fix: update semantic-release to 21.1.2

[MikeMcC399]

Issue

npm audit reports vulnerabilities. The following vulnerabilities come from the use of semantic-release@19.0.5

• ip 2.0.0 Severity: moderate
• semver 7.0.0 - 7.5.1 npm Severity: moderate

npm audit fix reports that these vulnerabilities cannot be fixed automatically.

Changes

The currently used version, semantic-release@19.0.5, was released in Aug 2022.

Update to semantic-release@21.1.2. This version has proved stable in the cypress-io/github-action where it is called through main.yml and cycjimmy/semantic-release-action.

Notes

Publishing takes place through CircleCI. The current workflow shows

cypress-example-kitchensink/.circleci/config.yml

Lines 149 to 153 in b0f85b4

	release:
	executor: cypress/default
	steps:
	- checkout
	- run: npx semantic-release@19.0.3

The version used by CircleCI 19.0.3 was mismatched to the version updated by renovate to 19.0.5. This PR aligns them again to use a common version 21.1.2 version.

This PR uses a semantic commit fix: so that a new release will be generated when the PR is merged, so also testing that it works correctly.

The CircleCI pipelines are logged to https://app.circleci.com/pipelines/github/cypress-io/cypress-example-kitchensink.

The release job runs under Node.js 18.16.1. This is not compatible with semantic-release@22.0.0 and above which requires a minimum of Node.js 18.17.0. semantic-release@21.1.2 is the highest compatible version.

[cypress-app-bot]

• Create a Draft Pull Request if your PR is not ready for review. Mark the PR as Ready for Review when you're ready for a Cypress team member to review the PR.

[jennifer-shehane]

Thanks!

[cypress-app-bot]

🎉 This PR is included in version 2.0.5 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