Thierry-Chain / Library-Management-App

Updated Library management system
https://smart-library-rw.herokuapp.com
2 stars 1 forks source link

Update dependency shell-quote to 1.7.3 [SECURITY] #45

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change
shell-quote 1.7.2 -> 1.7.3

GitHub Vulnerability Alerts

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 1 year ago

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

The artifact failure details are included below:

File name: package-lock.json
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@~2.3.2 (node_modules/tailwindcss/node_modules/chokidar/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN css-minimizer-webpack-plugin@3.4.1 requires a peer of webpack@^5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @pmmmwh/react-refresh-webpack-plugin@0.5.10 requires a peer of webpack@>=4.43.0 <6.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN source-map-loader@3.0.2 requires a peer of webpack@^5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN eslint-webpack-plugin@3.2.0 requires a peer of eslint@^7.0.0 || ^8.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN eslint-webpack-plugin@3.2.0 requires a peer of webpack@^5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN tailwindcss@3.2.6 requires a peer of postcss@^8.0.9 but none is installed. You must install peer dependencies yourself.
npm WARN update-browserslist-db@1.0.10 requires a peer of browserslist@>= 4.21.0 but none is installed. You must install peer dependencies yourself.
npm WARN cssnano-utils@3.1.0 requires a peer of postcss@^8.2.15 but none is installed. You must install peer dependencies yourself.
npm WARN postcss-js@4.0.1 requires a peer of postcss@^8.4.21 but none is installed. You must install peer dependencies yourself.
npm WARN postcss-import@14.1.0 requires a peer of postcss@^8.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN postcss-nested@6.0.0 requires a peer of postcss@^8.2.14 but none is installed. You must install peer dependencies yourself.

npm ERR! code EBADPLATFORM
npm ERR! notsup Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm ERR! notsup Valid OS:    darwin
npm ERR! notsup Valid Arch:  any
npm ERR! notsup Actual OS:   linux
npm ERR! notsup Actual Arch: x64

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2023-02-10T01_09_12_107Z-debug.log
vercel[bot] commented 1 year ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated
manage-library ❌ Failed (Inspect) Feb 10, 2023 at 1:10AM (UTC)
renovate[bot] commented 1 year ago

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will now ignore this update (1.7.3). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the ignoreDeps array of your renovate config.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.