Plugin considers the release successful but received 403 from npm

[antongolub]

semantic-release: 17.1.1
@semantic-release/npm: 7.0.5
npm: 7.0.0-beta.6
node: 12.18.3

{
    "branch": "master",
    "verifyConditions": [
      "@semantic-release/changelog",
      "@semantic-release/npm",
      "@semantic-release/git",
      "@qiwi/semantic-release-gh-pages-plugin"
    ],
    "prepare": [
      "@semantic-release/changelog",
      "@semantic-release/npm",
      "@semantic-release/git"
    ],
    "publish": [
      "@semantic-release/npm",
      "@semantic-release/github",
      "@qiwi/semantic-release-gh-pages-plugin"
    ]
  }

travis#376481822 and same with DEBUG travis#376491345

I assume this problem may be caused by npm v7-beta, but the release should crash on errors anyway.

[4:19:52 PM] [semantic-release] › ℹ  Start step "prepare" of plugin "@semantic-release/npm"
[4:19:52 PM] [semantic-release] [@semantic-release/npm] › ℹ  Write version 2.0.4 to package.json in /home/travis/build/antongolub/yarn-audit-fix
npm ERR! Git working directory not clean.
npm ERR! A complete log of this run can be found in:
npm ERR!     /home/travis/.npm/_logs/2020-08-22T16_19_53_083Z-debug.log
[4:19:53 PM] [semantic-release] › ✔  Completed step "prepare" of plugin "@semantic-release/npm"

[1:56:32 PM] [semantic-release] [@semantic-release/git] › ℹ  Prepared Git release: v2.0.0
[1:56:32 PM] [semantic-release] › ✔  Completed step "prepare" of plugin "@semantic-release/git"
[1:56:32 PM] [semantic-release] › ℹ  Start step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[1:56:32 PM] [semantic-release] › ✔  Completed step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[1:56:37 PM] [semantic-release] › ✔  Created tag v2.0.0
[1:56:37 PM] [semantic-release] › ℹ  Start step "publish" of plugin "@semantic-release/npm"
[1:56:37 PM] [semantic-release] [@semantic-release/npm] › ℹ  Publishing version 2.0.0 to npm registry on dist-tag latest
npm notice 
npm notice 📦  [email protected]
npm notice === Tarball Contents === 
npm notice 6.3kB CHANGELOG.md            
npm notice 1.1kB LICENSE                 
npm notice 3.8kB README.md               
npm notice 763B  flow-typed/index.flow.js
npm notice 3.7kB package.json            
npm notice 31B   target/es5/cli.d.ts     
npm notice 352B  target/es5/cli.js       
npm notice 370B  target/es5/index.d.ts   
npm notice 7.6kB target/es5/index.js     
npm notice 647B  target/es5/util.d.ts    
npm notice 3.4kB target/es5/util.js      
npm notice 31B   target/es6/cli.d.ts     
npm notice 256B  target/es6/cli.js       
npm notice 370B  target/es6/index.d.ts   
npm notice 4.1kB target/es6/index.js     
npm notice 647B  target/es6/util.d.ts    
npm notice 2.1kB target/es6/util.js      
npm notice 245B  target/ts/cli.ts        
npm notice 3.5kB target/ts/index.ts      
npm notice 2.4kB target/ts/util.ts       
npm notice 565B  typings/index.d.ts      
npm notice === Tarball Details === 
npm notice name:          yarn-audit-fix                          
npm notice version:       1.6.1                                   
npm notice filename:      yarn-audit-fix-1.6.1.tgz                
npm notice package size:  12.7 kB                                 
npm notice unpacked size: 42.3 kB                                 
npm notice shasum:        dacff494bb5d5d47f69e3ca956a99c9cb6ab4163
npm notice integrity:     sha512-QNGyysnyd52Ml[...]xJeS1NkOfWHtw==
npm notice total files:   21                                      
npm notice 
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/yarn-audit-fix - You cannot publish over the previously published versions: 1.6.1.
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.
npm ERR! A complete log of this run can be found in:
npm ERR!     /home/travis/.npm/_logs/2020-08-22T13_56_38_497Z-debug.log
[1:56:38 PM] [semantic-release] [@semantic-release/npm] › ℹ  Published [email protected] to dist-tag @latest on https://registry.npmjs.org/
[1:56:38 PM] [semantic-release] › ✔  Completed step "publish" of plugin "@semantic-release/npm"

[antongolub]

The problem is definitely relates npmV7. As soon as I removed /node_modules/.bin/npm file, the release worked correctly.
Commit and build.

[gr2m]

Out of hand, I couldn't say what's going on here, I'm afraid. If you can setup a test repository that reproduces the problem I can have a look, otherwise I won't be able to help

[antongolub]

@gr2m

Sure. Here's the repo: antongolub/yarn-audit-fix. The only is needed to reproduce the issue is just to remove/disable "rm-npm-bin": "rimraf node_modules/.bin/npm node_modules/.bin/npm.cmd" workaround.

