Closed mend-for-github-com[bot] closed 9 months ago
Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
installing v2 tool yarn-slim v1.22.21
ERROR: npm v10.2.4 is known not to run on Node.js v8.9.4. This version of npm supports the following node versions: `^18.17.0 || >=20.5.0`. You can find the latest version at https://nodejs.org/.
ERROR:
/opt/buildpack/tools/npm/10.2.4/node_modules/npm/lib/utils/exit-handler.js:19
const hasLoadedNpm = npm?.config.loaded
^
SyntaxError: Unexpected token .
at createScript (vm.js:80:10)
at Object.runInThisContext (vm.js:139:10)
at Module._compile (module.js:607:28)
at Object.Module._extensions..js (module.js:654:10)
at Module.load (module.js:556:32)
at tryModuleLoad (module.js:499:12)
at Function.Module._load (module.js:491:3)
at Module.require (module.js:587:17)
at require (internal/module.js:11:18)
at module.exports (/opt/buildpack/tools/npm/10.2.4/node_modules/npm/lib/cli-entry.js:15:23)
This PR contains the following updates:
^1.6.0
->^3.0.0
This PR resolves the vulnerabilities described in Issue #193
Version 2.18.18
| Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | N/A | 15 | 60 | 42 | 0 |Version 2.18.23-berry-mdx.26
| Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | -86% | 2 (-13 ) | 11 (-49 ) | 12 (-30 ) | 0 (--) |Version 2.33.0-blazing-fast.27
| Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | -73% | 4 (-11 ) | 19 (-41 ) | 14 (-28 ) | 0 (--) |Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.
Release Notes
bholloway/resolve-url-loader
### [`v3.0.0`](https://togithub.com/bholloway/resolve-url-loader/releases/tag/v3.0.0): 3.0.0 Postcss [Compare Source](https://togithub.com/bholloway/resolve-url-loader/compare/2.3.2...v3.0.0) **Features** - Use `postcss` parser by default. This is long overdue as the old `rework` parser doesn't cope with modern css. - Lots of automated tests running actual webpack builds. If you have an interesting use-case let me know. **Breaking Changes** - Multiple options changed or deprecated. - Removed file search "magic" in favour of `join` option. - Errors always fail and are no longer swallowed. - Processing absolute asset paths requires `root` option to be set. **Migrating** Initially set option `engine: 'rework'` for parity with your existing build. Once working you can remove this option **or** set `engine: 'postcss'` explicitly. Retain `keepQuery` option if you are already using it. The `root` option now has a different meaning. Previously it limited file search. Now it is the base path for absolute or root-relative URIs, consistent with `css-loader`. If you are already using it you can probably remove it. If you build on Windows platform **and** your content contains absolute asset paths, then `css-loader` could fail. The `root` option here may fix the URIs before they get to `css-loader`. Try to leave it unspecified, otherwise (windows only) set to empty string `root: ''`. ### [`v2.3.2`](https://togithub.com/bholloway/resolve-url-loader/compare/2.3.1...2.3.2) [Compare Source](https://togithub.com/bholloway/resolve-url-loader/compare/2.3.1...2.3.2) ### [`v2.3.1`](https://togithub.com/bholloway/resolve-url-loader/compare/2.3.0...2.3.1) [Compare Source](https://togithub.com/bholloway/resolve-url-loader/compare/2.3.0...2.3.1) ### [`v2.3.0`](https://togithub.com/bholloway/resolve-url-loader/compare/2.2.1...2.3.0) [Compare Source](https://togithub.com/bholloway/resolve-url-loader/compare/2.2.1...2.3.0) ### [`v2.2.1`](https://togithub.com/bholloway/resolve-url-loader/compare/2.2.0...2.2.1) [Compare Source](https://togithub.com/bholloway/resolve-url-loader/compare/2.2.0...2.2.1) ### [`v2.2.0`](https://togithub.com/bholloway/resolve-url-loader/releases/tag/2.2.0): Attempts option to opt-out of file search "magic" [Compare Source](https://togithub.com/bholloway/resolve-url-loader/compare/2.1.1...2.2.0) Full file search is still the default, for backwards compatibility. However you may now set `attempts=1` to curtail the search to just the immediate file. ### [`v2.1.1`](https://togithub.com/bholloway/resolve-url-loader/releases/tag/2.1.1): Bugfix / basic optimisation - ignore http(s) URIs [Compare Source](https://togithub.com/bholloway/resolve-url-loader/compare/2.1.0...2.1.1) We have always ignored `data:` URIs. This change ignores explicit `http:` and `https:` URIs in the same way. ### [`v2.1.0`](https://togithub.com/bholloway/resolve-url-loader/compare/2.0.3...2.1.0) [Compare Source](https://togithub.com/bholloway/resolve-url-loader/compare/2.0.3...2.1.0) ### [`v2.0.3`](https://togithub.com/bholloway/resolve-url-loader/compare/2.0.2...2.0.3) [Compare Source](https://togithub.com/bholloway/resolve-url-loader/compare/2.0.2...2.0.3) ### [`v2.0.2`](https://togithub.com/bholloway/resolve-url-loader/releases/tag/2.0.2): Fix loaderUtils deprecation warning [Compare Source](https://togithub.com/bholloway/resolve-url-loader/compare/2.0.1...2.0.2) ### [`v2.0.1`](https://togithub.com/bholloway/resolve-url-loader/compare/2.0.0...2.0.1) [Compare Source](https://togithub.com/bholloway/resolve-url-loader/compare/2.0.0...2.0.1) ### [`v2.0.0`](https://togithub.com/bholloway/resolve-url-loader/releases/tag/2.0.0): Webpack 2, less-loader, sass-loader 6 [Compare Source](https://togithub.com/bholloway/resolve-url-loader/compare/1.6.1...2.0.0)