chore(deps): update dependency @changesets/read to ^0.6.2

[trystendsmyth]

This updates a dependency to pass auditing.

Fix #199

[changeset-bot]

🦋 Changeset detected

Latest commit: 31c8c9f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
changesets-gitlab	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

[JounQin]

We use yarn instead.

[JounQin]

It seems there are some duplicate but incomparable @changesets/ packages, can we upgrade them together?

[trystendsmyth]

Okay thanks @JounQin I saw @changesets/errors and @changesets/parse in the package and matched with the lock versions. I'm hoping that covers related dependencies?

[JounQin]

@trystendsmyth Why other @changesets deps could not be upgraded?

[trystendsmyth]

@JounQin the intent of this PR is to fix #199 and pass audit. The package upgrades made will achieve that. I would like to propose merging this PR as is.

I am happy to follow up with another PR for full dependency upgrades, but some of those also want Node v22, so may want to be reviewed and tested separately.

[JounQin]

I don't follow which depends cross-spawn exactly, the yarn.lock doesn't show v5 to v7 change.

[trystendsmyth]

@JounQin look here where the lock file is updated to the latest version of cross-spawn. This is good enough for consuming packages to pass audit.

However if you want this package to pass audit as well, that requires a full dependency update. I can push a commit to do that, but there's a catch. One of the primary audit offenders is type-coverage. However, anything past 2.27.0 requires a later version of Node. Do you want to move your package to Node 20.x or 22.x? If so, I can do a full upgrade and change the engine node requirement. Do you want to do that?

[JounQin]

I'm fine to align node versions support with upstream.

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@changesets/git@3.0.2 🔁 npm/@changesets/git@2.0.0	None	0	71.8 kB	changesets-release-bot
npm/@changesets/parse@0.4.0 🔁 npm/@changesets/parse@0.3.16	None	0	18.8 kB	changesets-release-bot
npm/@changesets/read@0.6.2 🔁 npm/@changesets/read@0.5.9	None	+1	56.2 kB	changesets-release-bot
npm/braces@3.0.3 🔁 npm/braces@3.0.2	None	0	44.6 kB	jonschlinkert
npm/cross-spawn@7.0.6 🔁 npm/cross-spawn@5.1.0, npm/cross-spawn@7.0.3	None	0	16.1 kB	satazor
npm/fill-range@7.1.1 🔁 npm/fill-range@7.0.1	None	0	16.7 kB	jonschlinkert
npm/micromatch@4.0.8 🔁 npm/micromatch@4.0.5	None	0	56.6 kB	doowb
npm/picocolors@1.1.1 🔁 npm/picocolors@1.0.0	None	0	6.37 kB	alexeyraspopov
npm/shebang-command@2.0.0 🔁 npm/shebang-command@1.2.0	None	0	2.56 kB	kevva
npm/shebang-regex@3.0.0	None	0	2.83 kB	sindresorhus
npm/signal-exit@4.1.0	None	0	77 kB	isaacs
npm/spawndamnit@3.0.1 🔁 npm/spawndamnit@2.0.0	None	0	4.48 kB	thejameskyle
npm/which@2.0.2	environment	0	9.97 kB	isaacs

🚮 Removed packages: npm/@types/concat-stream@2.0.2, npm/levenshtein-edit-distance@1.0.0, npm/mdast-comment-marker@2.1.2, npm/mdast-util-heading-style@2.0.1, npm/pseudomap@1.0.2, npm/unified-message-control@4.0.0, npm/vfile-location@4.1.0

View full report↗︎