As you can see, yaf uses [email protected] as its own dep, so semrel-npm actually invokes the same bin during release.

const result = execa(npm, ['publish', basePath, '--userconfig', npmrc, '--tag', distTag, '--registry', registry], {
      cwd,
      env,
    });

[gr2m]

I was not able to reproduce your problem, not using npm anyway

CI=true NPM_TOKEN=... GH_TOKEN=... npx semantic-release --debug
[12:27:49 PM] [semantic-release] › ℹ  Running semantic-release version 17.1.1
  semantic-release:config load config from: /private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/package.json +0ms
  semantic-release:config options values: {
  semantic-release:config   branches: [
  semantic-release:config     '+([0-9])?(.{+([0-9]),x}).x',
  semantic-release:config     'master',
  semantic-release:config     'next',
  semantic-release:config     'next-major',
  semantic-release:config     { name: 'beta', prerelease: true },
  semantic-release:config     { name: 'alpha', prerelease: true }
  semantic-release:config   ],
  semantic-release:config   repositoryUrl: 'https://github.com/gr2m/yarn-audit-fix.git',
  semantic-release:config   tagFormat: 'v${version}',
  semantic-release:config   plugins: [
  semantic-release:config     '@semantic-release/commit-analyzer',
  semantic-release:config     '@semantic-release/release-notes-generator',
  semantic-release:config     '@semantic-release/npm',
  semantic-release:config     '@semantic-release/github'
  semantic-release:config   ],
  semantic-release:config   branch: 'master',
  semantic-release:config   verifyConditions: [
  semantic-release:config     '@semantic-release/changelog',
  semantic-release:config     '@semantic-release/npm',
  semantic-release:config     '@semantic-release/git',
  semantic-release:config     '@qiwi/semantic-release-gh-pages-plugin'
  semantic-release:config   ],
  semantic-release:config   prepare: [
  semantic-release:config     '@semantic-release/changelog',
  semantic-release:config     '@semantic-release/npm',
  semantic-release:config     '@semantic-release/git'
  semantic-release:config   ],
  semantic-release:config   publish: [
  semantic-release:config     '@semantic-release/npm',
  semantic-release:config     '@semantic-release/github',
  semantic-release:config     '@qiwi/semantic-release-gh-pages-plugin'
  semantic-release:config   ],
  semantic-release:config   _: [],
  semantic-release:config   debug: true,
  semantic-release:config   '$0': 'node_modules/.bin/semantic-release'
  semantic-release:config } +6ms
  semantic-release:plugins options for @semantic-release/changelog/verifyConditions: {} +0ms
[12:27:49 PM] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "@semantic-release/changelog"
  semantic-release:plugins options for @semantic-release/npm/verifyConditions: {} +1ms
[12:27:49 PM] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "@semantic-release/npm"
  semantic-release:plugins options for @semantic-release/git/verifyConditions: {} +6ms
[12:27:49 PM] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "@semantic-release/git"
  semantic-release:plugins options for @qiwi/semantic-release-gh-pages-plugin/verifyConditions: {} +396ms
[12:27:50 PM] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "@qiwi/semantic-release-gh-pages-plugin"
  semantic-release:plugins options for @semantic-release/commit-analyzer/analyzeCommits: {} +0ms
[12:27:50 PM] [semantic-release] › ✔  Loaded plugin "analyzeCommits" from "@semantic-release/commit-analyzer"
  semantic-release:plugins options for @semantic-release/release-notes-generator/generateNotes: {} +0ms
[12:27:50 PM] [semantic-release] › ✔  Loaded plugin "generateNotes" from "@semantic-release/release-notes-generator"
  semantic-release:plugins options for @semantic-release/changelog/prepare: {} +1ms
[12:27:50 PM] [semantic-release] › ✔  Loaded plugin "prepare" from "@semantic-release/changelog"
  semantic-release:plugins options for @semantic-release/npm/prepare: {} +0ms
[12:27:50 PM] [semantic-release] › ✔  Loaded plugin "prepare" from "@semantic-release/npm"
  semantic-release:plugins options for @semantic-release/git/prepare: {} +1ms
[12:27:50 PM] [semantic-release] › ✔  Loaded plugin "prepare" from "@semantic-release/git"
  semantic-release:plugins options for @semantic-release/npm/publish: {} +0ms
[12:27:50 PM] [semantic-release] › ✔  Loaded plugin "publish" from "@semantic-release/npm"
  semantic-release:plugins options for @semantic-release/github/publish: {} +0ms
[12:27:50 PM] [semantic-release] › ✔  Loaded plugin "publish" from "@semantic-release/github"
  semantic-release:plugins options for @qiwi/semantic-release-gh-pages-plugin/publish: {} +0ms
[12:27:50 PM] [semantic-release] › ✔  Loaded plugin "publish" from "@qiwi/semantic-release-gh-pages-plugin"
  semantic-release:plugins options for @semantic-release/npm/addChannel: {} +1ms
