chore(deps): update dependency y18n [security] by renovate[bot] · Pull Request #473 · telus/tds-community

renovate · 2021-03-30T13:54:53Z

This PR contains the following updates:

Package	Change
y18n	`3.2.1` -> `3.2.2`
y18n	`4.0.0` -> `4.0.1`

GitHub Vulnerability Alerts

CVE-2020-7774

Overview

The npm package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution.

POC

const y18n = require('y18n')();

y18n.setLocale('__proto__');
y18n.updateLocale({polluted: true});

console.log(polluted); // true

Recommendation

Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

TDS Bot (TDSBot) · 2021-04-15T19:13:13Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-04-16T18:22:15Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-04-16T19:23:50Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-05-27T00:08:52Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-06-04T23:39:50Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-06-09T02:04:35Z

Packages pending updates:

- @tds/community-optimize-image: 1.0.1 => 1.1.0

If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-06-10T19:45:30Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-06-22T18:24:31Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-06-28T19:01:08Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-06-29T21:36:38Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-07-13T22:22:06Z

Packages pending updates:

- @tds/community-mini-expand-collapse: 0.2.0 => 0.2.1

If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-07-15T00:16:46Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-07-20T17:44:00Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-07-21T17:59:24Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-09-21T23:45:47Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-10-14T00:06:59Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-10-19T09:09:48Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

TDS Bot (TDSBot) · 2021-10-22T01:53:20Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

renovate · 2022-03-08T01:35:53Z

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm WARN deprecated read-package-tree@5.3.1: The functionality that this package provided is now in @npmcli/arborist
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated mkdirp-promise@5.0.1: This package is broken and no longer maintained. 'mkdirp' itself supports promises now, please switch to that.
npm WARN @octokit/plugin-request-log@1.0.4 requires a peer of @octokit/core@>=3 but none is installed. You must install peer dependencies yourself.

lerna notice cli v3.22.1
lerna info versioning independent
lerna notice cli v3.22.1
lerna info versioning independent
lerna info Bootstrapping 25 packages
lerna info Installing external dependencies
lerna ERR! npm install --ignore-scripts --ignore-scripts --no-audit --package-lock-only exited 1 in '@tds/community-skeleton-provider'
lerna ERR! npm install --ignore-scripts --ignore-scripts --no-audit --package-lock-only stderr:
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @tds/community-skeleton-provider@2.3.1
npm ERR! Found: react@17.0.2
npm ERR! node_modules/react
npm ERR!   peer react@"^16.8.2 || ^17.0.0" from the root project
npm ERR!   peer react@"^16.8.2 || ^17.0.0" from @tds/core-heading@3.1.3
npm ERR!   node_modules/@tds/core-heading
npm ERR!     peer @tds/core-heading@"^2.2.5 || ^3.1.0" from the root project
npm ERR!   4 more (react-dom, styled-components, @tds/core-image, @tds/core-text)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! recompose@"^0.30.0" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: react@16.14.0
npm ERR! node_modules/react
npm ERR!   peer react@"^0.14.0 || ^15.0.0 || ^16.0.0" from recompose@0.30.0
npm ERR!   node_modules/recompose
npm ERR!     recompose@"^0.30.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate-cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2022-04-12T01_28_37_113Z-debug-0.log

lerna ERR! npm install --ignore-scripts --ignore-scripts --no-audit --package-lock-only exited 1 in '@tds/community-skeleton-provider'

TDS Bot (TDSBot) · 2022-03-08T01:38:45Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

github-actions · 2022-04-12T01:33:18Z

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

renovate bot added the dependencies label Mar 30, 2021

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch 2 times, most recently from 0022957 to b4c7167 Compare April 15, 2021 19:06

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from b4c7167 to a9a7f7a Compare April 16, 2021 18:19

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from a9a7f7a to f573041 Compare April 16, 2021 19:20

renovate bot changed the title ~~chore(deps): update dependency y18n to 4.0.1 [security]~~ chore(deps): update dependency y18n to 4.0.1 [security] - autoclosed May 26, 2021

renovate bot closed this May 26, 2021

renovate bot deleted the renovate/npm-y18n-vulnerability branch May 26, 2021 20:15

renovate bot changed the title ~~chore(deps): update dependency y18n to 4.0.1 [security] - autoclosed~~ chore(deps): update dependency y18n to 4.0.1 [security] May 27, 2021

renovate bot reopened this May 27, 2021

renovate bot restored the renovate/npm-y18n-vulnerability branch May 27, 2021 00:02

