github-actions[bot]
commented
3 years ago Hi there,
We have found that there's a problem with the logs. Depending on which situation applies follow one, some or all of these instructions.
No logs at all
If there's no log posted yet, we need you to find and copy/paste the log into the issue template.
Finding logs on hosted app
Click me to read instructions
If you use the Renovate app (GitHub): 1. Go to the affected PR, and search for "View repository job log here" 1. Click on the link to go to the "WhiteSource Renovate Dashboard" and log in 1. You are now in the correct repository log overview screen 1. Copy/paste the correct log 1. Follow the steps in the **formatting your logs** sectionFinding logs when self-hosting
Click me to read instructions
If you're running self-hosted, run with `LOG_LEVEL=debug` in your environment variables and search for whatever dependency/branch/PR that is causing the problem.Insufficient logs
Click me to read instructions
If you already provided logs, and the Renovate team said they are not enough, follow the instructions from the **No logs at all** section.Formatting your logs
Click me to read instructions
Please put your logs in a `` and `` element like this:
The-Code-Monkey
rarkins
viceice
How are you running Renovate?
WhiteSource Renovate hosted app on github.com
If you're self-hosting Renovate, tell us what version of Renovate you run.
No response
Please select which platform you are using if self-hosting.
No response
If you're self-hosting Renovate, tell us what version of the platform you run.
No response
Describe the bug
It doesn't seem to be finding the GitHub security issues on my branch it has the permissions just doesn't seem to grab them.
https://github.com/The-Code-Monkey/Components/pulls
This is one of the repos it's not working on. It might be a config issue but I'm not sure. Also my phone won't log into the webapp I'll add the logs later
Relevant debug logs
Click me to see logs
``` DEBUG: No dangling containers to remove INFO: Repository started { "renovateVersion": "29.8.5" } DEBUG: Using localDir: /mnt/renovate/gh/The-Code-Monkey/Components DEBUG: Repository cache is valid DEBUG: initRepo("The-Code-Monkey/Components") DEBUG: Overriding default GitHub endpoint { "endpoint": "https://api.github.com/" } DEBUG: The-Code-Monkey/Components default branch = dev DEBUG: Using app token for git init DEBUG: resetMemCache() DEBUG: Resetting npmrc DEBUG: detectSemanticCommits() DEBUG: checkOnboarding() DEBUG: isOnboarded() DEBUG: Checking cached config file name DEBUG: Existing config file confirmed DEBUG: Repo is onboarded DEBUG: migrateAndValidate() DEBUG: Config migration necessary { "oldConfig": { "extends": [ "github>whitesource/merge-confidence:beta", ":dependencyDashboard", ":semanticPrefixFixDepsChoreOthers", ":ignoreModulesAndTests", ":autodetectPinVersions", ":prConcurrentLimit20", "group:monorepos", "group:recommended", "workarounds:all" ], "labels": [ "dependencies" ], "automerge": "true", "vulnerabilityAlerts": { "labels": [ "security" ] }, "packageRules": [ { "matchUpdateTypes": [ "minor", "patch", "pin", "digest" ], "automerge": true } ] }, "newConfig": { "extends": [ "github>whitesource/merge-confidence:beta", ":dependencyDashboard", ":semanticPrefixFixDepsChoreOthers", ":ignoreModulesAndTests", ":autodetectPinVersions", ":prConcurrentLimit20", "group:monorepos", "group:recommended", "workarounds:all" ], "labels": [ "dependencies" ], "automerge": true, "vulnerabilityAlerts": { "labels": [ "security" ] }, "packageRules": [ { "matchUpdateTypes": [ "minor", "patch", "pin", "digest" ], "automerge": true } ] } } DEBUG: massaged config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", ":dependencyDashboard", ":semanticPrefixFixDepsChoreOthers", ":ignoreModulesAndTests", ":autodetectPinVersions", ":prConcurrentLimit20", "group:monorepos", "group:recommended", "workarounds:all" ], "labels": [ "dependencies" ], "automerge": true, "vulnerabilityAlerts": { "labels": [ "security" ] }, "packageRules": [ { "matchUpdateTypes": [ "minor", "patch", "pin", "digest" ], "automerge": true } ] } } DEBUG: migrated