[12:27:50 PM] [semantic-release] › ✔  Loaded plugin "addChannel" from "@semantic-release/npm"
  semantic-release:plugins options for @semantic-release/github/addChannel: {} +0ms
[12:27:50 PM] [semantic-release] › ✔  Loaded plugin "addChannel" from "@semantic-release/github"
  semantic-release:plugins options for @semantic-release/github/success: {} +0ms
[12:27:50 PM] [semantic-release] › ✔  Loaded plugin "success" from "@semantic-release/github"
  semantic-release:plugins options for @semantic-release/github/fail: {} +0ms
[12:27:50 PM] [semantic-release] › ✔  Loaded plugin "fail" from "@semantic-release/github"
  semantic-release:get-tags found tags for branch master: [ { gitTag: 'v1.0.0', version: '1.0.0', channels: [ null ] }, { gitTag: 'v1.1.0', version: '1.1.0', channels: [ null ] }, { gitTag: 'v1.1.1', version: '1.1.1', channels: [ null ] }, { gitTag: 'v1.2.0', version: '1.2.0', channels: [ null ] }, { gitTag: 'v1.2.1', version: '1.2.1', channels: [ null ] }, { gitTag: 'v1.2.2', version: '1.2.2', channels: [ null ] }, { gitTag: 'v1.3.0', version: '1.3.0', channels: [ null ] }, { gitTag: 'v1.4.0', version: '1.4.0', channels: [ null ] }, { gitTag: 'v1.4.1', version: '1.4.1', channels: [ null ] }, { gitTag: 'v1.5.0', version: '1.5.0', channels: [ null ] }, { gitTag: 'v1.5.1', version: '1.5.1', channels: [ null ] }, { gitTag: 'v1.6.0', version: '1.6.0', channels: [ null ] }, { gitTag: 'v1.6.1', version: '1.6.1', channels: [ null ] }, { gitTag: 'v2.0.0', version: '2.0.0', channels: [ null ] }, { gitTag: 'v2.0.1', version: '2.0.1', channels: [ null ] }, { gitTag: 'v2.0.2', version: '2.0.2', channels: [ null ] }, { gitTag: 'v2.0.3', version: '2.0.3', channels: [ null ] }, { gitTag: 'v2.0.4', version: '2.0.4', channels: [ null ] }, { gitTag: 'v2.0.5', version: '2.0.5', channels: [ null ] }, { gitTag: 'v2.0.6', version: '2.0.6', channels: [ null ] } ] +0ms
[12:27:59 PM] [semantic-release] › ✔  Run automated release from branch master on repository https://github.com/gr2m/yarn-audit-fix.git
[12:28:01 PM] [semantic-release] › ✔  Allowed to push to the Git repository
[12:28:01 PM] [semantic-release] › ℹ  Start step "verifyConditions" of plugin "@semantic-release/changelog"
[12:28:01 PM] [semantic-release] › ✔  Completed step "verifyConditions" of plugin "@semantic-release/changelog"
[12:28:01 PM] [semantic-release] › ℹ  Start step "verifyConditions" of plugin "@semantic-release/npm"
[12:28:01 PM] [semantic-release] [@semantic-release/npm] › ℹ  Verify authentication for registry https://registry.npmjs.org/
[12:28:01 PM] [semantic-release] [@semantic-release/npm] › ℹ  Reading npm config from /Users/gregor/.npmrc
gr2m
[12:28:02 PM] [semantic-release] › ✔  Completed step "verifyConditions" of plugin "@semantic-release/npm"
[12:28:02 PM] [semantic-release] › ℹ  Start step "verifyConditions" of plugin "@semantic-release/git"
[12:28:02 PM] [semantic-release] › ✔  Completed step "verifyConditions" of plugin "@semantic-release/git"
[12:28:02 PM] [semantic-release] › ℹ  Start step "verifyConditions" of plugin "@qiwi/semantic-release-gh-pages-plugin"
  semantic-release:gh-pages getRepoUrl: +0ms
  semantic-release:gh-pages urlFromEnv= undefined +0ms
  semantic-release:gh-pages urlFromStepOpts= https://github.com/gr2m/yarn-audit-fix.git +0ms
  semantic-release:gh-pages urlFromOpts= https://github.com/gr2m/yarn-audit-fix.git +0ms
  semantic-release:gh-pages urlFromPackage= git+https://github.com/gr2m/yarn-audit-fix.git +0ms
  semantic-release:gh-pages resolveConfig args: +1ms
  semantic-release:gh-pages pluginConfig= {"branches":["+([0-9])?(.{+([0-9]),x}).x","master","next","next-major",{"name":"beta","prerelease":true},{"name":"alpha","prerelease":true}],"repositoryUrl":"https://github.com/gr2m/yarn-audit-fix.git","tagFormat":"v${version}","branch":"master","_":[],"debug":true,"$0":"node_modules/.bin/semantic-release"} +0ms
  semantic-release:gh-pages path= @qiwi/semantic-release-gh-pages-plugin +0ms
  semantic-release:gh-pages step= publish +1ms
  semantic-release:gh-pages pullTagsBranch= master +0ms
[12:28:02 PM] [semantic-release] [@qiwi/semantic-release-gh-pages-plugin] › ℹ  verify gh-pages config
[12:28:02 PM] [semantic-release] › ✔  Completed step "verifyConditions" of plugin "@qiwi/semantic-release-gh-pages-plugin"
[12:28:02 PM] [semantic-release] › ℹ  Found git tag v2.0.6 associated with version 2.0.6 on branch master
  semantic-release:get-commits Use from: b809dcc3e0241fffa0f504e61a88488c7613b2fd +0ms
[12:28:02 PM] [semantic-release] › ℹ  Found 5 commits since last release
