since the anchor tag won't exist in the rendered markdown. + +It's stronly recomended consumers use the full URL path to the release +page for a given version, as that URL is a permalink to that verison, +contains all relavent release information, and does not, otherwise, rely +on the anchor tag being excessible from the current page view. + +As an example, for version `2.0.0` of a GitHub project, the following +URL should be used: +- https://github.com/conventional-changelog/releaser-tools/releases/tag/v2.0.0 + + + + <a name="0.2.8"></a> ## [0.2.8](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-atom@0.2.7...conventional-changelog-atom@0.2.8) (2018-03-28)
packages/conventional-changelog-atom/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "conventional-changelog-atom", - "version": "0.2.8", + "version": "1.0.0", "description": "conventional-changelog atom preset", "main": "index.js", "scripts": {
packages/conventional-changelog/CHANGELOG.md+20 −2 modified@@ -3,15 +3,33 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. - <a name="1.1.24"></a> + <a name="2.0.0"></a> +# [2.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog@1.1.24...conventional-changelog@2.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). + + + + + <a name="1.1.24"></a> ## [1.1.24](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog@1.1.23...conventional-changelog@1.1.24) (2018-04-16) **Note:** Version bump only for package conventional-changelog - <a name="1.1.23"></a> +<a name="1.1.23"></a> ## [1.1.23](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog@1.1.22...conventional-changelog@1.1.23) (2018-03-28)
packages/conventional-changelog-cli/CHANGELOG.md+18 −0 modified@@ -3,6 +3,24 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="2.0.0"></a> +# [2.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-cli@1.3.22...conventional-changelog-cli@2.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). + + + + <a name="1.3.22"></a> ## [1.3.22](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-cli@1.3.21...conventional-changelog-cli@1.3.22) (2018-04-16)
packages/conventional-changelog-cli/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "conventional-changelog-cli", - "version": "1.3.22", + "version": "2.0.0", "description": "Generate a changelog from git metadata", "bugs": { "url": "https://github.com/conventional-changelog/conventional-changelog/issues" @@ -39,7 +39,7 @@ }, "dependencies": { "add-stream": "^1.0.0", - "conventional-changelog": "^1.1.24", + "conventional-changelog": "^2.0.0", "lodash": "^4.2.1", "meow": "^4.0.0", "tempfile": "^1.1.1"
packages/conventional-changelog-codemirror/CHANGELOG.md+38 −0 modified@@ -3,6 +3,44 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="1.0.0"></a> +# [1.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-codemirror@0.3.8...conventional-changelog-codemirror@1.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### Code Refactoring + +* remove anchor from header templates ([#301](https://github.com/conventional-changelog/conventional-changelog/issues/301)) ([346f24f](https://github.com/conventional-changelog/conventional-changelog/commit/346f24f)), closes [#186](https://github.com/conventional-changelog/conventional-changelog/issues/186) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). +* Anchor tags are removed from the changelog header templates. The +rendered Markdown will no longer contain anchor tags proceeding the +version number header that constitutes the changelog header. This means +that consumers of rendered markdown will not be able to use a URL that +has been constructed to contain a version number anchor tag reference, +since the anchor tag won't exist in the rendered markdown. + +It's stronly recomended consumers use the full URL path to the release +page for a given version, as that URL is a permalink to that verison, +contains all relavent release information, and does not, otherwise, rely +on the anchor tag being excessible from the current page view. + +As an example, for version `2.0.0` of a GitHub project, the following +URL should be used: +- https://github.com/conventional-changelog/releaser-tools/releases/tag/v2.0.0 + + + + <a name="0.3.8"></a> ## [0.3.8](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-codemirror@0.3.7...conventional-changelog-codemirror@0.3.8) (2018-03-28)
packages/conventional-changelog-codemirror/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "conventional-changelog-codemirror", - "version": "0.3.8", + "version": "1.0.0", "description": "conventional-changelog CodeMirror preset", "main": "index.js", "scripts": {
packages/conventional-changelog-core/CHANGELOG.md+18 −0 modified@@ -3,6 +3,24 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="3.0.0"></a> +# [3.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-core@2.0.11...conventional-changelog-core@3.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). + + + + <a name="2.0.11"></a> ## [2.0.11](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-core@2.0.10...conventional-changelog-core@2.0.11) (2018-04-16)