config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", ":dependencyDashboard", ":semanticPrefixFixDepsChoreOthers", ":ignoreModulesAndTests", ":autodetectPinVersions", ":prConcurrentLimit20", "group:monorepos", "group:recommended", "workarounds:all" ], "labels": [ "dependencies" ], "automerge": true, "vulnerabilityAlerts": { "labels": [ "security" ] }, "packageRules": [ { "matchUpdateTypes": [ "minor", "patch", "pin", "digest" ], "automerge": true } ] } } DEBUG: Setting hostRules from config DEBUG: Found repo ignorePaths { "ignorePaths": [ "**/node_modules/**", "**/bower_components/**", "**/vendor/**", "**/examples/**", "**/__tests__/**", "**/test/**", "**/tests/**", "**/__fixtures__/**" ] } DEBUG: GitHub vulnerability details { "alerts": { "npm/prismjs": { ">= 1.1.0, < 1.21.0": "1.21.0", "< 1.23.0": "1.23.0", "< 1.24.0": "1.24.0", "< 1.25.0": "1.25.0" }, "npm/node-fetch": { "< 2.6.1": "2.6.1" }, "npm/highlight.js": { "< 9.18.2": "9.18.2", ">= 9.0.0, < 10.4.1": "10.4.1" }, "npm/trim": { "< 0.0.3": "0.0.3" }, "npm/browserslist": { ">= 4.0.0, < 4.16.5": "4.16.5" }, "npm/glob-parent": { "< 5.1.2": "5.1.2" }, "npm/ansi-html": { "<= 0.0.7": null }, "npm/immer": { "< 9.0.6": "9.0.6" }, "npm/ansi-regex": { "> 2.1.1, < 5.0.1": "5.0.1" } } } DEBUG: Vulnerability alert has no firstPatchedVersion - skipping { "alert": { "dismissReason": null, "vulnerableManifestFilename": "yarn.lock", "vulnerableManifestPath": "yarn.lock", "vulnerableRequirements": "= 0.0.7", "securityAdvisory": { "description": "This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.", "identifiers": [ { "type": "GHSA", "value": "GHSA-whgm-jr23-g3j9" }, { "type": "CVE", "value": "CVE-2021-23424" } ], "references": [ { "url": "https://github.com/ioet/time-tracker-ui/security/advisories/GHSA-4fjc-8q3h-8r69" }, { "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23424" }, { "url": "https://github.com/advisories/GHSA-whgm-jr23-g3j9" } ], "severity": "HIGH" }, "securityVulnerability": { "package": { "name": "ansi-html", "ecosystem": "NPM" }, "firstPatchedVersion": null, "vulnerableVersionRange": "<= 0.0.7" } } } DEBUG: alert package rules { "alertPackageRules": [ { "matchDatasources": [ "npm" ], "matchPackageNames": [ "prismjs" ], "matchCurrentVersion": "= 1.17.1", "matchFiles": [ "yarn.lock" ], "allowedVersions": "1.25.0", "prBodyNotes": [ "### GitHub Vulnerability Alerts", "#### [CVE-2020-15138](https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9)\n\n### Impact\nThe easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer.\n\nThis impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0).\n\n### Patches\nThis problem is patched in v1.21.0.\n\n### Workarounds\nTo workaround the issue without upgrading, [disable the easing preview](https://prismjs.com/plugins/previewers/#disabling-a-previewer) on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.\n\n### References\nThe vulnerability was introduced by this [commit](https://github.com/PrismJS/prism/commit/4303c940d3d3a20e8ce7635bf23331c75060f5c5) on Sep 29, 2015 and fixed by [Masato Kinugawa](https://twitter.com/kinugawamasato) (#2506).\n\n### For more information\nIf you have any questions or comments about this advisory, please [open an issue](https://github.com/PrismJS/prism/issues).", "#### [CVE-2021-23341](https://nvd.nist.gov/vuln/detail/CVE-2021-23341)\n\nThe package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.", "#### [CVE-2021-32723](https://github.com/PrismJS/prism/security/advisories/GHSA-gj77-59wh-66hg)\n\nSome languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS).\n\n### Impact\n\nWhen Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. Do not use the following languages to highlight untrusted text.\n\n- ASCIIDoc\n- ERB\n\nOther languages are __not__ affected and can be used to highlight untrusted text.\n\n### Patches\nThis problem has been fixed in Prism v1.24.