-
Notifications
You must be signed in to change notification settings - Fork 679
chore(deps): update dependency loader-utils [security] - autoclosed #266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
⚠ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: frontend/package-lock.json
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: frontend@4.0.0
npm WARN Found: @vue/cli-service@4.5.13
npm WARN node_modules/@vue/cli-service
npm WARN dev @vue/cli-service@"5.0.1" from the root project
npm WARN 7 more (@vue/cli-plugin-babel, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @vue/cli-service@"^3.0.0 || ^4.0.0-0" from @vue/cli-plugin-babel@4.5.13
npm WARN node_modules/@vue/cli-plugin-babel
npm WARN dev @vue/cli-plugin-babel@"4.5.13" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: frontend@4.0.0
npm WARN Found: @vue/cli-service@4.5.13
npm WARN node_modules/@vue/cli-service
npm WARN dev @vue/cli-service@"5.0.1" from the root project
npm WARN 7 more (@vue/cli-plugin-babel, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @vue/cli-service@"^3.0.0 || ^4.0.0-0" from @vue/cli-plugin-eslint@4.5.19
npm WARN node_modules/@vue/cli-plugin-eslint
npm WARN dev @vue/cli-plugin-eslint@"4.5.19" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: frontend@4.0.0
npm WARN Found: @vue/cli-service@4.5.13
npm WARN node_modules/@vue/cli-service
npm WARN dev @vue/cli-service@"5.0.1" from the root project
npm WARN 7 more (@vue/cli-plugin-babel, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @vue/cli-service@"^3.0.0 || ^4.0.0-0" from @vue/cli-plugin-router@4.5.13
npm WARN node_modules/@vue/cli-plugin-router
npm WARN dev @vue/cli-plugin-router@"4.5.13" from the root project
npm WARN 1 more (@vue/cli-service)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: frontend@4.0.0
npm WARN Found: @vue/cli-service@4.5.13
npm WARN node_modules/@vue/cli-service
npm WARN dev @vue/cli-service@"5.0.1" from the root project
npm WARN 7 more (@vue/cli-plugin-babel, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @vue/cli-service@"^3.0.0 || ^4.0.0-0" from @vue/cli-plugin-typescript@4.5.13
npm WARN node_modules/@vue/cli-plugin-typescript
npm WARN dev @vue/cli-plugin-typescript@"4.5.13" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: frontend@4.0.0
npm WARN Found: @vue/cli-service@4.5.13
npm WARN node_modules/@vue/cli-service
npm WARN dev @vue/cli-service@"5.0.1" from the root project
npm WARN 7 more (@vue/cli-plugin-babel, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @vue/cli-service@"^3.0.0 || ^4.0.0-0" from @vue/cli-plugin-vuex@4.5.13
npm WARN node_modules/@vue/cli-plugin-vuex
npm WARN dev @vue/cli-plugin-vuex@"4.5.13" from the root project
npm WARN 1 more (@vue/cli-service)
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: frontend@4.0.0
npm ERR! Found: @vue/cli-service@5.0.1
npm ERR! node_modules/@vue/cli-service
npm ERR! dev @vue/cli-service@"5.0.1" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer @vue/cli-service@"^3.0.0 || ^4.0.0-0" from @vue/cli-plugin-router@4.5.13
npm ERR! node_modules/@vue/cli-plugin-router
npm ERR! dev @vue/cli-plugin-router@"4.5.13" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /tmp/renovate-cache/others/npm/eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! /tmp/renovate-cache/others/npm/_logs/2022-11-09T13_50_33_408Z-debug-0.log
@renovate
renovate
bot
changed the title
(削除) Update dependency loader-utils to 2.0.3 [SECURITY] (削除ここまで)
(追記) Update dependency loader-utils to 2.0.3 [SECURITY] - autoclosed (追記ここまで)
Nov 7, 2022
@renovate
renovate
bot
deleted the
renovate/npm-loader-utils-vulnerability
branch
November 7, 2022 23:23
@renovate
renovate
bot
changed the title
(削除) Update dependency loader-utils to 2.0.3 [SECURITY] - autoclosed (削除ここまで)
(追記) Update dependency loader-utils to 2.0.3 [SECURITY] (追記ここまで)
Nov 8, 2022
@renovate
renovate
bot
restored the
renovate/npm-loader-utils-vulnerability
branch
November 8, 2022 05:19
@renovate
renovate
bot
force-pushed
the
renovate/npm-loader-utils-vulnerability
branch
from
November 8, 2022 09:04
3550e29 to
7b0e9eb
Compare
@renovate
renovate
bot