packages/conventional-changelog-core/package.json+5 −5 modified@@ -1,6 +1,6 @@ { "name": "conventional-changelog-core", - "version": "2.0.11", + "version": "3.0.0", "description": "conventional-changelog core", "repository": { "type": "git", @@ -26,13 +26,13 @@ }, "homepage": "https://github.com/conventional-changelog/conventional-changelog/tree/master/packages/conventional-changelog-core#readme", "dependencies": { - "conventional-changelog-writer": "^3.0.9", - "conventional-commits-parser": "^2.1.7", + "conventional-changelog-writer": "^4.0.0", + "conventional-commits-parser": "^3.0.0", "dateformat": "^3.0.0", "get-pkg-repo": "^1.0.0", - "git-raw-commits": "^1.3.6", + "git-raw-commits": "^2.0.0", "git-remote-origin-url": "^2.0.0", - "git-semver-tags": "^1.3.6", + "git-semver-tags": "^2.0.0", "lodash": "^4.2.1", "normalize-package-data": "^2.3.5", "q": "^1.5.1",
packages/conventional-changelog-ember/CHANGELOG.md+38 −0 modified@@ -3,6 +3,44 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="1.0.0"></a> +# [1.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-ember@0.3.12...conventional-changelog-ember@1.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### Code Refactoring + +* remove anchor from header templates ([#301](https://github.com/conventional-changelog/conventional-changelog/issues/301)) ([346f24f](https://github.com/conventional-changelog/conventional-changelog/commit/346f24f)), closes [#186](https://github.com/conventional-changelog/conventional-changelog/issues/186) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). +* Anchor tags are removed from the changelog header templates. The +rendered Markdown will no longer contain anchor tags proceeding the +version number header that constitutes the changelog header. This means +that consumers of rendered markdown will not be able to use a URL that +has been constructed to contain a version number anchor tag reference, +since the anchor tag won't exist in the rendered markdown. + +It's stronly recomended consumers use the full URL path to the release +page for a given version, as that URL is a permalink to that verison, +contains all relavent release information, and does not, otherwise, rely +on the anchor tag being excessible from the current page view. + +As an example, for version `2.0.0` of a GitHub project, the following +URL should be used: +- https://github.com/conventional-changelog/releaser-tools/releases/tag/v2.0.0 + + + + <a name="0.3.12"></a> ## [0.3.12](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-ember@0.3.11...conventional-changelog-ember@0.3.12) (2018-04-16)
packages/conventional-changelog-ember/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "conventional-changelog-ember", - "version": "0.3.12", + "version": "1.0.0", "description": "conventional-changelog ember preset", "main": "index.js", "scripts": { @@ -35,7 +35,7 @@ }, "homepage": "https://github.com/conventional-changelog/conventional-changelog/tree/master/packages/conventional-changelog-ember#readme", "devDependencies": { - "conventional-changelog-core": "^2.0.11", + "conventional-changelog-core": "^3.0.0", "git-dummy-commit": "^1.2.0", "shelljs": "^0.8.0", "through2": "^2.0.0"
packages/conventional-changelog-eslint/CHANGELOG.md+38 −0 modified@@ -3,6 +3,44 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="2.0.0"></a> +# [2.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-eslint@1.0.9...conventional-changelog-eslint@2.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### Code Refactoring + +* remove anchor from header templates ([#301](https://github.com/conventional-changelog/conventional-changelog/issues/301)) ([346f24f](https://github.com/conventional-changelog/conventional-changelog/commit/346f24f)), closes [#186](https://github.com/conventional-changelog/conventional-changelog/issues/186) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). +* Anchor tags are removed from the changelog header templates. The +rendered Markdown will no longer contain anchor tags proceeding the +version number header that constitutes the changelog header. This means +that consumers of rendered markdown will not be able to use a URL that +has been constructed to contain a version number anchor tag reference, +since the anchor tag won't exist in the rendered markdown. + +It's stronly recomended consumers use the full URL path to the release +page for a given version, as that URL is a permalink to that verison, +contains all relavent release information, and does not, otherwise, rely +on the anchor tag being excessible from the current page view. + +As an example, for version `2.0.0` of a GitHub project, the following +URL should be used: +- https://github.com/conventional-changelog/releaser-tools/releases/tag/v2.0.0 + + + + <a name="1.0.9"></a> ## [1.0.9](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-eslint@1.0.8...conventional-changelog-eslint@1.0.9) (2018-03-28)
packages/conventional-changelog-eslint/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "conventional-changelog-eslint", - "version": "1.0.9", + "version": "2.0.0", "description": "conventional-changelog eslint preset", "main": "index.js", "scripts": {
