renovate[bot]
commented
4 years ago :warning: Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
:recycle: Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you check the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: package-lock.json
npm WARN checkPermissions Missing write access to /mnt/renovate/gh/nuxt-community/nuxtent-module/node_modules/@types/estree
npm WARN checkPermissions Missing write access to /mnt/renovate/gh/nuxt-community/nuxtent-module/node_modules/@types/linkify-it
npm WARN checkPermissions Missing write access to /mnt/renovate/gh/nuxt-community/nuxtent-module/node_modules/@types/mime
npm WARN checkPermissions Missing write access to /mnt/renovate/gh/nuxt-community/nuxtent-module/node_modules/@types/q
npm WARN checkPermissions Missing write access to /mnt/renovate/gh/nuxt-community/nuxtent-module/node_modules/@types/resolve
npm WARN checkPermissions Missing write access to /mnt/renovate/gh/nuxt-community/nuxtent-module/node_modules/@types/chokidar
npm WARN checkPermissions Missing write access to /mnt/renovate/gh/nuxt-community/nuxtent-module/node_modules/@types/qs
npm ERR! code ENOENT
npm ERR! syscall access
npm ERR! path /mnt/renovate/gh/nuxt-community/nuxtent-module/node_modules/@types/estree
npm ERR! errno -2
npm ERR! enoent ENOENT: no such file or directory, access '/mnt/renovate/gh/nuxt-community/nuxtent-module/node_modules/@types/estree'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! A complete log of this run can be found in:
npm ERR! /tmp/renovate-cache/others/npm/_logs/2020-08-21T12_14_18_523Z-debug.log
This PR contains the following updates:
4.17.11->4.17.19GitHub Vulnerability Alerts
CVE-2019-10744
Versions of
lodashbefore 4.17.12 are vulnerable to Prototype Pollution. The functiondefaultsDeepallows a malicious user to modify the prototype ofObjectvia{constructor: {prototype: {...}}}causing the addition or modification of an existing property that will exist on all objects.Recommendation
Update to version 4.17.12 or later.
CVE-2019-1010266
lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.
CVE-2020-8203
Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays.
This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.
Release Notes
lodash/lodash
### [`v4.17.19`](https://togithub.com/lodash/lodash/compare/4.17.16...4.17.19) ### [`v4.17.16`](https://togithub.com/lodash/lodash/compare/4.17.15...4.17.16) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.15...4.17.16) ### [`v4.17.15`](https://togithub.com/lodash/lodash/compare/4.17.14...4.17.15) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.14...4.17.15) ### [`v4.17.14`](https://togithub.com/lodash/lodash/compare/4.17.13...4.17.14) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.13...4.17.14) ### [`v4.17.13`](https://togithub.com/lodash/lodash/compare/4.17.12...4.17.13) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.12...4.17.13) ### [`v4.17.12`](https://togithub.com/lodash/lodash/compare/4.17.11...4.17.12) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.11...4.17.12)Renovate configuration
:date: Schedule: "" (UTC).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.