Open renovate[bot] opened 2 years ago
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
npm warn cli npm v10.7.0 does not support Node.js v16.20.2. This version of npm supports the following node versions: `^18.17.0 || >=20.5.0`. You can find the latest version at https://nodejs.org/.
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: eslint-plugin-vue-i18n@0.3.0
npm error Found: eslint@8.45.0
npm error node_modules/eslint
npm error dev eslint@"8.45.0" from the root project
npm error peer eslint@"^6.0.0 || ^7.0.0 || >=8.0.0" from @eslint-community/eslint-utils@4.4.0
npm error node_modules/@eslint-community/eslint-utils
npm error @eslint-community/eslint-utils@"^4.2.0" from @typescript-eslint/utils@5.57.0
npm error node_modules/@typescript-eslint/utils
npm error @typescript-eslint/utils@"5.57.0" from @typescript-eslint/eslint-plugin@5.57.0
npm error node_modules/@typescript-eslint/eslint-plugin
npm error dev @typescript-eslint/eslint-plugin@"5.57.0" from the root project
npm error 1 more (@typescript-eslint/type-utils)
npm error @eslint-community/eslint-utils@"^4.2.0" from eslint@8.45.0
npm error 1 more (eslint-plugin-vue)
npm error 16 more (@typescript-eslint/eslint-plugin, ...)
npm error
npm error Could not resolve dependency:
npm error peer eslint@"^5.0.0 || ^6.0.0" from eslint-plugin-vue-i18n@0.3.0
npm error node_modules/eslint-plugin-vue-i18n
npm error dev eslint-plugin-vue-i18n@"0.3.0" from the root project
npm error
npm error Conflicting peer dependency: eslint@6.8.0
npm error node_modules/eslint
npm error peer eslint@"^5.0.0 || ^6.0.0" from eslint-plugin-vue-i18n@0.3.0
npm error node_modules/eslint-plugin-vue-i18n
npm error dev eslint-plugin-vue-i18n@"0.3.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /tmp/renovate/cache/others/npm/_logs/2024-05-06T20_11_14_500Z-eresolve-report.txt
npm error A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2024-05-06T20_11_14_500Z-debug-0.log
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
npm warn cli npm v10.9.1 does not support Node.js v16.20.2. This version of npm supports the following node versions: `^18.17.0 || >=20.5.0`. You can find the latest version at https://nodejs.org/.
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: eslint-plugin-vue-i18n@0.3.0
npm error Found: eslint@8.45.0
npm error node_modules/eslint
npm error dev eslint@"8.45.0" from the root project
npm error peer eslint@"^6.0.0 || ^7.0.0 || >=8.0.0" from @eslint-community/eslint-utils@4.4.0
npm error node_modules/@eslint-community/eslint-utils
npm error @eslint-community/eslint-utils@"^4.2.0" from @typescript-eslint/utils@5.57.0
npm error node_modules/@typescript-eslint/utils
npm error @typescript-eslint/utils@"5.57.0" from @typescript-eslint/eslint-plugin@5.57.0
npm error node_modules/@typescript-eslint/eslint-plugin
npm error dev @typescript-eslint/eslint-plugin@"5.57.0" from the root project
npm error 1 more (@typescript-eslint/type-utils)
npm error @eslint-community/eslint-utils@"^4.2.0" from eslint@8.45.0
npm error 1 more (eslint-plugin-vue)
npm error 16 more (@typescript-eslint/eslint-plugin, ...)