packages/conventional-changelog-express/CHANGELOG.md+18 −0 modified@@ -3,6 +3,24 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="1.0.0"></a> +# [1.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-express@0.3.6...conventional-changelog-express@1.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). + + + + <a name="0.3.6"></a> ## [0.3.6](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-express@0.3.5...conventional-changelog-express@0.3.6) (2018-03-27)
packages/conventional-changelog-express/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "conventional-changelog-express", - "version": "0.3.6", + "version": "1.0.0", "description": "conventional-changelog express preset", "main": "index.js", "scripts": {
packages/conventional-changelog-jquery/CHANGELOG.md+38 −0 modified@@ -3,6 +3,44 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="2.0.0"></a> +# [2.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-jquery@1.3.9...conventional-changelog-jquery@2.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### Code Refactoring + +* remove anchor from header templates ([#301](https://github.com/conventional-changelog/conventional-changelog/issues/301)) ([346f24f](https://github.com/conventional-changelog/conventional-changelog/commit/346f24f)), closes [#186](https://github.com/conventional-changelog/conventional-changelog/issues/186) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). +* Anchor tags are removed from the changelog header templates. The +rendered Markdown will no longer contain anchor tags proceeding the +version number header that constitutes the changelog header. This means +that consumers of rendered markdown will not be able to use a URL that +has been constructed to contain a version number anchor tag reference, +since the anchor tag won't exist in the rendered markdown. + +It's stronly recomended consumers use the full URL path to the release +page for a given version, as that URL is a permalink to that verison, +contains all relavent release information, and does not, otherwise, rely +on the anchor tag being excessible from the current page view. + +As an example, for version `2.0.0` of a GitHub project, the following +URL should be used: +- https://github.com/conventional-changelog/releaser-tools/releases/tag/v2.0.0 + + + + <a name="1.3.9"></a> ## [1.3.9](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-jquery@1.3.8...conventional-changelog-jquery@1.3.9) (2018-04-16)
packages/conventional-changelog-jquery/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "conventional-changelog-jquery", - "version": "1.3.9", + "version": "2.0.0", "description": "conventional-changelog jquery preset", "main": "index.js", "scripts": {
packages/conventional-changelog-jshint/CHANGELOG.md+38 −0 modified@@ -3,6 +3,44 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="1.0.0"></a> +# [1.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-jshint@0.3.8...conventional-changelog-jshint@1.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### Code Refactoring + +* remove anchor from header templates ([#301](https://github.com/conventional-changelog/conventional-changelog/issues/301)) ([346f24f](https://github.com/conventional-changelog/conventional-changelog/commit/346f24f)), closes [#186](https://github.com/conventional-changelog/conventional-changelog/issues/186) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). +* Anchor tags are removed from the changelog header templates. The +rendered Markdown will no longer contain anchor tags proceeding the +version number header that constitutes the changelog header. This means +that consumers of rendered markdown will not be able to use a URL that +has been constructed to contain a version number anchor tag reference, +since the anchor tag won't exist in the rendered markdown. + +It's stronly recomended consumers use the full URL path to the release +page for a given version, as that URL is a permalink to that verison, +contains all relavent release information, and does not, otherwise, rely +on the anchor tag being excessible from the current page view. + +As an example, for version `2.0.0` of a GitHub project, the following +URL should be used: +- https://github.com/conventional-changelog/releaser-tools/releases/tag/v2.0.0 + + + + <a name="0.3.8"></a> ## [0.3.8](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-jshint@0.3.7...conventional-changelog-jshint@0.3.8) (2018-03-28)
packages/conventional-changelog-jshint/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "conventional-changelog-jshint", - "version": "0.3.8", + "version": "1.0.0", "description": "conventional-changelog jshint preset", "main": "index.js", "scripts": {
packages/conventional-changelog/package.json+9 −9 modified@@ -1,6 +1,6 @@ { "name": "conventional-changelog", - "version": "1.1.24", + "version": "2.0.0", "description": "Generate a changelog from git metadata", "repository": { "type": "git", @@ -36,16 +36,16 @@ "homepage": "https://github.com/conventional-changelog/conventional-changelog/tree/master/packages/conventional-changelog#readme", "dependencies": { "conventional-changelog-angular": "^1.6.6", - "conventional-changelog-atom": "^0.2.8", - "conventional-changelog-codemirror": "^0.3.8", - "conventional-changelog-core": "^2.0.11", - "conventional-changelog-ember": "^0.3.12", - "conventional-changelog-eslint": "^1.0.9", - "conventional-changelog-express": "^0.3.6", + "conventional-changelog-atom": "^1.0.0", + "conventional-changelog-codemirror": "^1.0.0", + "conventional-changelog-core": "^3.0.0", + "conventional-changelog-ember": "^1.0.0", + "conventional-changelog-eslint": "^2.0.0", + "conventional-changelog-express": "^1.0.0", "conventional-changelog-jquery": "^0.1.0", "conventional-changelog-jscs": "^0.1.0", - "conventional-changelog-jshint": "^0.3.8", - "conventional-changelog-preset-loader": "^1.1.8" + "conventional-changelog-jshint": "^1.0.0", + "conventional-changelog-preset-loader": "^2.0.0" }, "devDependencies": { "shelljs": "^0.8.0",
