Skip to content

chore: Bump @metamask/auto-changelog from 5.0.2 to 5.3.1#3839

Merged
FrederikBolding merged 1 commit intomainfrom
dependabot/npm_and_yarn/main/metamask/auto-changelog-5.3.1
Feb 13, 2026
Merged

chore: Bump @metamask/auto-changelog from 5.0.2 to 5.3.1#3839
FrederikBolding merged 1 commit intomainfrom
dependabot/npm_and_yarn/main/metamask/auto-changelog-5.3.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 4, 2026
edited
Loading

Bumps @metamask/auto-changelog from 5.0.2 to 5.3.1.

Release notes

Sourced from @​metamask/auto-changelog's releases.

5.3.1

Fixed

  • Fixed problems with validate on Windows with CRLF (#269)

5.3.0

Added

  • Add --requirePrNumbers flag to auto-changelog update CLI command for generation-time filtering (#253)
    • When enabled, commits without PR numbers are filtered out from the changelog
    • Disabled by default for backward compatibility
    • The updateChangelog function also supports this option via the requirePrNumbers parameter

5.2.0

Added

  • Deduplicate commits with no PR number in subject (#254)
    • For commits with no PR number in the subject (non-"Squash & Merge" commits), deduplication now checks if exact description text already exists in changelog
    • Merge commits are deduplicated using commit body instead of the generic merge subject

5.1.0

Added

  • Add --useChangelogEntry to auto-changelog update (#247)
    • This will read the PR referenced in each commit message, look for CHANGELOG entry: in the PR description, and use this as the new changelog entry in the changelog (or skip if the no-changelog label is present on the PR)
    • Note that GITHUB_TOKEN must be set in order to use this option
    • The updateChangelog function also supports this option
  • Add --useShortPrLink to auto-changelog update (#247)
    • This will generate short references to PRs, e.g. [#123](https://github.com/MetaMask/auto-changelog/issues/123) instead of [#123](https://some/repo)
    • The updateChangelog function also supports this option

Changed

  • Update auto-changelog update --autoCategorize to exclude entries with certain phrases or Conventional Commit prefixes (#247)
    • If commit messages have the following prefixes they will not be automatically added to the changelog:
      • style
      • refactor
      • test
      • build
      • ci
      • release
    • If commit messages have the following phrases they will not be automatically added to the changelog:
      • Bump main version to
      • changelog
      • cherry-pick
      • cp-
      • e2e
      • flaky test
      • INFRA-
      • merge
      • New Crowdin translations
Changelog

Sourced from @​metamask/auto-changelog's changelog.

[5.3.1]

Fixed

  • Fixed problems with validate on Windows with CRLF (#269)

[5.3.0]

Added

  • Add --requirePrNumbers flag to auto-changelog update CLI command for generation-time filtering (#253)
    • When enabled, commits without PR numbers are filtered out from the changelog
    • Disabled by default for backward compatibility
    • The updateChangelog function also supports this option via the requirePrNumbers parameter

[5.2.0]

Added

  • Deduplicate commits with no PR number in subject (#254)
    • For commits with no PR number in the subject (non-"Squash & Merge" commits), deduplication now checks if exact description text already exists in changelog
    • Merge commits are deduplicated using commit body instead of the generic merge subject

[5.1.0]

Added

  • Add --useChangelogEntry to auto-changelog update (#247)
    • This will read the PR referenced in each commit message, look for CHANGELOG entry: in the PR description, and use this as the new changelog entry in the changelog (or skip if the no-changelog label is present on the PR)
    • Note that GITHUB_TOKEN must be set in order to use this option
    • The updateChangelog function also supports this option
  • Add --useShortPrLink to auto-changelog update (#247)
    • This will generate short references to PRs, e.g. [#123](https://github.com/MetaMask/auto-changelog/issues/123) instead of [#123](https://some/repo)
    • The updateChangelog function also supports this option

Changed

  • Update auto-changelog update --autoCategorize to exclude entries with certain phrases or Conventional Commit prefixes (#247)
    • If commit messages have the following prefixes they will not be automatically added to the changelog:
      • style
      • refactor
      • test
      • build
      • ci
      • release
    • If commit messages have the following phrases they will not be automatically added to the changelog:
      • Bump main version to
      • changelog
      • cherry-pick
      • cp-

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Low Risk
Dependency-only change affecting changelog generation/validation tooling; no runtime or production code changes, with risk limited to potential CI/release workflow differences.

Overview
Updates tooling dependency: bumps @metamask/auto-changelog from 5.0.2 to 5.3.1 across the monorepo (root + multiple workspace package.jsons), and refreshes yarn.lock accordingly.

The lockfile update pulls in new transitive deps (notably @octokit/rest and related @octokit/* packages) required by the newer auto-changelog CLI.

Written by Cursor Bugbot for commit 8bbf107. This will update automatically on new commits. Configure here.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 4, 2026
@dependabot dependabot bot requested a review from a team as a code owner February 4, 2026 06:04
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 4, 2026
@dependabot dependabot bot mentioned this pull request Feb 4, 2026
Closed
@socket-security
Copy link

socket-security bot commented Feb 4, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​metamask/​auto-changelog@​5.0.2 ⏵ 5.3.198100100 +192 +6100

View full report

@socket-security
Copy link

socket-security bot commented Feb 4, 2026
edited
Loading

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

  • @octokit/plugin-rest-endpoint-methods@13.3.2-cjs.1
  • @octokit/request@8.4.1
  • @octokit/types@13.10.0
  • @metamask/auto-changelog@5.3.1

View full report

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/main/metamask/auto-changelog-5.3.1 branch 3 times, most recently from 78183d2 to 801c37c Compare February 12, 2026 11:03
@dependabot
chore: Bump @metamask/auto-changelog from 5.0.2 to 5.3.1
8bbf107 
Bumps [@metamask/auto-changelog](https://github.com/MetaMask/auto-changelog) from 5.0.2 to 5.3.1.
- [Release notes](https://github.com/MetaMask/auto-changelog/releases)
- [Changelog](https://github.com/MetaMask/auto-changelog/blob/main/CHANGELOG.md)
- [Commits](MetaMask/auto-changelog@v5.0.2...v5.3.1)

---
updated-dependencies:
- dependency-name: "@metamask/auto-changelog"
  dependency-version: 5.3.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/main/metamask/auto-changelog-5.3.1 branch from 801c37c to 8bbf107 Compare February 13, 2026 08:29
@FrederikBolding
Copy link
Member

FrederikBolding commented Feb 13, 2026

@SocketSecurity ignore npm/@metamask/auto-changelog@5.3.1

False positive.

@SocketSecurity ignore npm/@octokit/plugin-rest-endpoint-methods@13.3.2-cjs.1
@SocketSecurity ignore npm/@octokit/request@8.4.1
@SocketSecurity ignore npm/@octokit/types@13.10.0

Network access expected.

@FrederikBolding FrederikBolding added this pull request to the merge queue Feb 13, 2026
Merged via the queue into main with commit c016ce5 Feb 13, 2026
134 of 135 checks passed
@FrederikBolding FrederikBolding deleted the dependabot/npm_and_yarn/main/metamask/auto-changelog-5.3.1 branch February 13, 2026 08:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FrederikBolding FrederikBolding FrederikBolding approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@FrederikBolding