Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency dot-prop to 4.2.1 [security] #454

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency dot-prop to 4.2.1 [security] #454

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 4, 2021
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change
dot-prop 3.0.0 -> 4.2.1

GitHub Vulnerability Alerts

CVE-2020-8116

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the dependencies label Mar 4, 2021
@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch 3 times, most recently from f909194 to 4553e3a Compare March 23, 2021 16:44
@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from 4553e3a to 1d01983 Compare April 15, 2021 17:22
@TDSBot
Copy link

TDSBot commented Apr 15, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from 1d01983 to dd12806 Compare April 15, 2021 18:23
@TDSBot
Copy link

TDSBot commented Apr 15, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from dd12806 to 45261b0 Compare April 16, 2021 17:38
@TDSBot
Copy link

TDSBot commented Apr 16, 2021 

Packages pending updates:

- @tds/community-optimize-image: 1.0.0 => 1.0.1

If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from 45261b0 to adf4ac5 Compare April 16, 2021 18:38
@TDSBot
Copy link

TDSBot commented Apr 16, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot changed the title chore(deps): update dependency dot-prop to 4.2.1 [security] chore(deps): update dependency dot-prop to 4.2.1 [security] - autoclosed May 26, 2021
@renovate renovate bot closed this May 26, 2021
@renovate renovate bot deleted the renovate/npm-dot-prop-vulnerability branch May 26, 2021 20:15
@renovate renovate bot changed the title chore(deps): update dependency dot-prop to 4.2.1 [security] - autoclosed chore(deps): update dependency dot-prop to 4.2.1 [security] May 26, 2021
@renovate renovate bot reopened this May 26, 2021
@renovate renovate bot restored the renovate/npm-dot-prop-vulnerability branch May 26, 2021 22:34
@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from adf4ac5 to e9344c7 Compare May 26, 2021 22:38
@TDSBot
Copy link

TDSBot commented May 26, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from e9344c7 to b9f6aae Compare June 4, 2021 19:41
@TDSBot
Copy link

TDSBot commented Jun 4, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from b9f6aae to 5cb0cf0 Compare June 4, 2021 21:30
@TDSBot
Copy link

TDSBot commented Jun 4, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from 5cb0cf0 to dd3f965 Compare June 8, 2021 23:27
@TDSBot
Copy link

TDSBot commented Jun 8, 2021 

Packages pending updates:

- @tds/community-optimize-image: 1.0.1 => 1.1.0

If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from dd3f965 to 942ef18 Compare June 10, 2021 17:10
@TDSBot
Copy link

TDSBot commented Jun 10, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from 942ef18 to 207f4fb Compare June 22, 2021 15:32
@TDSBot
Copy link

TDSBot commented Jun 22, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@TDSBot
Copy link

TDSBot commented Jul 20, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from e887b00 to 9fe176c Compare July 21, 2021 15:29
@TDSBot
Copy link

TDSBot commented Jul 21, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from 9fe176c to 177b3d9 Compare July 21, 2021 16:29
@TDSBot
Copy link

TDSBot commented Jul 21, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from 177b3d9 to 0810ef7 Compare September 9, 2021 19:36
@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from 0810ef7 to a6cf1bf Compare September 21, 2021 18:52
@TDSBot
Copy link

TDSBot commented Sep 21, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from a6cf1bf to 9e497d5 Compare September 21, 2021 19:52
@TDSBot
Copy link

TDSBot commented Sep 21, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from 9e497d5 to e494b1a Compare October 13, 2021 20:49
@TDSBot
Copy link

TDSBot commented Oct 13, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from e494b1a to 24b592e Compare October 19, 2021 00:41
@TDSBot
Copy link

TDSBot commented Oct 19, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from 24b592e to 7029400 Compare October 21, 2021 21:38
@TDSBot
Copy link

TDSBot commented Oct 21, 2021 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from 7029400 to bcaccba Compare March 7, 2022 08:16
@renovate
Copy link
Contributor Author

renovate bot commented Mar 7, 2022
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
lerna notice cli v3.22.1
lerna info versioning independent
lerna notice cli v3.22.1
lerna info versioning independent
lerna info Bootstrapping 25 packages
lerna info Installing external dependencies
lerna ERR! npm install --ignore-scripts --ignore-scripts --no-audit --package-lock-only exited 1 in '@tds/community-skeleton-provider'
lerna ERR! npm install --ignore-scripts --ignore-scripts --no-audit --package-lock-only stderr:
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @tds/[email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/react
npm ERR!   peer react@"^16.8.2 || ^17.0.0" from the root project
npm ERR!   peer react@"^16.8.2 || ^17.0.0" from @tds/[email protected]
npm ERR!   node_modules/@tds/core-heading
npm ERR!     peer @tds/core-heading@"^2.2.5 || ^3.1.0" from the root project
npm ERR!   4 more (react-dom, styled-components, @tds/core-image, @tds/core-text)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! recompose@"^0.30.0" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/react
npm ERR!   peer react@"^0.14.0 || ^15.0.0 || ^16.0.0" from [email protected]
npm ERR!   node_modules/recompose
npm ERR!     recompose@"^0.30.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate-cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2022-09-25T22_33_56_149Z-debug-0.log

lerna ERR! npm install --ignore-scripts --ignore-scripts --no-audit --package-lock-only exited 1 in '@tds/community-skeleton-provider'

@TDSBot
Copy link

TDSBot commented Mar 7, 2022 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot changed the title chore(deps): update dependency dot-prop to 4.2.1 [security] chore(deps): update dependency dot-prop to 4.2.1 [security] - autoclosed Mar 12, 2022
@renovate renovate bot closed this Mar 12, 2022
@renovate renovate bot deleted the renovate/npm-dot-prop-vulnerability branch March 12, 2022 00:42
@renovate renovate bot changed the title chore(deps): update dependency dot-prop to 4.2.1 [security] - autoclosed chore(deps): update dependency dot-prop to 4.2.1 [security] Mar 15, 2022
@renovate renovate bot reopened this Mar 15, 2022
@renovate renovate bot restored the renovate/npm-dot-prop-vulnerability branch March 15, 2022 18:42
@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from bcaccba to b705fb7 Compare April 11, 2022 17:23
@github-actions
Copy link 

Packages pending updates:


If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

@renovate renovate bot force-pushed the renovate/npm-dot-prop-vulnerability branch from b705fb7 to 8365d61 Compare September 25, 2022 22:34
@github-actions
Copy link 

Packages pending updates:

- @tds/community-date-picker: 1.1.0 => 1.1.1

If this is not what you expected, ensure that your commit messages follow the TDS commit types guide on this page: https://tds.telus.com/contributing/developer-guide.html and try again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@TDSBot