packages/conventional-changelog-preset-loader/CHANGELOG.md+18 −0 modified@@ -3,6 +3,24 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="2.0.0"></a> +# [2.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-preset-loader@1.1.8...conventional-changelog-preset-loader@2.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). + + + + <a name="1.1.8"></a> ## [1.1.8](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-preset-loader@1.1.7...conventional-changelog-preset-loader@1.1.8) (2018-03-27)
packages/conventional-changelog-preset-loader/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "conventional-changelog-preset-loader", - "version": "1.1.8", + "version": "2.0.0", "description": "Configuration preset loader for `conventional-changelog`.", "repository": { "type": "git",
packages/conventional-changelog-writer/CHANGELOG.md+40 −2 modified@@ -3,7 +3,45 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. - <a name="3.0.9"></a> + <a name="4.0.0"></a> +# [4.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-writer@3.0.9...conventional-changelog-writer@4.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### Code Refactoring + +* remove anchor from header templates ([#301](https://github.com/conventional-changelog/conventional-changelog/issues/301)) ([346f24f](https://github.com/conventional-changelog/conventional-changelog/commit/346f24f)), closes [#186](https://github.com/conventional-changelog/conventional-changelog/issues/186) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). +* Anchor tags are removed from the changelog header templates. The +rendered Markdown will no longer contain anchor tags proceeding the +version number header that constitutes the changelog header. This means +that consumers of rendered markdown will not be able to use a URL that +has been constructed to contain a version number anchor tag reference, +since the anchor tag won't exist in the rendered markdown. + +It's stronly recomended consumers use the full URL path to the release +page for a given version, as that URL is a permalink to that verison, +contains all relavent release information, and does not, otherwise, rely +on the anchor tag being excessible from the current page view. + +As an example, for version `2.0.0` of a GitHub project, the following +URL should be used: +- https://github.com/conventional-changelog/releaser-tools/releases/tag/v2.0.0 + + + + + <a name="3.0.9"></a> ## [3.0.9](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-writer@3.0.8...conventional-changelog-writer@3.0.9) (2018-03-28) @@ -14,7 +52,7 @@ See [Conventional Commits](https://conventionalcommits.org) for commit guideline - <a name="3.0.8"></a> +<a name="3.0.8"></a> ## [3.0.8](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-changelog-writer@3.0.7...conventional-changelog-writer@3.0.8) (2018-03-27)
packages/conventional-changelog-writer/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "conventional-changelog-writer", - "version": "3.0.9", + "version": "4.0.0", "description": "Write logs based on conventional commits and templates", "bugs": { "url": "https://github.com/conventional-changelog/conventional-changelog/issues" @@ -37,7 +37,7 @@ ], "dependencies": { "compare-func": "^1.3.1", - "conventional-commits-filter": "^1.1.6", + "conventional-commits-filter": "^2.0.0", "dateformat": "^3.0.0", "handlebars": "^4.0.2", "json-stringify-safe": "^5.0.1",
packages/conventional-commits-filter/CHANGELOG.md+18 −0 modified@@ -3,6 +3,24 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="2.0.0"></a> +# [2.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-commits-filter@1.1.6...conventional-commits-filter@2.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). + + + + <a name="1.1.6"></a> ## [1.1.6](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-commits-filter@1.1.5...conventional-commits-filter@1.1.6) (2018-03-22)
packages/conventional-commits-filter/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "conventional-commits-filter", - "version": "1.1.6", + "version": "2.0.0", "description": "Filter out reverted commits parsed by conventional-commits-parser", "bugs": { "url": "https://github.com/conventional-changelog/conventional-changelog/issues"
packages/conventional-commits-parser/CHANGELOG.md+20 −2 modified@@ -3,15 +3,33 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. - <a name="2.1.7"></a> + <a name="3.0.0"></a> +# [3.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-commits-parser@2.1.7...conventional-commits-parser@3.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). + + + + + <a name="2.1.7"></a> ## [2.1.7](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-commits-parser@2.1.6...conventional-commits-parser@2.1.7) (2018-03-27) **Note:** Version bump only for package conventional-commits-parser - <a name="2.1.6"></a> +<a name="2.1.6"></a> ## [2.1.6](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-commits-parser@2.1.5...conventional-commits-parser@2.1.6) (2018-03-22)