npm error
npm error Could not resolve dependency:
npm error peer eslint@"^5.0.0 || ^6.0.0" from eslint-plugin-vue-i18n@0.3.0
npm error node_modules/eslint-plugin-vue-i18n
npm error dev eslint-plugin-vue-i18n@"0.3.0" from the root project
npm error
npm error Conflicting peer dependency: eslint@6.8.0
npm error node_modules/eslint
npm error peer eslint@"^5.0.0 || ^6.0.0" from eslint-plugin-vue-i18n@0.3.0
npm error node_modules/eslint-plugin-vue-i18n
npm error dev eslint-plugin-vue-i18n@"0.3.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /tmp/renovate/cache/others/npm/_logs/2024-11-28T07_26_49_415Z-eresolve-report.txt
npm error A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2024-11-28T07_26_49_415Z-debug-0.log
This PR contains the following updates:
16.15.0
->16.20.2
16.11.36
->16.18.121
Release Notes
nodejs/node (node)
### [`v16.20.2`](https://redirect.github.com/nodejs/node/releases/tag/v16.20.2): 2023-08-09, Version 16.20.2 'Gallium' (LTS), @RafaelGSS [Compare Source](https://redirect.github.com/nodejs/node/compare/v16.20.1...v16.20.2) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - [CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002): Policies can be bypassed via Module.\_load (High) - [CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006): Policies can be bypassed by module.constructor.createRequire (Medium) - [CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559): Policies can be bypassed via process.binding (Medium) - OpenSSL Security Releases - [OpenSSL security advisory 14th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html). - [OpenSSL security advisory 19th July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html). - [OpenSSL security advisory 31st July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html) More detailed information on each of the vulnerabilities can be found in [August 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/) blog post. ##### Commits - \[[`40c3958a5a`](https://redirect.github.com/nodejs/node/commit/40c3958a5a)] - **deps**: update archs files for OpenSSL-1.1.1v (RafaelGSS) [#49043](https://redirect.github.com/nodejs/node/pull/49043) - \[[`a9ac9da89a`](https://redirect.github.com/nodejs/node/commit/a9ac9da89a)] - **deps**: fix openssl crypto clean (RafaelGSS) [#49043](https://redirect.github.com/nodejs/node/pull/49043) - \[[`362d4c7494`](https://redirect.github.com/nodejs/node/commit/362d4c7494)] - **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1v (RafaelGSS) [#49043](https://redirect.github.com/nodejs/node/pull/49043) - \[[`d8ccfe9ad4`](https://redirect.github.com/nodejs/node/commit/d8ccfe9ad4)] - **policy**: handle Module.constructor and main.extensions bypass (RafaelGSS) [nodejs-private/node-private#445](https://redirect.github.com/nodejs-private/node-private/pull/445) - \[[`242aaa0caa`](https://redirect.github.com/nodejs/node/commit/242aaa0caa)] - **policy**: disable process.binding() when enabled (Tobias Nießen) [nodejs-private/node-private#459](https://redirect.github.com/nodejs-private/node-private/pull/459) ### [`v16.20.1`](https://redirect.github.com/nodejs/node/releases/tag/v16.20.1): 2023-06-20, Version 16.20.1 'Gallium' (LTS), @RafaelGSS [Compare Source](https://redirect.github.com/nodejs/node/compare/v16.20.0...v16.20.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High) - [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) - [CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588): Process interuption due to invalid Public Key information in x509 certificates (Medium) - [CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589): HTTP Request Smuggling via Empty headers separated by CR (Medium) - [CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590): DiffieHellman does not generate keys after setting a private key (Medium) - OpenSSL Security Releases - [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt). - [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt). - [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt) - c-ares vulnerabilities: - [GHSA-9g78-jv2r-p7vc](https://redirect.github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc) - [GHSA-8r8p-23f3-64c2](https://redirect.github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2) - [GHSA-54xr-f67r-4pc4](https://redirect.github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4) - [GHSA-x6mf-cxr9-8q6v](https://redirect.github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v) More