renovate[bot]
commented
4 years ago Branch automerge failure
This PR was configured for branch automerge, however this is not possible so it has been raised as a PR instead.
Closed renovate[bot] closed 4 years ago
renovate[bot]
commented
4 years ago This PR was configured for branch automerge, however this is not possible so it has been raised as a PR instead.
renovate[bot]
commented
4 years ago Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
:recycle: Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
This PR contains the following updates:
6.14.2->6.14.6GitHub Vulnerability Alerts
CVE-2020-15095
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like
<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>. The password value is not redacted and is printed to stdout and also to any generated log files.Release Notes
npm/cli
### [`v6.14.6`](https://togithub.com/npm/cli/blob/master/CHANGELOG.md#6146-2020-07-07) [Compare Source](https://togithub.com/npm/cli/compare/v6.14.5...v6.14.6) ##### BUG FIXES - [`a9857b8f6`](https://togithub.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc) chore: remove auth info from logs ([@claudiahdz](https://togithub.com/claudiahdz)) - [`b7ad77598`](https://togithub.com/npm/cli/commit/b7ad77598112908d60195d0fbc472b3c84275fd5) [#1416](https://togithub.com/npm/cli/pull/1416) fix: wrong `npm doctor` command result ([@vanishcode](https://togithub.com/vanishcode)) ##### DEPENDENCIES - [`94eca6377`](https://togithub.com/npm/cli/commit/94eca637756376b949edfb697e179a1fdcc231ee) `npm-registry-fetch@4.0.5` ([@claudiahdz](https://togithub.com/claudiahdz)) - [`c49b6ae28`](https://togithub.com/npm/cli/commit/c49b6ae28791ff7184288be16654f97168aa9705) [#1418](https://togithub.com/npm/cli/pull/1418) `spdx-license-ids@3.0.5` ([@kemitchell](https://togithub.com/kemitchell)) ##### DOCUMENTATION - [`2e052984b`](https://togithub.com/npm/cli/commit/2e052984b08c09115ed75387fb2c961631d85d77) [#1459](https://togithub.com/npm/cli/pull/1459) chore(docs): fixed links to cli commands ([@claudiahdz](https://togithub.com/claudiahdz)) - [`0ca3509ca`](https://togithub.com/npm/cli/commit/0ca3509ca940865392daeeabb39192f7d5af9f5e) [#1283](https://togithub.com/npm/cli/pull/1283) Update npm-link.md ([@peterfich](https://togithub.com/peterfich)) - [`3dd429e9a`](https://togithub.com/npm/cli/commit/3dd429e9aad760ce2ff9e522b34ebfebd85b460c) [#1377](https://togithub.com/npm/cli/pull/1377) Add note about dropped `*` filenames ([@maxwellgerber](https://togithub.com/maxwellgerber)) - [`9a2e2e797`](https://togithub.com/npm/cli/commit/9a2e2e797e5c91e7f4f261583a1906e2c440cc2f) [#1429](https://togithub.com/npm/cli/pull/1429) Fix typo ([@seanpoulter](https://togithub.com/seanpoulter)) ### [`v6.14.5`](https://togithub.com/npm/cli/blob/master/CHANGELOG.md#6145-2020-05-01) [Compare Source](https://togithub.com/npm/cli/compare/v6.14.4...v6.14.5) ##### BUG FIXES - [`33ec41f18`](https://togithub.com/npm/cli/commit/33ec41f18f557146607cb14a7a38c707fce6d42c) [#758](https://togithub.com/npm/cli/pull/758) fix: relativize file links when inflating shrinkwrap ([@jsnajdr](https://togithub.com/jsnajdr)) - [`94ed456df`](https://togithub.com/npm/cli/commit/94ed456dfb0b122fd4192429024f034d06c3c454) [#1162](https://togithub.com/npm/cli/pull/1162) fix: npm init help output ([@mum-never-proud](https://togithub.com/mum-never-proud)) ##### DEPENDENCIES - [`5587ac01f`](https://togithub.com/npm/cli/commit/5587ac01ffd0d2ea830a6bbb67bb34a611ffc409) `npm-registry-fetch@4.0.4` - [`fc5d94c39`](https://togithub.com/npm/npm-registry-fetch/commit/fc5d94c39ca218d78df77249ab3a6bf1d9ed9db1) fix: removed default timeout - [`07a4d8884`](https://togithub.com/npm/cli/commit/07a4d8884448359bac485a49c05fd2d23d06834b) `graceful-fs@4.2.4` - [`8228d1f2e`](https://togithub.com/npm/cli/commit/8228d1f2e427ad9adee617266108acd1ee39b4a5) `mkdirp@0.5.5` - [`e6d208317`](https://togithub.com/npm/cli/commit/e6d20831740a84aea766da2a2913cf82a4d56ada) `nopt@4.0.3` ### [`v6.14.4`](https://togithub.com/npm/cli/blob/master/CHANGELOG.md#6144-2020-03-24) [Compare Source](https://togithub.com/npm/cli/compare/v6.14.3...v6.14.4) ##### DEPENDENCIES - Bump `minimist@1.2.5` transitive dep to resolve security issue - [`9c554fd8c`](https://togithub.com/npm/cli/commit/9c554fd8cd1e9aeb8eb122ccfa3c78d12af4097a) `update-notifier@2.5.0` - bump `deep-extend@1.2.5` - bump `deep-extend@0.6.0` - bump `is-ci@1.2.1` - bump `is-retry-allowed@1.2.0` - bump `rc@1.2.8` - bump `registry-auth-token@3.4.0` - bump `widest-line@2.0.1` - [`136832dca`](https://togithub.com/npm/cli/commit/136832dcae13cb5518b1fe17bd63ea9b2a195f92) `mkdirp@0.5.4` - [`8bf99b2b5`](https://togithub.com/npm/cli/commit/8bf99b2b58c14d45dc6739fce77de051ebc8ffb7) [#1053](https://togithub.com/npm/cli/pull/1053) deps: updates term-size to use signed binary - [`d2f08a1bdb`](https://togithub.com/nodejs/node/commit/d2f08a1bdb78655c4a3fc49825986c148d14117e) ([@rvagg](https://togithub.com/rvagg)) ### [`v6.14.3`](https://togithub.com/npm/cli/blob/master/CHANGELOG.md#6143-2020-03-19) [Compare Source](https://togithub.com/npm/cli/compare/v6.14.2...v6.14.3) ##### DOCUMENTATION - [`4ad221487`](https://togithub.com/npm/cli/commit4ad2214873cddfd4a0eff1bd188516b08fae9f9e) [#1020](https://togithub.com/npm/cli/pull/1020) docs(teams): updated team docs to reflect MFA workflow ([@blkdm0n](https://togithub.com/blkdm0n)) - [`4a31a4ba2`](https://togithub.com/npm/cli/commit/4a31a4ba2db0a5db2d1d0890ee934ba1babb73a6) [#1034](https://togithub.com/npm/cli/pull/1034) docs: cleanup ([@ruyadorno](https://togithub.com/ruyadorno)) - [`0eac801cd`](https://togithub.com/npm/cli/commit/0eac801cdef344e9fbda6270145e062211255b0e) [#1013](https://togithub.com/npm/cli/pull/1013) docs: fix links to cli commands ([@alenros](https://togithub.com/alenros)) - [`7d8e5b99c`](https://togithub.com/npm/cli/commit/7d8e5b99c4ef8c394cffa7fc845f54a25ff37e3a) [#755](https://togithub.com/npm/cli/pull/755) docs: correction to `npm update -g` behaviour ([@johnkennedy9147](https://togithub.com/johnkennedy9147)) ##### DEPENDENCIES - [`e11167646`](https://togithub.com/npm/cli/commit/e111676467f090f73802b97e8da7ece481b18f99) `mkdirp@0.5.3` - [`c5b97d17d`](https://togithub.com/isaacs/node-mkdirp/commit/c5b97d17d45a22bcf4c815645cbb989dab57ddd8) fix: bump `minimist` dep to resolve security issue ([@isaacs](https://togithub.com/isaacs)) - [`c50d679c6`](https://togithub.com/npm/cli/commit/c50d679c68b39dd03ad127d34f540ddcb1b1e804) `rimraf@2.7.1` - [`a2de99ff9`](https://togithub.com/npm/cli/commit/a2de99ff9e02425a3ccc25280f390178be755a36) `npm-registry-mock@1.3.1` - [`217debeb9`](https://togithub.com/npm/cli/commit/217debeb9812e037a6686cbf6ec67a0cd47fa68a) `npm-registry-couchapp@2.7.4`Renovate configuration
:date: Schedule: "" (UTC).
:vertical_traffic_light: Automerge: Disabled due to failing status checks.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.