\n\n### References\n\n- PrismJS/prism#2774\n- PrismJS/prism#2688\n", "#### [CVE-2021-3801](https://nvd.nist.gov/vuln/detail/CVE-2021-3801)\n\nThe prismjs package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU." ], "isVulnerabilityAlert": true, "force": { "groupName": null, "schedule": [], "dependencyDashboardApproval": false, "rangeStrategy": "update-lockfile", "commitMessageSuffix": "[SECURITY]", "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability", "prCreation": "immediate", "labels": [ "security" ] } }, { "matchDatasources": [ "npm" ], "matchPackageNames": [ "node-fetch" ], "matchCurrentVersion": "= 1.7.3", "matchFiles": [ "yarn.lock" ], "allowedVersions": "2.6.1", "prBodyNotes": [ "### GitHub Vulnerability Alerts", "#### [CVE-2020-15168](https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r)\n\n### Impact\nNode Fetch did not honor the `size` option after following a redirect, which means that when a content size was over the limit, a `FetchError` would never get thrown and the process would end without failure.\n\nFor most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after `fetch()` has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.\n\n### Patches\nWe released patched versions for both stable and beta channels:\n\n- For `v2`: 2.6.1\n- For `v3`: 3.0.0-beta.9\n\n### Workarounds\nNone, it is strongly recommended to update as soon as possible.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [node-fetch](https://github.com/node-fetch/node-fetch/issues/new?assignees=&labels=question&template=support-or-usage.md&title=Question%3A+)\n* Contact one of the core maintainers." ], "isVulnerabilityAlert": true, "force": { "groupName": null, "schedule": "[Circular]", "dependencyDashboardApproval": false, "rangeStrategy": "update-lockfile", "commitMessageSuffix": "[SECURITY]", "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability", "prCreation": "immediate", "labels": "[Circular]" } }, { "matchDatasources": [ "npm" ], "matchPackageNames": [ "highlight.js" ], "matchCurrentVersion": "= 9.13.1", "matchFiles": [ "yarn.lock" ], "allowedVersions": "10.4.1", "prBodyNotes": [ "### GitHub Vulnerability Alerts", "#### [CVE-2020-26237](https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx)\n\n### Impact\n\nAffected versions of this package are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks (or similar) and do not filter the language names the user can provide you may be vulnerable. \n\nThe pollution should just be harmless data but this can cause problems for applications not expecting these properties to exist and can result in strange behavior or application crashes, i.e. a potential DOS vector. \n\n_If your website or application does not render user provided data it should be unaffected._\n\n### Patches\n\nVersions 9.18.2 and 10.1.2 and newer include fixes for this vulnerability. If you are using version 7 or 8 you are encouraged to upgrade to a newer release.\n\n### Workarounds\n\n#### Patch your library\n\nManually patch your library to create null objects for both `languages` and `aliases`:\n\n```js\nconst HLJS = function(hljs) {\n // ...\n var languages = Object.create(null);\n var aliases = Object.create(null);\n```\n\n#### Filter out bad data from end users\n\nFilter the language names that users are allowed to inject into your HTML to guarantee they are valid.\n\n### References\n\n* [What is Prototype Pollution?](https://codeburst.io/what-is-prototype-pollution-49482fc4b638)\n* https://github.com/highlightjs/highlight.js/pull/2636\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Please file an issue against [highlight.js](https://github.com/highlightjs/highlight.js/issues/)", "#### [GHSA-7wwv-vh3v-89cq](https://github.com/highlightjs/highlight.js/security/advisories/GHSA-7wwv-vh3v-89cq)\n\n### Impact: Potential ReDOS vulnerabilities (exponential and polynomial RegEx backtracking)\n\n[oswasp](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS): \n\n> The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression to enter these extreme situations and then hang for a very long time.\n\nIf are you are using Highlight.js to highlight user-provided data you are possibly vulnerable. On the client-side (in a browser or Electron environment) risks could include lengthy freezes or crashes... On the server-side infinite freezes could occur... effectively preventing users from accessing your app or service (ie, Denial of Service).\n\nThis is an issue with grammars shipped with the parser (and potentially 3rd party grammars also), not the parser itself. If you are using Highlight.js with any of the following grammars you are vulnerable. If you are using `highlightAuto` to detect the language (and have any of these grammars registered) you are vulnerable.