Closed renovate[bot] closed 1 year ago
Patch and project coverage have no change.
Comparison is base (
2ad2a34
) 99.42% compared to head (363a2cc
) 99.42%.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
error pulling image configuration: Get https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/69/69ca011a2f50799c003e669d5322bf67dc50b0b53f6a734da7b20854793efd13/data?verify=1655741347-2pGgQWOgHxYTXZttJ3Jso9B3XcM%3D: dial tcp: lookup production.cloudflare.docker.com: Temporary failure in name resolution
This PR contains the following updates:
8.9.0
->8.11.0
GitHub Vulnerability Alerts
CVE-2022-29244
Impact
npm pack
ignores root-level.gitignore
&.npmignore
file exclusion directives when run in a workspace or with a workspace flag (ie.--workspaces
,--workspace=<name>
). Anyone who has runnpm pack
ornpm publish
with workspaces, as of v7.9.0 & v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include.Patch
npm
(v8.11.0
or greater), run:npm i -g npm@latest
v16.15.1
,v17.19.1
&v18.3.0
include the patchedv8.11.0
version ofnpm
Steps to take to see if you're impacted
npm publish --dry-run
ornpm pack
with annpm
version>=7.9.0
&<8.11.0
inside the project's root directory using a workspace flag like:--workspaces
or--workspace=<name>
(ex.npm pack --workspace=foo
)tar -tvf <package-on-disk>
also works)npm deprecate <pkg>[@​<version>] <message>
) 3.3. Revoke or rotate any sensitive information (ex. passwords, tokens, secrets etc.) which might have been exposedReferences
npm-packlist
libnpmpack
libnpmpublish
Configuration
📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.