  semantic-release:get-commits Parsed commits: [ { commit: { long: '5adb72eea7d29c5946ff593afb883239633d5d0c', short: '5adb72e' }, tree: { long: '273fa1962f4a96dee43525c8df45057f3159d90b', short: '273fa19' }, author: { name: 'semantic-release-bot', email: '[email protected]', date: 2020-08-22T19:26:27.000Z }, committer: { name: 'semantic-release-bot', email: '[email protected]', date: 2020-08-22T19:26:27.000Z }, subject: 'chore(release): 2.0.6 [skip ci]', body: '## [2.0.6](https://github.com/gr2m/yarn-audit-fix/compare/v2.0.5...v2.0.6) (2020-08-22)\n' + '\n' + '### Bug Fixes\n' + '\n' + '* package update ([44b2bd9](https://github.com/gr2m/yarn-audit-fix/commit/44b2bd95d44eeb069c28914da2ad395dff99f135))\n', hash: '5adb72eea7d29c5946ff593afb883239633d5d0c', committerDate: 2020-08-22T19:26:27.000Z, message: 'chore(release): 2.0.6 [skip ci]\n' + '\n' + '## [2.0.6](https://github.com/gr2m/yarn-audit-fix/compare/v2.0.5...v2.0.6) (2020-08-22)\n' + '\n' + '### Bug Fixes\n' + '\n' + '* package update ([44b2bd9](https://github.com/gr2m/yarn-audit-fix/commit/44b2bd95d44eeb069c28914da2ad395dff99f135))', gitTags: '(HEAD -> master)' }, { commit: { long: '0a78695f264ad2b9258d59f1cc46136a3f48844c', short: '0a78695' }, tree: { long: '35a65305c2d23dd21df2b3c46a7c61d194427098', short: '35a6530' }, author: { name: 'semantic-release-bot', email: '[email protected]', date: 2020-08-22T19:25:28.000Z }, committer: { name: 'semantic-release-bot', email: '[email protected]', date: 2020-08-22T19:25:28.000Z }, subject: 'chore(release): 2.0.6 [skip ci]', body: '## [2.0.6](https://github.com/gr2m/yarn-audit-fix/compare/v2.0.5...v2.0.6) (2020-08-22)\n' + '\n' + '### Bug Fixes\n' + '\n' + '* package update ([44b2bd9](https://github.com/gr2m/yarn-audit-fix/commit/44b2bd95d44eeb069c28914da2ad395dff99f135))\n', hash: '0a78695f264ad2b9258d59f1cc46136a3f48844c', committerDate: 2020-08-22T19:25:28.000Z, message: 'chore(release): 2.0.6 [skip ci]\n' + '\n' + '## [2.0.6](https://github.com/gr2m/yarn-audit-fix/compare/v2.0.5...v2.0.6) (2020-08-22)\n' + '\n' + '### Bug Fixes\n' + '\n' + '* package update ([44b2bd9](https://github.com/gr2m/yarn-audit-fix/commit/44b2bd95d44eeb069c28914da2ad395dff99f135))', gitTags: '(origin/master, origin/HEAD)' }, { commit: { long: '0e199cd79d1180ad03550498f0274cbc99b3d2f7', short: '0e199cd' }, tree: { long: '6f680d09573f5a943cab2dffb693cb02340006ad', short: '6f680d0' }, author: { name: 'semantic-release-bot', email: '[email protected]', date: 2020-08-22T19:23:32.000Z }, committer: { name: 'semantic-release-bot', email: '[email protected]', date: 2020-08-22T19:23:32.000Z }, subject: 'chore(release): 2.0.6 [skip ci]', body: '## [2.0.6](https://github.com/gr2m/yarn-audit-fix/compare/v2.0.5...v2.0.6) (2020-08-22)\n' + '\n' + '### Bug Fixes\n' + '\n' + '* package update ([44b2bd9](https://github.com/gr2m/yarn-audit-fix/commit/44b2bd95d44eeb069c28914da2ad395dff99f135))\n', hash: '0e199cd79d1180ad03550498f0274cbc99b3d2f7', committerDate: 2020-08-22T19:23:32.000Z, message: 'chore(release): 2.0.6 [skip ci]\n' + '\n' + '## [2.0.6](https://github.com/gr2m/yarn-audit-fix/compare/v2.0.5...v2.0.6) (2020-08-22)\n' + '\n' + '### Bug Fixes\n' + '\n' + '* package update ([44b2bd9](https://github.com/gr2m/yarn-audit-fix/commit/44b2bd95d44eeb069c28914da2ad395dff99f135))', gitTags: '' }, { commit: { long: '284c9bcfd071012d16a7b949aea1df73d51e434c', short: '284c9bc' }, tree: { long: '432541f1f1ece1f80abb1388ef2a6e4f593a414d', short: '432541f' }, author: { name: 'semantic-release-bot', email: '[email protected]', date: 2020-08-22T19:22:25.000Z }, committer: { name: 'Gregor Martynus', email: '[email protected]', date: 2020-08-22T19:23:08.000Z }, subject: 'chore(release): 2.0.6 [skip ci]', body: '## [2.0.6](https://github.com/gr2m/yarn-audit-fix/compare/v2.0.5...v2.0.6) (2020-08-22)\n' + '\n' + '### Bug Fixes\n' + '\n' + '* package update ([44b2bd9](https://github.com/gr2m/yarn-audit-fix/commit/44b2bd95d44eeb069c28914da2ad395dff99f135))\n', hash: '284c9bcfd071012d16a7b949aea1df73d51e434c', committerDate: 2020-08-22T19:23:08.000Z, message: 'chore(release): 2.0.6 [skip ci]\n' + '\n' + '## [2.0.6](https://github.com/gr2m/yarn-audit-fix/compare/v2.0.5...v2.0.6) (2020-08-22)\n' + '\n' + '### Bug Fixes\n' + '\n' + '* package update ([44b2bd9](https://github.com/gr2m/yarn-audit-fix/commit/44b2bd95d44eeb069c28914da2ad395dff99f135))', gitTags: '' }, { commit: { long: '44b2bd95d44eeb069c28914da2ad395dff99f135', short: '44b2bd9' }, tree: { long: 'a6fdf5325db37436872730f5d2ae6cfa54cbf559', short: 'a6fdf53' }, author: { name: 'Gregor Martynus', email: '[email protected]', date: 2020-08-22T19:20:09.000Z }, committer: { name: 'Gregor Martynus', email: '[email protected]', date: 2020-08-22T19:22:05.000Z }, subject: 'fix: package update', body: '', hash: '44b2bd95d44eeb069c28914da2ad395dff99f135', committerDate: 2020-08-22T19:22:05.000Z, message: 'fix: package update', gitTags: '' } ] +19ms
[12:28:02 PM] [semantic-release] › ℹ  Start step "analyzeCommits" of plugin "@semantic-release/commit-analyzer"
[12:28:02 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  Analyzing commit: chore(release): 2.0.6 [skip ci]