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from f573041 to 42a3e69 Compare May 27, 2021 00:06

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from 42a3e69 to 7db275c Compare June 4, 2021 23:37

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from 7db275c to a42abef Compare June 9, 2021 02:02

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from a42abef to 2a9c7af Compare June 10, 2021 19:43

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from 2a9c7af to c2e5c66 Compare June 22, 2021 18:21

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from c2e5c66 to aaa95d7 Compare June 28, 2021 18:58

Jordan Raffoul (jraff) force-pushed the master branch from ba19936 to 6ccecf3 Compare June 29, 2021 17:01

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from aaa95d7 to 18bbec4 Compare June 29, 2021 21:34

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from 18bbec4 to dbd04a9 Compare June 30, 2021 20:18

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from dbd04a9 to 2bb170e Compare July 13, 2021 22:19

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from 2bb170e to 501d1f6 Compare July 15, 2021 00:13

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from 501d1f6 to fea020c Compare July 20, 2021 17:41

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from fea020c to 9694872 Compare July 21, 2021 17:56

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from 9694872 to d039bab Compare September 10, 2021 00:11

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from d039bab to d530017 Compare September 21, 2021 23:43

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from d530017 to 4f6cd6a Compare October 14, 2021 00:04

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from 4f6cd6a to 842c65b Compare October 19, 2021 09:07

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from 842c65b to 0800cfd Compare October 22, 2021 01:50

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from 0800cfd to c91f748 Compare March 8, 2022 01:35

renovate bot changed the title ~~chore(deps): update dependency y18n to 4.0.1 [security]~~ chore(deps): update dependency y18n [security] Mar 8, 2022

renovate bot changed the title ~~chore(deps): update dependency y18n [security]~~ chore(deps): update dependency y18n [security] - autoclosed Mar 12, 2022

renovate bot closed this Mar 12, 2022

renovate bot deleted the renovate/npm-y18n-vulnerability branch March 12, 2022 00:43

renovate bot changed the title ~~chore(deps): update dependency y18n [security] - autoclosed~~ chore(deps): update dependency y18n [security] Mar 16, 2022

renovate bot reopened this Mar 16, 2022

renovate bot restored the renovate/npm-y18n-vulnerability branch March 16, 2022 02:30

chore(deps): update dependency y18n [security]

263588c

renovate bot force-pushed the renovate/npm-y18n-vulnerability branch from c91f748 to 263588c Compare April 12, 2022 01:28

Conversation

renovate bot commented Mar 30, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

CVE-2020-7774

Overview

POC

Recommendation

Configuration

Uh oh!

TDS Bot (TDSBot) commented Apr 15, 2021

Uh oh!

TDS Bot (TDSBot) commented Apr 16, 2021

Uh oh!

TDS Bot (TDSBot) commented Apr 16, 2021

Uh oh!

TDS Bot (TDSBot) commented May 27, 2021

Uh oh!

TDS Bot (TDSBot) commented Jun 4, 2021

Uh oh!

TDS Bot (TDSBot) commented Jun 9, 2021

Uh oh!

TDS Bot (TDSBot) commented Jun 10, 2021

Uh oh!

TDS Bot (TDSBot) commented Jun 22, 2021

Uh oh!

TDS Bot (TDSBot) commented Jun 28, 2021

Uh oh!

TDS Bot (TDSBot) commented Jun 29, 2021

Uh oh!

TDS Bot (TDSBot) commented Jul 13, 2021

Uh oh!

TDS Bot (TDSBot) commented Jul 15, 2021

Uh oh!

TDS Bot (TDSBot) commented Jul 20, 2021

Uh oh!

TDS Bot (TDSBot) commented Jul 21, 2021

Uh oh!

TDS Bot (TDSBot) commented Sep 21, 2021

Uh oh!

TDS Bot (TDSBot) commented Oct 14, 2021

Uh oh!

TDS Bot (TDSBot) commented Oct 19, 2021

Uh oh!

TDS Bot (TDSBot) commented Oct 22, 2021

Uh oh!

renovate bot commented Mar 8, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠ Artifact update problem

File name: package-lock.json

Uh oh!

TDS Bot (TDSBot) commented Mar 8, 2022

Uh oh!

github-actions bot commented Apr 12, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

renovate bot commented Mar 30, 2021 •

edited

Loading

renovate bot commented Mar 8, 2022 •

edited

Loading