Open renovate[bot] opened 5 years ago
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
:recycle: Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
npm WARN checkPermissions Missing write access to /mnt/renovate/gh/Unibeautify/auto-config/node_modules/@unibeautify/beautifier-file
npm WARN @unibeautify/beautifier-eslint@0.5.0 requires a peer of eslint@^4.19.1 but none is installed. You must install peer dependencies yourself.
npm WARN ajv-keywords@3.2.0 requires a peer of ajv@^6.0.0 but none is installed. You must install peer dependencies yourself.
npm ERR! code ENOENT
npm ERR! syscall access
npm ERR! path /mnt/renovate/gh/Unibeautify/auto-config/node_modules/@unibeautify/beautifier-file
npm ERR! errno -2
npm ERR! enoent ENOENT: no such file or directory, access '/mnt/renovate/gh/Unibeautify/auto-config/node_modules/@unibeautify/beautifier-file'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! A complete log of this run can be found in:
npm ERR! /tmp/renovate-cache/others/npm/_logs/2021-04-26T17_27_02_802Z-debug.log
Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
⚠️ Warning: custom changes will be lost.
This PR contains the following updates:
4.17.10
->4.17.21
GitHub Vulnerability Alerts
CVE-2018-16487
Versions of
lodash
before 4.17.5 are vulnerable to prototype pollution.The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of
Object
via{constructor: {prototype: {...}}}
causing the addition or modification of an existing property that will exist on all objects.Recommendation
Update to version 4.17.11 or later.
CVE-2019-10744
Versions of
lodash
before 4.17.12 are vulnerable to Prototype Pollution. The functiondefaultsDeep
allows a malicious user to modify the prototype ofObject
via{constructor: {prototype: {...}}}
causing the addition or modification of an existing property that will exist on all objects.Recommendation
Update to version 4.17.12 or later.
CVE-2019-1010266
lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.
CVE-2021-23337
lodash
versions prior to 4.17.21 are vulnerable to Command Injection via the template function.CVE-2020-8203
Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays.
This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.