## [2.0.6](https://github.com/gr2m/yarn-audit-fix/compare/v2.0.5...v2.0.6) (2020-08-22)

### Bug Fixes

* package update ([44b2bd9](https://github.com/gr2m/yarn-audit-fix/commit/44b2bd95d44eeb069c28914da2ad395dff99f135))
  semantic-release:commit-analyzer Analyzing with default rules +0ms
[12:28:02 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  The commit should not trigger a release
[12:28:02 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  Analyzing commit: chore(release): 2.0.6 [skip ci]

## [2.0.6](https://github.com/gr2m/yarn-audit-fix/compare/v2.0.5...v2.0.6) (2020-08-22)

### Bug Fixes

* package update ([44b2bd9](https://github.com/gr2m/yarn-audit-fix/commit/44b2bd95d44eeb069c28914da2ad395dff99f135))
  semantic-release:commit-analyzer Analyzing with default rules +1ms
[12:28:02 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  The commit should not trigger a release
[12:28:02 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  Analyzing commit: chore(release): 2.0.6 [skip ci]

## [2.0.6](https://github.com/gr2m/yarn-audit-fix/compare/v2.0.5...v2.0.6) (2020-08-22)

### Bug Fixes

* package update ([44b2bd9](https://github.com/gr2m/yarn-audit-fix/commit/44b2bd95d44eeb069c28914da2ad395dff99f135))
  semantic-release:commit-analyzer Analyzing with default rules +1ms
[12:28:02 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  The commit should not trigger a release
[12:28:02 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  Analyzing commit: chore(release): 2.0.6 [skip ci]

