[Snyk] Security upgrade @release-it/conventional-changelog from 5.1.1 to 10.0.2

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Improper Check for Unusual or Exceptional Conditions SNYK-JS-HANDLEBARS-15807042	706

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[snyk-io]

This is a major version upgrade from v5 to v10, which introduces significant breaking changes, particularly for users with advanced configurations.

Key Breaking Changes:

• writerOpts.transform Behavior: The underlying conventional-changelog-writer dependency was updated, and the commit object passed to a custom writerOpts.transform function is now read-only. Any code that directly mutates this object will fail.
• Node.js Version Support: The v10.0.0 release includes a commit to "bump engines.node", indicating a drop in support for older Node.js versions. While the exact version is not specified in the release notes, it is common for this library to follow the main release-it package, which has progressively dropped support for Node.js versions below 14/16 in its recent major releases.

Recommendation:

• Verify writerOpts.transform usage: If you use a custom transform function in your .release-it.js configuration, you must refactor it to return a new, modified object instead of mutating the original. For example:
  • Old (will break): transform: commit => { commit.scope = '...'; return commit; }
  • New (required): transform: commit => ({ ...commit, scope: '...' })
• Verify your Node.js runtime environment: Ensure your CI and local development environments are using a modern, supported version of Node.js (likely v14+).

Source: GitHub Releases, Package documentation

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.