packages/conventional-commits-parser/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "conventional-commits-parser", - "version": "2.1.7", + "version": "3.0.0", "description": "Parse raw conventional commits", "bugs": { "url": "https://github.com/conventional-changelog/conventional-changelog/issues"
packages/conventional-recommended-bump/CHANGELOG.md+18 −0 modified@@ -3,6 +3,24 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="3.0.0"></a> +# [3.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-recommended-bump@2.0.9...conventional-recommended-bump@3.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). + + + + <a name="2.0.9"></a> ## [2.0.9](https://github.com/conventional-changelog/conventional-changelog/compare/conventional-recommended-bump@2.0.8...conventional-recommended-bump@2.0.9) (2018-04-16)
packages/conventional-recommended-bump/package.json+6 −6 modified@@ -1,6 +1,6 @@ { "name": "conventional-recommended-bump", - "version": "2.0.9", + "version": "3.0.0", "description": "Get a recommended version bump based on conventional commits", "bugs": { "url": "https://github.com/conventional-changelog/conventional-changelog/issues" @@ -32,11 +32,11 @@ ], "dependencies": { "concat-stream": "^1.6.0", - "conventional-changelog-preset-loader": "^1.1.8", - "conventional-commits-filter": "^1.1.6", - "conventional-commits-parser": "^2.1.7", - "git-raw-commits": "^1.3.6", - "git-semver-tags": "^1.3.6", + "conventional-changelog-preset-loader": "^2.0.0", + "conventional-commits-filter": "^2.0.0", + "conventional-commits-parser": "^3.0.0", + "git-raw-commits": "^2.0.0", + "git-semver-tags": "^2.0.0", "meow": "^4.0.0", "q": "^1.5.1" },
packages/git-raw-commits/CHANGELOG.md+18 −0 modified@@ -3,6 +3,24 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="2.0.0"></a> +# [2.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/git-raw-commits@1.3.6...git-raw-commits@2.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). + + + + <a name="1.3.6"></a> ## [1.3.6](https://github.com/conventional-changelog/conventional-changelog/compare/git-raw-commits@1.3.5...git-raw-commits@1.3.6) (2018-03-27)
packages/git-raw-commits/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "git-raw-commits", - "version": "1.3.6", + "version": "2.0.0", "description": "Get raw git commits out of your repository using git-log(1)", "bugs": { "url": "https://github.com/conventional-changelog/conventional-changelog/issues"
packages/git-semver-tags/CHANGELOG.md+18 −0 modified@@ -3,6 +3,24 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="2.0.0"></a> +# [2.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/git-semver-tags@1.3.6...git-semver-tags@2.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). + + + + <a name="1.3.6"></a> ## [1.3.6](https://github.com/conventional-changelog/conventional-changelog/compare/git-semver-tags@1.3.5...git-semver-tags@1.3.6) (2018-03-27)
packages/git-semver-tags/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "git-semver-tags", - "version": "1.3.6", + "version": "2.0.0", "description": "Get all git semver tags of your repository in reverse chronological order", "bugs": { "url": "https://github.com/conventional-changelog/conventional-changelog/issues"
packages/gulp-conventional-changelog/CHANGELOG.md+18 −0 modified@@ -3,6 +3,24 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="2.0.0"></a> +# [2.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/gulp-conventional-changelog@1.1.24...gulp-conventional-changelog@2.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). + + + + <a name="1.1.24"></a> ## [1.1.24](https://github.com/conventional-changelog/conventional-changelog/compare/gulp-conventional-changelog@1.1.23...gulp-conventional-changelog@1.1.24) (2018-04-16)
packages/gulp-conventional-changelog/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "gulp-conventional-changelog", - "version": "1.1.24", + "version": "2.0.0", "description": "Generate a changelog using conventional-changelog", "license": "MIT", "bugs": { @@ -37,7 +37,7 @@ "dependencies": { "add-stream": "^1.0.0", "concat-stream": "^1.6.0", - "conventional-changelog": "^1.1.24", + "conventional-changelog": "^2.0.0", "fancy-log": "^1.3.2", "object-assign": "^4.0.1", "plugin-error": "^1.0.1",
packages/standard-changelog/CHANGELOG.md+18 −0 modified@@ -3,6 +3,24 @@ All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. +<a name="2.0.0"></a> +# [2.0.0](https://github.com/conventional-changelog/conventional-changelog/compare/standard-changelog@1.0.19...standard-changelog@2.0.0) (2018-05-29) + + +### Chores + +* **package:** set Node requirement to oldest supported LTS ([#329](https://github.com/conventional-changelog/conventional-changelog/issues/329)) ([cae2fe0](https://github.com/conventional-changelog/conventional-changelog/commit/cae2fe0)) + + +### BREAKING CHANGES + +* **package:** Set the package's minimum required Node version to be the oldest LTS +currently supported by the Node Release working group. At this time, +that is Node 6 (which is in its Maintenance LTS phase). + + + + <a name="1.0.19"></a> ## [1.0.19](https://github.com/conventional-changelog/conventional-changelog/compare/standard-changelog@1.0.18...standard-changelog@1.0.19) (2018-04-16)
