Bump @metamask/auto-changelog from 4.0.0 to 5.3.0

[dependabot]

Bumps @metamask/auto-changelog from 4.0.0 to 5.3.0.

Release notes

Sourced from @​metamask/auto-changelog's releases.

5.3.0

Added

• Add --requirePrNumbers flag to auto-changelog update CLI command for generation-time filtering (#253)
  • When enabled, commits without PR numbers are filtered out from the changelog
  • Disabled by default for backward compatibility
  • The updateChangelog function also supports this option via the requirePrNumbers parameter

5.2.0

Added

• Deduplicate commits with no PR number in subject (#254)
  • For commits with no PR number in the subject (non-"Squash & Merge" commits), deduplication now checks if exact description text already exists in changelog
  • Merge commits are deduplicated using commit body instead of the generic merge subject

5.1.0

Added

• Add --useChangelogEntry to auto-changelog update (#247)
  • This will read the PR referenced in each commit message, look for CHANGELOG entry: in the PR description, and use this as the new changelog entry in the changelog (or skip if the no-changelog label is present on the PR)
  • Note that GITHUB_TOKEN must be set in order to use this option
  • The updateChangelog function also supports this option
• Add --useShortPrLink to auto-changelog update (#247)
  • This will generate short references to PRs, e.g. [#123](https://github.com/MetaMask/auto-changelog/issues/123) instead of [#123](https://some/repo)
  • The updateChangelog function also supports this option

Changed

• Update auto-changelog update --autoCategorize to exclude entries with certain phrases or Conventional Commit prefixes (#247)
  • If commit messages have the following prefixes they will not be automatically added to the changelog:
    • style
    • refactor
    • test
    • build
    • ci
    • release
  • If commit messages have the following phrases they will not be automatically added to the changelog:
    • Bump main version to
    • changelog
    • cherry-pick
    • cp-
    • e2e
    • flaky test
    • INFRA-
    • merge
    • New Crowdin translations

5.0.2

Fixed

• Fix --autoCategorize so that commit messages with Conventional Commit prefixes are categorized correctly when the prefix contains a scope (e.g. feat(scope): ...) (#240)

5.0.1

Fixed

• Fix CLI path (#235)

... (truncated)

Changelog

Sourced from @​metamask/auto-changelog's changelog.

[5.3.0]

Added

• Add --requirePrNumbers flag to auto-changelog update CLI command for generation-time filtering (#253)
  • When enabled, commits without PR numbers are filtered out from the changelog
  • Disabled by default for backward compatibility
  • The updateChangelog function also supports this option via the requirePrNumbers parameter

[5.2.0]

Added

• Deduplicate commits with no PR number in subject (#254)
  • For commits with no PR number in the subject (non-"Squash & Merge" commits), deduplication now checks if exact description text already exists in changelog
  • Merge commits are deduplicated using commit body instead of the generic merge subject

[5.1.0]

Added

• Add --useChangelogEntry to auto-changelog update (#247)
  • This will read the PR referenced in each commit message, look for CHANGELOG entry: in the PR description, and use this as the new changelog entry in the changelog (or skip if the no-changelog label is present on the PR)
  • Note that GITHUB_TOKEN must be set in order to use this option
  • The updateChangelog function also supports this option
• Add --useShortPrLink to auto-changelog update (#247)
  • This will generate short references to PRs, e.g. [#123](https://github.com/MetaMask/auto-changelog/issues/123) instead of [#123](https://some/repo)
  • The updateChangelog function also supports this option

Changed

• Update auto-changelog update --autoCategorize to exclude entries with certain phrases or Conventional Commit prefixes (#247)
  • If commit messages have the following prefixes they will not be automatically added to the changelog:
    • style
    • refactor
    • test
    • build
    • ci
    • release
  • If commit messages have the following phrases they will not be automatically added to the changelog:
    • Bump main version to
    • changelog
    • cherry-pick
    • cp-
    • e2e
    • flaky test
    • INFRA-
    • merge
    • New Crowdin translations

... (truncated)

Commits

• 55c8ffe 5.3.0 (#262)
• ebe6c6e feat(INFRA-3081): add --require-pr-numbers flag for generation-time filtering...
• e12cf19 chore: Update CODEOWNERS (#261)
• 5586ef8 5.2.0 (#260)
• c267d3a fix(INFRA-3081): implement duplicate detection for all commit types (#254)
• 47346f4 5.1.0 (#250)
• dcc88e3 fix: make useChangelogEntry and useShortPrLink optional (#249)
• f8c5f7d feat: parse CHANGELOG entry: and no-changelog (#247)
• 3d17386 fix: problems running auto-changelog on Windows (#246)
• 24fcaf3 5.0.2 (#241)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Note

Upgrade dev dependency @metamask/auto-changelog to 5.3.0 with corresponding lockfile updates (adds Octokit deps).

• Dependencies:
  • Bump @metamask/auto-changelog from ^4.0.0 to ^5.3.0 in package.json.
  • Refresh yarn.lock, adding @octokit/* dependencies and related packages; CLI bin updated to dist/cli.mjs.

^{Written by Cursor Bugbot for commit 55f5144. This will update automatically on new commits. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​metamask/​auto-changelog@​4.0.0 ⏵ 5.3.0			+1	+7

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

• @octokit/[email protected]
• @metamask/[email protected]

View full report

[mcmire]

@SocketSecurity ignore npm/@metamask/[email protected]

This looks like a false positive, this library doesn't use fetch directly. Although it is our package nonetheless.

[mcmire]

@SocketSecurity ignore npm/@octokit/[email protected]

auto-changelog uses the Octokit library internally to fetch labels for pull requests.

[cryptodev-2s]

LGTM!