changed the title
(削除) Update dependency loader-utils to 2.0.3 [SECURITY] (削除ここまで)
(追記) Update dependency loader-utils [SECURITY] (追記ここまで)
Nov 8, 2022
@renovate
renovate
bot
changed the title
(削除) Update dependency loader-utils [SECURITY] (削除ここまで)
(追記) chore(deps): update dependency loader-utils [security] (追記ここまで)
Dec 17, 2022
@renovate
renovate
bot
changed the title
(削除) chore(deps): update dependency loader-utils [security] (削除ここまで)
(追記) chore(deps): update dependency loader-utils [security] - autoclosed (追記ここまで)
Mar 24, 2023
@renovate
renovate
bot
deleted the
renovate/npm-loader-utils-vulnerability
branch
March 24, 2023 22:25
@renovate
renovate
bot
changed the title
(削除) chore(deps): update dependency loader-utils [security] - autoclosed (削除ここまで)
(追記) chore(deps): update dependency loader-utils [security] (追記ここまで)
Mar 27, 2023
@renovate
renovate
bot
restored the
renovate/npm-loader-utils-vulnerability
branch
March 27, 2023 09:57
@renovate
renovate
bot
changed the title
(削除) chore(deps): update dependency loader-utils [security] (削除ここまで)
(追記) chore(deps): update dependency loader-utils [security] - autoclosed (追記ここまで)
Mar 27, 2023
@renovate
renovate
bot
deleted the
renovate/npm-loader-utils-vulnerability
branch
March 27, 2023 10:06
@renovate
renovate
bot
changed the title
(削除) chore(deps): update dependency loader-utils [security] - autoclosed (削除ここまで)
(追記) chore(deps): update dependency loader-utils [security] (追記ここまで)
Mar 27, 2023
@renovate
renovate
bot
restored the
renovate/npm-loader-utils-vulnerability
branch
March 27, 2023 14:43
@renovate
renovate
bot
changed the title
(削除) chore(deps): update dependency loader-utils [security] (削除ここまで)
(追記) chore(deps): update dependency loader-utils [security] - autoclosed (追記ここまで)
Mar 27, 2023
@renovate
renovate
bot
deleted the
renovate/npm-loader-utils-vulnerability
branch
March 27, 2023 16:40
@renovate
renovate
bot
changed the title
(削除) chore(deps): update dependency loader-utils [security] - autoclosed (削除ここまで)
(追記) chore(deps): update dependency loader-utils [security] (追記ここまで)
Mar 27, 2023
@renovate
renovate
bot
restored the
renovate/npm-loader-utils-vulnerability
branch
March 27, 2023 22:58
@renovate
renovate
bot
changed the title
(削除) chore(deps): update dependency loader-utils [security] (削除ここまで)
(追記) chore(deps): update dependency loader-utils [security] - autoclosed (追記ここまで)
Mar 28, 2023
@renovate
renovate
bot
deleted the
renovate/npm-loader-utils-vulnerability
branch
March 28, 2023 00:53
@renovate
renovate
bot
changed the title
(削除) chore(deps): update dependency loader-utils [security] - autoclosed (削除ここまで)
(追記) chore(deps): update dependency loader-utils [security] (追記ここまで)
Mar 28, 2023
@renovate
renovate
bot
restored the
renovate/npm-loader-utils-vulnerability
branch
March 28, 2023 04:45
@renovate
renovate
bot
changed the title
(削除) chore(deps): update dependency loader-utils [security] (削除ここまで)
(追記) chore(deps): update dependency loader-utils [security] - autoclosed (追記ここまで)
Mar 28, 2023
@renovate
renovate
bot
deleted the
renovate/npm-loader-utils-vulnerability
branch
March 28, 2023 06:23
@renovate
renovate
bot
changed the title
(削除) chore(deps): update dependency loader-utils [security] - autoclosed (削除ここまで)
(追記) chore(deps): update dependency loader-utils [security] (追記ここまで)
Mar 28, 2023
@renovate
renovate
bot
restored the
renovate/npm-loader-utils-vulnerability
branch
March 28, 2023 08:24
@renovate
renovate
bot
changed the title
(削除) chore(deps): update dependency loader-utils [security] (削除ここまで)
(追記) chore(deps): update dependency loader-utils [security] - autoclosed (追記ここまで)
Mar 28, 2023
@renovate
renovate
bot
deleted the
renovate/npm-loader-utils-vulnerability
branch
March 28, 2023 09:39
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
Mend Renovate
This PR contains the following updates:
2.0.0->2.0.41.4.0->1.4.2⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2022-37601
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.
CVE-2022-37599
A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.
CVE-2022-37603
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.