detailed information on each of the vulnerabilities can be found in [June 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/) blog post. ##### Commits - \[[`5a92ea7a3b`](https://redirect.github.com/nodejs/node/commit/5a92ea7a3b)] - **crypto**: handle cert with invalid SPKI gracefully (Tobias Nießen) - \[[`5df04e893a`](https://redirect.github.com/nodejs/node/commit/5df04e893a)] - **deps**: set `CARES_RANDOM_FILE` for c-ares (Richard Lau) [#48156](https://redirect.github.com/nodejs/node/pull/48156) - \[[`c171cbd124`](https://redirect.github.com/nodejs/node/commit/c171cbd124)] - **deps**: update c-ares to 1.19.1 (RafaelGSS) [#48115](https://redirect.github.com/nodejs/node/pull/48115) - \[[`155d3aac02`](https://redirect.github.com/nodejs/node/commit/155d3aac02)] - **deps**: update archs files for OpenSSL-1.1.1u+quic (RafaelGSS) [#48369](https://redirect.github.com/nodejs/node/pull/48369) - \[[`8d4c8f8ebe`](https://redirect.github.com/nodejs/node/commit/8d4c8f8ebe)] - **deps**: upgrade openssl sources to OpenSSL\_1\_1\_1u (RafaelGSS) [#48369](https://redirect.github.com/nodejs/node/pull/48369) - \[[`1a5c9284eb`](https://redirect.github.com/nodejs/node/commit/1a5c9284eb)] - **doc,test**: clarify behavior of DH generateKeys (Tobias Nießen) [nodejs-private/node-private#426](https://redirect.github.com/nodejs-private/node-private/pull/426) - \[[`e42ff4b018`](https://redirect.github.com/nodejs/node/commit/e42ff4b018)] - **http**: disable request smuggling via empty headers (Paolo Insogna) [nodejs-private/node-private#429](https://redirect.github.com/nodejs-private/node-private/pull/429) - \[[`10042683c8`](https://redirect.github.com/nodejs/node/commit/10042683c8)] - **msi**: do not create AppData\Roaming\npm (Tobias Nießen) [nodejs-private/node-private#408](https://redirect.github.com/nodejs-private/node-private/pull/408) - \[[`a6f4e87bc9`](https://redirect.github.com/nodejs/node/commit/a6f4e87bc9)] - **policy**: handle mainModule.\__proto\_\_ bypass (RafaelGSS) [nodejs-private/node-private#416](https://redirect.github.com/nodejs-private/node-private/pull/416) - \[[`b77000f4d7`](https://redirect.github.com/nodejs/node/commit/b77000f4d7)] - **test**: allow SIGBUS in signal-handler abort test (Michaël Zasso) [#47851](https://redirect.github.com/nodejs/node/pull/47851) ### [`v16.20.0`](https://redirect.github.com/nodejs/node/releases/tag/v16.20.0): 2023-03-29, Version 16.20.0 'Gallium' (LTS), @BethGriggs [Compare Source](https://redirect.github.com/nodejs/node/compare/v16.19.1...v16.20.0) ##### Notable Changes - **deps:** - update undici to 5.20.0 (Node.js GitHub Bot) [#46711](https://redirect.github.com/nodejs/node/pull/46711) - update c-ares to 1.19.0 (Michaël Zasso) [#46415](https://redirect.github.com/nodejs/node/pull/46415) - upgrade npm to 8.19.4 (npm team) [#46677](https://redirect.github.com/nodejs/node/pull/46677) - update corepack to 0.17.0 (Node.js GitHub Bot) [#46842](https://redirect.github.com/nodejs/node/pull/46842) - **(SEMVER-MINOR)** **src**: add support for externally shared js builtins (Michael Dawson) [#44376](https://redirect.github.com/nodejs/node/pull/44376) ##### Commits - \[[`de6dd67790`](https://redirect.github.com/nodejs/node/commit/de6dd67790)] - **crypto**: avoid hang when no algorithm available (Richard Lau) [#46237](https://redirect.github.com/nodejs/node/pull/46237) - \[[`4617512788`](https://redirect.github.com/nodejs/node/commit/4617512788)] - **crypto**: ensure auth tag set for chacha20-poly1305 (Ben Noordhuis) [#46185](https://redirect.github.com/nodejs/node/pull/46185) - \[[`24972164fc`](https://redirect.github.com/nodejs/node/commit/24972164fc)] - **deps**: update undici to 5.20.0 (Node.js GitHub Bot) [#46711](https://redirect.github.com/nodejs/node/pull/46711) - \[[`85f88c6a8d`](https://redirect.github.com/nodejs/node/commit/85f88c6a8d)] - **deps**: V8: cherry-pick [`90be99f`](https://redirect.github.com/nodejs/node/commit/90be99fab31c) (Michaël Zasso) [#46646](https://redirect.github.com/nodejs/node/pull/46646) - \[[`b4ebe6d47b`](https://redirect.github.com/nodejs/node/commit/b4ebe6d47b)] - **deps**: update c-ares to 1.19.0 (Michaël Zasso) [#46415](https://redirect.github.com/nodejs/node/pull/46415) - \[[`56cbc7fdda`](https://redirect.github.com/nodejs/node/commit/56cbc7fdda)] - **deps**: V8: cherry-pick [`c2792e5`](https://redirect.github.com/nodejs/node/commit/c2792e58035f) (Jiawen Geng) [#44961](https://redirect.github.com/nodejs/node/pull/44961) - \[[`7af9bdb31e`](https://redirect.github.com/nodejs/node/commit/7af9bdb31e)] - **deps**: upgrade npm to 8.19.4 (npm team) [#46677](https://redirect.github.com/nodejs/node/pull/46677) - \[[`962a7471b5`](https://redirect.github.com/nodejs/node/commit/962a7471b5)] - **deps**: update corepack to 0.17.0 (Node.js GitHub Bot) [#46842](https://redirect.github.com/nodejs/node/pull/46842) - \[[`748bc96e35`](https://redirect.github.com/nodejs/node/commit/748bc96e35)] - **deps**: update corepack to 0.16.0 (Node.js GitHub Bot) [#46710](https://redirect.github.com/nodejs/node/pull/46710) - \[[`a467782499`](https://redirect.github.com/nodejs/node/commit/a467782499)] - **deps**: update corepack to 0.15.3 (Node.js GitHub Bot) [#46037](https://redirect.github.com/nodejs/node/pull/46037) - \[[`1913b6763d`](https://redirect.github.com/nodejs/node/commit/1913b6763d)] - **deps**: update corepack to 0.15.2 (Node.js GitHub Bot) [#45635](https://redirect.github.com/nodejs/node/pull/45635) - \[[`809371a15f`](https://redirect.github.com/nodejs/node/commit/809371a15f)] - **module**: require.resolve.paths returns null with node schema (MURAKAMI Masahiko) [#45147](https://redirect.github.com/nodejs/node/pull/45147) - \[[`086bb2f8d4`](https://redirect.github.com/nodejs/node/commit/086bb2f8d4)] - ***Revert*** "**src**: let http2 streams end after session close" (Rich Trott) [#46721](https://redirect.github.com/nodejs/node/pull/46721) - \[[`6a01d39120`](https://redirect.github.com/nodejs/node/commit/6a01d39120)] - **(SEMVER-MINOR)** **src**: add support for externally shared js builtins (Michael Dawson) [#44376](https://redirect.github.com/nodejs/node/pull/44376) - \[[`d081032a60`](https://redirect.github.com/nodejs/node/commit/d081032a60)] - **test**: fix test-net-connect-reset-until-connected (Vita Batrla) [#46781](https://redirect.github.com/nodejs/node/pull/46781) - \[[`efe1be47ec`](https://redirect.github.com/nodejs/node/commit/efe1be47ec)] - **test**: skip test depending on `overlapped-checker` when not available (Antoine du Hamel) [#45015](https://redirect.github.com/nodejs/node/pull/45015) - \[[`fc47d58abe`](https://redirect.github.com/nodejs/node/commit/fc47d58abe)] - **test**: remove cjs loader from stack traces (Geoffrey Booth) [#44197](https://redirect.github.com/nodejs/node/pull/44197) - \[[`cf76d0790d`](https://redirect.github.com/nodejs/node/commit/cf76d0790d)] - **test**: fix WPT title when no META title is present (Filip Skokan) [#46804](https://redirect.github.com/nodejs/node/pull/46804) - \[[`0d1485b924`](https://redirect.github.com/nodejs/node/commit/0d1485b924)] - **test**: fix default WPT titles (Filip Skokan) [#46778](https://redirect.github.com/nodejs/node/pull/46778) - \[[`088e9cde3d`](https://redirect.github.com/nodejs/node/commit/088e9cde3d)] - **test**: add WPTRunner support for variants and generating WPT reports (Filip Skokan) [#46498](https://redirect.github.com/nodejs/node/pull/46498) - \[[`908c4dff44`](https://redirect.github.com/nodejs/node/commit/908c4dff44)] - **test**: mark test-crypto-key-objects flaky on Linux (Richard Lau) [#46684](https://redirect.github.com/nodejs/node/pull/46684) - \[[`768e56227e`](https://redirect.github.com/nodejs/node/commit/768e56227e)] - **tools**: make `utils.SearchFiles` deterministic (Bruno Pitrus) [#44496](https://redirect.github.com/nodejs/node/pull/44496) ### [`v16.19.1`](https://redirect.github.com/nodejs/node/releases/tag/v16.19.1): 2023-02-16, Version 16.19.1 'Gallium' (LTS), @richardlau [Compare Source](https://redirect.github.com/nodejs/node/compare/v16.19.0...v16.19.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - **[CVE-2023-23918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918)**: Node.js Permissions policies can be bypassed via process.mainModule (High) - **[CVE-2023-23919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23919)**: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) - **[CVE-2023-23920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920)**: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low) Fixed by an update to undici: - **[CVE-2023-23936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23936)**: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) - SeeConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.