## [2.0.6](https://github.com/gr2m/yarn-audit-fix/compare/v2.0.5...v2.0.6) (2020-08-22)

### Bug Fixes

* package update ([44b2bd9](https://github.com/gr2m/yarn-audit-fix/commit/44b2bd95d44eeb069c28914da2ad395dff99f135))
  semantic-release:commit-analyzer Analyzing with default rules +1ms
[12:28:02 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  The commit should not trigger a release
[12:28:02 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  Analyzing commit: fix: package update
  semantic-release:commit-analyzer Analyzing with default rules +2ms
  semantic-release:commit-analyzer The rule { type: 'fix', release: 'patch' } match commit with release type 'patch' +0ms
[12:28:02 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  The release type for the commit is patch
[12:28:02 PM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  Analysis of 5 commits complete: patch release
[12:28:02 PM] [semantic-release] › ✔  Completed step "analyzeCommits" of plugin "@semantic-release/commit-analyzer"
[12:28:02 PM] [semantic-release] › ℹ  The next release version is 2.0.7
[12:28:02 PM] [semantic-release] › ℹ  Start step "generateNotes" of plugin "@semantic-release/release-notes-generator"
  semantic-release:release-notes-generator version: '2.0.7' +0ms
  semantic-release:release-notes-generator host: undefined +0ms
  semantic-release:release-notes-generator owner: 'gr2m' +1ms
  semantic-release:release-notes-generator repository: 'yarn-audit-fix' +0ms
  semantic-release:release-notes-generator previousTag: 'v2.0.6' +0ms
  semantic-release:release-notes-generator currentTag: 'v2.0.7' +0ms
  semantic-release:release-notes-generator host: 'https://github.com' +0ms
  semantic-release:release-notes-generator linkReferences: undefined +0ms
  semantic-release:release-notes-generator issue: 'issues' +0ms
  semantic-release:release-notes-generator commit: 'commit' +0ms
[12:28:02 PM] [semantic-release] › ✔  Completed step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[12:28:02 PM] [semantic-release] › ℹ  Start step "prepare" of plugin "@semantic-release/changelog"
[12:28:02 PM] [semantic-release] [@semantic-release/changelog] › ℹ  Update /private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/CHANGELOG.md
[12:28:02 PM] [semantic-release] › ✔  Completed step "prepare" of plugin "@semantic-release/changelog"
[12:28:02 PM] [semantic-release] › ℹ  Start step "prepare" of plugin "@semantic-release/npm"
[12:28:02 PM] [semantic-release] [@semantic-release/npm] › ℹ  Write version 2.0.7 to package.json in /private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK
npm ERR! Git working directory not clean.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/gregor/.npm/_logs/2020-08-22T19_28_03_201Z-debug.log
[12:28:03 PM] [semantic-release] › ✔  Completed step "prepare" of plugin "@semantic-release/npm"
[12:28:03 PM] [semantic-release] › ℹ  Start step "prepare" of plugin "@semantic-release/git"
[12:28:03 PM] [semantic-release] [@semantic-release/git] › ℹ  Found 1 file(s) to commit
  semantic-release:git add file to git index {
  command: 'git add --force --ignore-errors CHANGELOG.md',
  exitCode: 0,
  stdout: '',
  stderr: '',
  all: undefined,
  failed: false,
  timedOut: false,
  isCanceled: false,
  killed: false
} +0ms
  semantic-release:git commited files: [ 'CHANGELOG.md' ] +0ms
[12:28:08 PM] [semantic-release] [@semantic-release/git] › ℹ  Prepared Git release: v2.0.7
[12:28:08 PM] [semantic-release] › ✔  Completed step "prepare" of plugin "@semantic-release/git"
[12:28:08 PM] [semantic-release] › ℹ  Start step "generateNotes" of plugin "@semantic-release/release-notes-generator"
  semantic-release:release-notes-generator version: '2.0.7' +6s
  semantic-release:release-notes-generator host: undefined +0ms
  semantic-release:release-notes-generator owner: 'gr2m' +0ms
  semantic-release:release-notes-generator repository: 'yarn-audit-fix' +1ms
  semantic-release:release-notes-generator previousTag: 'v2.0.6' +0ms
  semantic-release:release-notes-generator currentTag: 'v2.0.7' +0ms
  semantic-release:release-notes-generator host: 'https://github.com' +0ms
  semantic-release:release-notes-generator linkReferences: undefined +0ms
  semantic-release:release-notes-generator issue: 'issues' +0ms
  semantic-release:release-notes-generator commit: 'commit' +0ms
[12:28:08 PM] [semantic-release] › ✔  Completed step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[12:28:18 PM] [semantic-release] › ✔  Created tag v2.0.7
[12:28:18 PM] [semantic-release] › ℹ  Start step "publish" of plugin "@semantic-release/npm"
[12:28:18 PM] [semantic-release] [@semantic-release/npm] › ℹ  Publishing version 2.0.7 to npm registry on dist-tag latest
npm notice 
npm notice 📦  [email protected]
npm notice === Tarball Contents === 
npm notice 8.4kB CHANGELOG.md
npm notice 1.1kB LICENSE     
npm notice 3.8kB README.md   
npm notice 4.4kB package.json
npm notice === Tarball Details === 
npm notice name:          gr2m-debug-yarn-audit-fix               
npm notice version:       2.0.6                                   
npm notice filename:      gr2m-debug-yarn-audit-fix-2.0.6.tgz     
npm notice package size:  6.1 kB                                  
npm notice unpacked size: 17.7 kB                                 
npm notice shasum:        ec895aa36ab9ad16557b06d7c9260aaed05bfba1
npm notice integrity:     sha512-SAzCS7GTSjEzI[...]JTtaXuz9EyeVA==
npm notice total files:   4                                       
npm notice 
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/gr2m-debug-yarn-audit-fix - Package name triggered spam detection; if you believe this is in error, please contact [email protected]