packages/standard-changelog/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "standard-changelog", - "version": "1.0.19", + "version": "2.0.0", "description": "Generate a changelog from git metadata with Angular commit convention", "bugs": { "url": "https://github.com/conventional-changelog/conventional-changelog/issues" @@ -29,7 +29,7 @@ "add-stream": "^1.0.0", "chalk": "^1.1.3", "conventional-changelog-angular": "^1.6.6", - "conventional-changelog-core": "^2.0.11", + "conventional-changelog-core": "^3.0.0", "figures": "^1.5.0", "fs-access": "^1.0.0", "lodash": "^4.2.1",
d95c9ffac05afix(git-client)!: ability to pass additional git params is removed by security reasons (#1325)
11 files changed · +92 −158
packages/conventional-changelog-core/test/index.spec.js+3 −1 modified@@ -730,7 +730,9 @@ describe('conventional-changelog-core', () => { await expect(async () => { for await (let chunk of conventionalChangelogCore({}, {}, { - unknowOptions: false + get since () { + throw new Error('Error in git-raw-commits:') + } })) { chunk = chunk.toString() }
packages/conventional-recommended-bump/src/bumper.ts+6 −7 modified@@ -4,8 +4,7 @@ import type { } from 'conventional-commits-parser' import type { GetSemverTagsParams, - GetCommitsParams, - Params + GetCommitsParams } from '@conventional-changelog/git-client' import type { UnknownPresetCreatorParams, @@ -48,12 +47,12 @@ export class Bumper { this.commitsGetter = () => this.getCommits() } - private getLastSemverTag(params?: GetSemverTagsParams & Params) { + private getLastSemverTag(params?: GetSemverTagsParams) { return this.gitClient.getLastSemverTag(params) } private async* getCommits( - params?: GetCommitsParams & Params, + params?: GetCommitsParams, parserOptions?: ParserStreamOptions ) { yield* this.gitClient.getCommits({ @@ -110,7 +109,7 @@ export class Bumper { * @param paramsOrTag - Params to get the last semver tag or a tag name * @returns this */ - tag(paramsOrTag: GetSemverTagsParams & Params | string) { + tag(paramsOrTag: GetSemverTagsParams | string) { if (typeof paramsOrTag === 'string') { this.tagGetter = () => paramsOrTag } else { @@ -126,15 +125,15 @@ export class Bumper { * @param parserOptions - Parser options * @returns this */ - commits(params: GetCommitsParams & Params, parserOptions?: ParserStreamOptions): this + commits(params: GetCommitsParams, parserOptions?: ParserStreamOptions): this /** * Set commits since last release * @param commits - Iterable or async iterable of commits * @returns this */ commits(commits: Iterable<Commit> | AsyncIterable<Commit>): this commits( - paramsOrCommits: GetCommitsParams & Params | Iterable<Commit> | AsyncIterable<Commit>, + paramsOrCommits: GetCommitsParams | Iterable<Commit> | AsyncIterable<Commit>, parserOptions?: ParserStreamOptions ) { if (isIterable(paramsOrCommits)) {
packages/conventional-recommended-bump/src/cli/options.ts+5 −5 modified@@ -1,13 +1,13 @@ import type { ParserStreamOptions } from 'conventional-commits-parser' -import type { GetCommitsParams, GetSemverTagsParams, Params } from '@conventional-changelog/git-client' +import type { GetCommitsParams, GetSemverTagsParams } from '@conventional-changelog/git-client' import { packagePrefix } from '@conventional-changelog/git-client' function trim(str: string) { return str.trim() } -export function parseTagsOptions(options: Record<string, unknown>): GetSemverTagsParams & Params | null { - const result: GetSemverTagsParams & Params = {} +export function parseTagsOptions(options: Record<string, unknown>): GetSemverTagsParams | null { + const result: GetSemverTagsParams = {} if (typeof options.tagPrefix === 'string') { result.prefix = options.tagPrefix @@ -28,8 +28,8 @@ export function parseTagsOptions(options: Record<string, unknown>): GetSemverTag return result } -export function parseCommitsOptions(options: Record<string, unknown>): GetCommitsParams & Params | null { - const result: GetCommitsParams & Params = {} +export function parseCommitsOptions(options: Record<string, unknown>): GetCommitsParams | null { + const result: GetCommitsParams = {} if (typeof options.commitPath === 'string') { result.path = options.commitPath
packages/conventional-recommended-bump/src/types.ts+3 −4 modified@@ -4,8 +4,7 @@ import type { } from 'conventional-commits-parser' import type { GetSemverTagsParams, - GetCommitsParams, - Params + GetCommitsParams } from '@conventional-changelog/git-client' export interface BumperRecommendation { @@ -16,7 +15,7 @@ export interface BumperRecommendation { export interface Preset { whatBump(commits: Commit[]): Promise<BumperRecommendation | null | undefined> - tags?: GetSemverTagsParams & Params - commits?: GetCommitsParams & Params + tags?: GetSemverTagsParams + commits?: GetCommitsParams parser?: ParserStreamOptions }