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/gregor/.npm/_logs/2020-08-22T19_28_19_202Z-debug.log
[12:28:19 PM] [semantic-release] [@semantic-release/npm] › ℹ  Published [email protected] to dist-tag @latest on https://registry.npmjs.org/
[12:28:19 PM] [semantic-release] › ✔  Completed step "publish" of plugin "@semantic-release/npm"
[12:28:19 PM] [semantic-release] › ℹ  Start step "publish" of plugin "@semantic-release/github"
[12:28:19 PM] [semantic-release] [@semantic-release/github] › ℹ  Verify GitHub authentication
  semantic-release:github release object: {
  semantic-release:github   owner: 'gr2m',
  semantic-release:github   repo: 'yarn-audit-fix',
  semantic-release:github   tag_name: 'v2.0.7',
  semantic-release:github   name: 'v2.0.7',
  semantic-release:github   body: '## [2.0.7](https://github.com/gr2m/yarn-audit-fix/compare/v2.0.6...v2.0.7) (2020-08-22)\n' +
  semantic-release:github     '\n' +
  semantic-release:github     '\n' +
  semantic-release:github     '### Bug Fixes\n' +
  semantic-release:github     '\n' +
  semantic-release:github     '* package update ([44b2bd9](https://github.com/gr2m/yarn-audit-fix/commit/44b2bd95d44eeb069c28914da2ad395dff99f135))\n' +
  semantic-release:github     '\n' +
  semantic-release:github     '\n' +
  semantic-release:github     '\n',
  semantic-release:github   prerelease: false
  semantic-release:github } +0ms
[12:28:20 PM] [semantic-release] [@semantic-release/github] › ℹ  Published GitHub release: https://github.com/gr2m/yarn-audit-fix/releases/tag/v2.0.7
[12:28:20 PM] [semantic-release] › ✔  Completed step "publish" of plugin "@semantic-release/github"
[12:28:20 PM] [semantic-release] › ℹ  Start step "publish" of plugin "@qiwi/semantic-release-gh-pages-plugin"
  semantic-release:gh-pages getRepoUrl: +17s
  semantic-release:gh-pages urlFromEnv= undefined +0ms
  semantic-release:gh-pages urlFromStepOpts= https://github.com/gr2m/yarn-audit-fix.git +0ms
  semantic-release:gh-pages urlFromOpts= https://github.com/gr2m/yarn-audit-fix.git +0ms
  semantic-release:gh-pages urlFromPackage= git+https://github.com/gr2m/yarn-audit-fix.git +0ms
  semantic-release:gh-pages resolveConfig args: +1ms
  semantic-release:gh-pages pluginConfig= {"branches":["+([0-9])?(.{+([0-9]),x}).x","master","next","next-major",{"name":"beta","prerelease":true},{"name":"alpha","prerelease":true}],"repositoryUrl":"https://github.com/gr2m/yarn-audit-fix.git","tagFormat":"v${version}","branch":"master","_":[],"debug":true,"$0":"node_modules/.bin/semantic-release"} +0ms
  semantic-release:gh-pages path= @qiwi/semantic-release-gh-pages-plugin +0ms
  semantic-release:gh-pages step= publish +0ms
  semantic-release:gh-pages pullTagsBranch= master +0ms
[12:28:20 PM] [semantic-release] [@qiwi/semantic-release-gh-pages-plugin] › ℹ  Publishing docs via gh-pages
[12:28:20 PM] [semantic-release] [@qiwi/semantic-release-gh-pages-plugin] › ✖  Publish docs failure Error: The pattern in the "src" property didn't match any files.
    at Object.publish (/private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/node_modules/gh-pages/lib/index.js:98:7)
    at /private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/node_modules/@qiwi/semantic-release-gh-pages-plugin/target/es5/ghpages.js:46:16
    at new Promise (<anonymous>)
    at Object.exports.pushPages (/private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/node_modules/@qiwi/semantic-release-gh-pages-plugin/target/es5/ghpages.js:38:46)
    at /private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/node_modules/@qiwi/semantic-release-gh-pages-plugin/target/es5/ghpages.js:62:44
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
[12:28:20 PM] [semantic-release] › ✖  Failed step "publish" of plugin "@qiwi/semantic-release-gh-pages-plugin"
[12:28:20 PM] [semantic-release] › ✖  An error occurred while running semantic-release: Error: The pattern in the "src" property didn't match any files.
    at Object.publish (/private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/node_modules/gh-pages/lib/index.js:98:7)
    at /private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/node_modules/@qiwi/semantic-release-gh-pages-plugin/target/es5/ghpages.js:46:16
    at new Promise (<anonymous>)
    at Object.exports.pushPages (/private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/node_modules/@qiwi/semantic-release-gh-pages-plugin/target/es5/ghpages.js:38:46)
    at /private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/node_modules/@qiwi/semantic-release-gh-pages-plugin/target/es5/ghpages.js:62:44
    at processTicksAndRejections (internal/process/task_queues.js:93:5) {
  pluginName: '@qiwi/semantic-release-gh-pages-plugin'
}
Error: The pattern in the "src" property didn't match any files.
    at Object.publish (/private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/node_modules/gh-pages/lib/index.js:98:7)
    at /private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/node_modules/@qiwi/semantic-release-gh-pages-plugin/target/es5/ghpages.js:46:16
    at new Promise (<anonymous>)
    at Object.exports.pushPages (/private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/node_modules/@qiwi/semantic-release-gh-pages-plugin/target/es5/ghpages.js:38:46)
    at /private/var/folders/hs/x9qtfmvn1lz1sgml9q21h7k80000gn/T/tmp.inlcEANK/node_modules/@qiwi/semantic-release-gh-pages-plugin/target/es5/ghpages.js:62:44
    at processTicksAndRejections (internal/process/task_queues.js:93:5) {
  pluginName: '@qiwi/semantic-release-gh-pages-plugin'
}%           

The npm resolution should use it's own dependency if there is a version conflict, I have no idea what is going on here for you, but I think it's a bug with yarn. Can you check in with them?

[antongolub]

I've also tried to run release through npx.

For example, commit antongolub/yarn-audit-fix@e450f9e
Build: https://travis-ci.com/github/antongolub/yarn-audit-fix/jobs/376489075. Same result.

[gr2m]

Try to setup your repository from scratch. Don't use yarn, use npm to install dependencies. Then run npx semantic-release as I did above. It's the install that is the problem, not the run of semantic-release

[antongolub]

Perhaps this is due to the work of Travis CI environment.
If yarn.lock present, then npm is detected as 7.0.0-beta.6 before any yarn & yarn build invocations.

$ node --version
v12.18.3
$ npm --version
7.0.0-beta.6
$ nvm --version
0.35.3
$ yarn --version
1.22.4
install.1
0.21s$ yarn cache clean
install.2
0.89s$ yarn
before_script.1
0.47s$ if [ "$TRAVIS_OS_NAME" = "linux" ]; then curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter ; fi
before_script.2
0.00s$ if [ "$TRAVIS_OS_NAME" = "linux" ]; then chmod +x ./cc-test-reporter ; fi
before_script.3
0.01s$ if [ "$TRAVIS_OS_NAME" = "linux" ]; then ./cc-test-reporter before-build ; fi
25.24s$ yarn build
yarn run v1.22.4

if not, npm version is 6.14.6.

$ node --version
v12.18.3
$ npm --version
6.14.6
$ nvm --version
0.35.3
install
20.74s$ npm install
before_script.1
0.47s$ if [ "$TRAVIS_OS_NAME" = "linux" ]; then curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter ; fi
before_script.2
0.00s$ if [ "$TRAVIS_OS_NAME" = "linux" ]; then chmod +x ./cc-test-reporter ; fi
before_script.3
0.01s$ if [ "$TRAVIS_OS_NAME" = "linux" ]; then ./cc-test-reporter before-build ; fi
26.05s$ npm run build

[antongolub]

@gr2m

Thanks for the help. I'm closing this for now.

[antongolub]

1. Still curious, what happens if you install npm @ v7 globally and remove the project dependency? I will check it.
2. It is necessary to understand why the 403 error did not break the release as we can see from the logs.