packages/git-client/src/ConventionalGitClient.ts+7 −9 modified@@ -7,8 +7,7 @@ import type { filterRevertedCommits } from 'conventional-commits-filter' import semver from 'semver' import type { GetCommitsParams, - GetSemverTagsParams, - Params + GetSemverTagsParams } from './types.js' import { GitClient } from './GitClient.js' import { getFirstFromStream } from './utils.js' @@ -59,7 +58,7 @@ export class ConventionalGitClient extends GitClient { * @yields Raw commits data. */ async* getCommits( - params: GetCommitsParams & Params = {}, + params: GetCommitsParams = {}, parserOptions: ParserStreamOptions = {} ): AsyncIterable<Commit> { const { filterReverts, ...gitLogParams } = params @@ -84,14 +83,13 @@ export class ConventionalGitClient extends GitClient { * @param params.clean - Clean version from prefix and trash. * @yields Semver tags. */ - async* getSemverTags(params: GetSemverTagsParams & Params = {}) { + async* getSemverTags(params: GetSemverTagsParams = {}) { const { prefix, skipUnstable, - clean, - ...restParams + clean } = params - const tagsStream = this.getTags(restParams) + const tagsStream = this.getTags() const unstableTagRegex = /\d+\.\d+\.\d+-.+/ const cleanTag = clean ? (tag: string, unprefixed?: string) => semver.clean(unprefixed || tag) @@ -135,7 +133,7 @@ export class ConventionalGitClient extends GitClient { * @param params - getSemverTags params. * @returns Last semver tag, `null` if not found. */ - async getLastSemverTag(params: GetSemverTagsParams & Params = {}) { + async getLastSemverTag(params: GetSemverTagsParams = {}) { return getFirstFromStream(this.getSemverTags(params)) } @@ -144,7 +142,7 @@ export class ConventionalGitClient extends GitClient { * @param params - Additional git params. * @returns Current sematic version, `null` if not found. */ - async getVersionFromTags(params: GetSemverTagsParams & Params = {}) { + async getVersionFromTags(params: GetSemverTagsParams = {}) { const semverTagsStream = this.getSemverTags({ clean: true, ...params
packages/git-client/src/GitClient.spec.ts+1 −1 modified@@ -101,7 +101,7 @@ describe('git-client', () => { it('should pass raw args', async () => { await delay(1000) - const now = new Date().toISOString() + const now = new Date() testTools.writeFileSync('test2', 'hello') testTools.exec('git add --all && git commit -m"chore: hello"')
packages/git-client/src/GitClient.ts+35 −40 modified@@ -3,13 +3,13 @@ import { stdoutSpawn, splitStream, getFirstFromStream, - formatArgs + formatArgs, + toArray } from './utils.js' import type { GitLogParams, GitCommitParams, GitTagParams, - Params, Arg } from './types.js' @@ -43,24 +43,29 @@ export class GitClient { * @param params.format - Commits format. * @yields Raw commits data. */ - async* getRawCommits(params: GitLogParams & Params = {}) { + async* getRawCommits(params: GitLogParams = {}) { const { path, from = '', to = 'HEAD', format = '%B', ignore, - ...restParams + reverse, + merges, + since } = params const shouldNotIgnore = ignore ? (chunk: string) => !ignore.test(chunk) : () => true const args = this.formatArgs( 'log', `--format=${format}%n${SCISSOR}`, + since && `--since=${since instanceof Date ? since.toISOString() : since}`, + reverse && '--reverse', + merges && '--merges', + merges === false && '--no-merges', [from, to].filter(Boolean).join('..'), - restParams, - path && ['--', path] + ...path ? ['--', ...toArray(path)] : [] ) const stdout = stdoutSpawn('git', args, { cwd: this.cwd @@ -77,17 +82,15 @@ export class GitClient { /** * Get tags stream. - * @param params - Additional git params. * @yields Tags */ - async* getTags(params: Params = {}) { + async* getTags() { const tagRegex = /tag:\s*(.+?)[,)]/gi const args = this.formatArgs( 'log', '--decorate', '--no-color', - '--date-order', - params + '--date-order' ) const stdout = stdoutSpawn('git', args, { cwd: this.cwd @@ -107,24 +110,22 @@ export class GitClient { /** * Get last tag. - * @param params - Additional git params. * @returns Last tag, `null` if not found. */ - async getLastTag(params: Params = {}) { - return getFirstFromStream(this.getTags(params)) + async getLastTag() { + return getFirstFromStream(this.getTags()) } /** * Check file is ignored via .gitignore. * @param file - Path to target file. - * @param params - Additional git params. * @returns Boolean value. */ - async checkIgnore(file: string, params: Params = {}) { + async checkIgnore(file: string) { const args = this.formatArgs( 'check-ignore', - file, - params + '--', + file ) try { @@ -141,13 +142,12 @@ export class GitClient { /** * Add files to git index. * @param files - Files to stage. - * @param params - Additional git params. */ - async add(files: string | string[], params: Params = {}) { + async add(files: string | string[]) { const args = this.formatArgs( 'add', - files, - params + '--', + ...toArray(files) ) await spawn('git', args, { @@ -163,22 +163,21 @@ export class GitClient { * @param params.files * @param params.message */ - async commit(params: GitCommitParams & Params) { + async commit(params: GitCommitParams) { const { verify = true, sign = false, files = [], - message, - ...restParams + message } = params const args = this.formatArgs( 'commit', !verify && '--no-verify', sign && '-S', - files, '-m', message, - restParams + '--', + ...files ) await spawn('git', args, { @@ -193,12 +192,11 @@ export class GitClient { * @param params.name * @param params.message */ - async tag(params: GitTagParams & Params) { + async tag(params: GitTagParams) { let { sign = false, name, - message, - ...restParams + message } = params if (sign) { @@ -209,9 +207,9 @@ export class GitClient { 'tag', sign && '-s', message && '-a', - name, - message && ['-m', message], - restParams + ...message ? ['-m', message] : [], + '--', + name ) await spawn('git', args, { @@ -221,15 +219,13 @@ export class GitClient { /** * Get current branch name. - * @param params - Additional git params. * @returns Current branch name. */ - async getCurrentBranch(params: Params = {}) { + async getCurrentBranch() { const args = this.formatArgs( 'rev-parse', '--abbrev-ref', - 'HEAD', - params + 'HEAD' ) const branch = ( await spawn('git', args, { @@ -243,15 +239,14 @@ export class GitClient { /** * Push changes to remote. * @param branch - * @param params - Additional git params. */ - async push(branch: string, params: Params = {}) { + async push(branch: string) { const args = this.formatArgs( 'push', '--follow-tags', 'origin', - branch, - params + '--', + branch ) await spawn('git', args, {
packages/git-client/src/types.ts+13 −7 modified@@ -19,6 +19,18 @@ export interface GitLogParams { * Pattern to filter commits. */ ignore?: RegExp + /** + * Get commits since specific date. + */ + since?: Date | string + /** + * Get commits in reverse order. + */ + reverse?: boolean + /** + * Get merge commits or not. + */ + merges?: boolean } export interface GetCommitsParams extends GitLogParams { @@ -56,10 +68,4 @@ export interface GetSemverTagsParams { clean?: boolean } -export type Value = string | number | boolean | RegExp | null | undefined - -export type Param = Value | Value[] - -export type Params = Record<string, Param> - -export type Arg = Value | Params | Arg[] +export type Arg = string | false | null | undefined
packages/git-client/src/utils.spec.ts+0 −15 modified@@ -99,21 +99,6 @@ describe('git-client', () => { expect(formatArgs('git', 'log', '')).toEqual(['git', 'log']) expect(formatArgs('git', 'log', null)).toEqual(['git', 'log']) }) - - it('should format arrays', () => { - expect(formatArgs('git', ['log', ['']])).toEqual(['git', 'log']) - expect(formatArgs('git', ['log', [null]])).toEqual(['git', 'log']) - }) - - it('should format params object', () => { - const date = new Date().toISOString() - - expect(formatArgs('git', [ - { - since: date - } - ])).toEqual(['git', `--since=${date}`]) - }) }) }) })
packages/git-client/src/utils.ts+14 −69 modified@@ -4,12 +4,7 @@ import { type SpawnOptionsWithoutStdio, spawn as spawnChild } from 'child_process' -import type { - Value, - Param, - Params, - Arg -} from './types.js' +import type { Arg } from './types.js' /** * Catch process error. @@ -117,76 +112,26 @@ export async function getFirstFromStream<T>(stream: AsyncIterable<T>) { return null } -/** - * Format key-value pair for cli arguments. - * @param key - * @param value - * @returns Formatted key-value pair. - */ -function formatKeyValue(key: string, value?: Value) { - return `${ - key.length === 1 ? '-' : '--' - }${ - key.replace(/[A-Z]/g, '-$&').toLowerCase() - }${ - value ? `=${value}` : '' - }` -} - -/** - * Format object params for cli arguments. - * @param params - * @returns Formatted params. - */ -function formatParams(params: Params) { - const args: string[] = [] - let key: string - let value: Param - let arrayValue: Param - - for (key in params) { - value = params[key] - - if (value === true) { - args.push(formatKeyValue(key)) - } else - if (value === false) { - args.push(formatKeyValue(`no-${key}`)) - } else - if (Array.isArray(value)) { - for (arrayValue of value) { - args.push(formatKeyValue(key, arrayValue)) - } - } else if (value) { - args.push(formatKeyValue(key, value)) - } - } - - return args -} - /** * Format arguments. * @param args * @returns Formatted arguments. */ export function formatArgs(...args: Arg[]): string[] { - const finalArgs: string[] = [] - - for (const arg of args) { - if (!arg) { - continue + return args.reduce<string[]>((finalArgs, arg) => { + if (arg) { + finalArgs.push(String(arg)) } - if (Array.isArray(arg)) { - finalArgs.push(...formatArgs(...arg)) - } else - if (typeof arg === 'object' && !(arg instanceof RegExp)) { - finalArgs.push(...formatParams(arg)) - } else { - finalArgs.push(String(arg)) - } - } + return finalArgs + }, []) +} - return finalArgs +/** + * Convert value to array. + * @param value + * @returns Array. + */ +export function toArray<T>(value: T | T[]) { + return Array.isArray(value) ? value : [value] }
vite.config.js+5 −0 modified@@ -2,6 +2,11 @@ import { defineConfig } from 'vite' export default defineConfig({ test: { + forceRerunTriggers: [ + 'packages/*/package.json', + '**/vitest.config.*', + '**/vite.config.*' + ], coverage: { reporter: ['lcovonly', 'text'] }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-vh25-5764-9wcrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-59433ghsaADVISORY
- github.com/conventional-changelog/conventional-changelog/commit/d95c9ffac05af58228bd89fa0ba37ad65741c6a2nvdWEB
- github.com/conventional-changelog/conventional-changelog/security/advisories/GHSA-vh25-5764-9wcrnvdWEB
News mentions
0No linked articles in our index yet.