\n\nAll versions prior to 10.4.1 are vulnerable, including version 9.18.5. \n\n**Grammars with exponential backtracking issues:**\n\n - c-like (c, cpp, arduino)\n - handlebars (htmlbars)\n - gams\n - perl\n - jboss-cli\n - r\n - erlang-repl\n - powershell\n - routeros\n - livescript (10.4.0 and 9.18.5 included this fix)\n - javascript & typescript (10.4.0 included partial fixes)\n\nAnd of course any aliases of those languages have the same issue. ie: `hpp` is no safer than `cpp`.\n\n**Grammars with polynomial backtracking issues:**\n\n- kotlin\n- gcode\n- d\n- aspectj\n- moonscript\n- coffeescript/livescript\n- csharp\n- scilab\n- crystal\n- elixir\n- basic\n- ebnf\n- ruby\n- fortran/irpf90\n- livecodeserver\n- yaml\n- x86asm\n- dsconfig\n- markdown\n- ruleslanguage\n- xquery\n- sqf\n\nAnd again: any aliases of those languages have the same issue. ie: `ruby` and `rb` share the same ruby issues.\n\n\n### Patches\n\n- Version 10.4.1 resolves these vulnerabilities. Please upgrade.\n\n### Workarounds / Mitigations\n\n- Discontinue use the affected grammars. (or perhaps use only those with poly vs exponential issues)\n- Attempt cherry-picking the grammar fixes into older versions...\n- Attempt using newer CDN versions of any affected languages. (ie using an older CDN version of the library with newer CDN grammars). Your mileage may vary.\n\n### References\n\n- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue: https://github.com/highlightjs/highlight.js/issues\n* Email us at [security@highlightjs.com](mailto:security@highlightjs.com)" ], "isVulnerabilityAlert": true, "force": { "groupName": null, "schedule": "[Circular]", "dependencyDashboardApproval": false, "rangeStrategy": "update-lockfile", "commitMessageSuffix": "[SECURITY]", "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability", "prCreation": "immediate", "labels": "[Circular]" } }, { "matchDatasources": [ "npm" ], "matchPackageNames": [ "trim" ], "matchCurrentVersion": "= 0.0.1", "matchFiles": [ "yarn.lock" ], "allowedVersions": "0.0.3", "prBodyNotes": [ "### GitHub Vulnerability Alerts", "#### [CVE-2020-7753](https://nvd.nist.gov/vuln/detail/CVE-2020-7753)\n\nAll versions of package trim lower than 0.0.3 are vulnerable to Regular Expression Denial of Service (ReDoS) via trim()." ], "isVulnerabilityAlert": true, "force": { "groupName": null, "schedule": "[Circular]", "dependencyDashboardApproval": false, "rangeStrategy": "update-lockfile", "commitMessageSuffix": "[SECURITY]", "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability", "prCreation": "immediate", "labels": "[Circular]" } }, { "matchDatasources": [ "npm" ], "matchPackageNames": [ "browserslist" ], "matchCurrentVersion": "= 4.14.2", "matchFiles": [ "yarn.lock" ], "allowedVersions": "4.16.5", "prBodyNotes": [ "### GitHub Vulnerability Alerts", "#### [CVE-2021-23364](https://nvd.nist.gov/vuln/detail/CVE-2021-23364)\n\nThe package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries." ], "isVulnerabilityAlert": true, "force": { "groupName": null, "schedule": "[Circular]", "dependencyDashboardApproval": false, "rangeStrategy": "update-lockfile", "commitMessageSuffix": "[SECURITY]", "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability", "prCreation": "immediate", "labels": "[Circular]" } }, { "matchDatasources": [ "npm" ], "matchPackageNames": [ "glob-parent" ], "matchCurrentVersion": "= 2.0.0", "matchFiles": [ "yarn.lock" ], "allowedVersions": "5.1.2", "prBodyNotes": [ "### GitHub Vulnerability Alerts", "#### [CVE-2020-28469](https://nvd.nist.gov/vuln/detail/CVE-2020-28469)\n\nThis affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator." ], "isVulnerabilityAlert": true, "force": { "groupName": null, "schedule": "[Circular]", "dependencyDashboardApproval": false, "rangeStrategy": "update-lockfile", "commitMessageSuffix": "[SECURITY]", "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability", "prCreation": "immediate", "labels": "[Circular]" } }, { "matchDatasources": [ "npm" ], "matchPackageNames": [ "immer" ], "matchCurrentVersion": "= 8.0.1", "matchFiles": [ "yarn.lock" ], "allowedVersions": "9.0.6", "prBodyNotes": [ "### GitHub Vulnerability Alerts", "#### [CVE-2021-23436](https://nvd.nist.gov/vuln/detail/CVE-2021-23436)\n\nThis affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === \"__proto__\" || p === \"constructor\") in applyPatches_ returns false if p is ['__proto__'] (or ['constructor']). The === operator (strict equality operator) returns false if the operands have different type.", "#### [CVE-2021-3757](https://nvd.nist.gov/vuln/detail/CVE-2021-3757)\n\nimmer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')" ], "isVulnerabilityAlert": true, "force": { "groupName": null, "schedule": "[Circular]", "dependencyDashboardApproval": false, "rangeStrategy": "update-lockfile", "commitMessageSuffix": "[SECURITY]", "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability", "prCreation": "immediate", "labels": "[Circular]" } }, { "matchDatasources": [ "npm" ], "matchPackageNames": [ "ansi-regex" ], "matchCurrentVersion": "= 3.0.0", "matchFiles": [ "yarn.lock" ], "allowedVersions": "5.0.1", "prBodyNotes": [ "### GitHub Vulnerability Alerts", "#### [CVE-2021-3807](https://nvd.nist.gov/vuln/detail/CVE-2021-3807)\n\nansi-regex is vulnerable to Inefficient Regular Expression Complexity" ], "isVulnerabilityAlert": true, "force": { "groupName": null, "schedule": "[Circular]", "dependencyDashboardApproval": false, "rangeStrategy": "update-lockfile", "commitMessageSuffix": "[SECURITY]", "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability", "prCreation": "immediate", "labels": "[Circular]" } } ] } DEBUG: findIssue(Dependency Dashboard) DEBUG: Retrieving issueList DEBUG: Retrieved 1 issues DEBUG: Found issue 905 DEBUG: No baseBranches DEBUG: extract() DEBUG: Found cached extract { "baseBranch": "dev", "baseBranchSha": "6656aa68381fbd1dad15745d832bd08d65d0a42b" } DEBUG: Deleted cached dep updates INFO: Dependency extraction complete { "baseBranch": "dev", "stats": { "managers": { "circleci": { "fileCount": 1, "depCount": 1 }, "github-actions": { "fileCount": 4, "depCount": 9 }, "npm": { "fileCount": 1, "depCount": 35 } }, "total": { "fileCount": 6, "depCount": 45 } } } DEBUG: Widening peer dependencies DEBUG: Package releases lookups complete { "baseBranch": "dev" } DEBUG: branchifyUpgrades DEBUG: 0 flattened updates found: DEBUG: Returning 0 branch(es) DEBUG: config.repoIsOnboarded=true DEBUG: packageFiles with updates { "config": { "circleci": [ { "packageFile": ".circleci/config.yml", "deps": [ { "depType": "orb", "depName": "node", "currentValue": "4.7.0", "datasource": "orb", "lookupName": "circleci/node", "commitMessageTopic": "{{{depName}}} orb", "versioning": "npm", "rangeStrategy": "pin", "depIndex": 0, "warnings": [], "homepage": "https://circleci.com/developer/orbs/orb/circleci/node", "currentVersion": "4.7.0", "fixedVersion": "4.7.0", "updates": [] } ] } ], "github-actions": [ { "packageFile": ".github/workflows/codeql-analysis.yml", "deps": [ { "depName": "actions/checkout", "commitMessageTopic": "{{{depName}}} action", "datasource": "github-tags", "versioning": "docker", "depType": "action", "replaceString": "actions/checkout@v2", "autoReplaceStringTemplate": "{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # renovate: tag={{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}", "currentValue": "v2", "depIndex": 0, "warnings": [], "sourceUrl": "https://github.com/actions/checkout", "currentVersion": "v2", "fixedVersion": "v2", "updates": [] }, { "depName": "github/codeql-action", "commitMessageTopic": "{{{depName}}} action", "datasource": "github-tags", "versioning": "docker", "depType": "action", "replaceString": "github/codeql-action/init@v1", "autoReplaceStringTemplate": "{{depName}}/init@{{#if newDigest}}{{newDigest}}{{#if newValue}} # renovate: tag={{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}", "currentValue": "v1", "depIndex": 1, "warnings": [], "sourceUrl": "https://github.com/github/codeql-action", "currentVersion": "v1", "fixedVersion": "v1", "updates": [] }, { "depName": "github/codeql-action", "commitMessageTopic": "{{{depName}}} action", "datasource": "github-tags", "versioning": "docker", "depType": "action", "replaceString": "github/codeql-action/autobuild@v1", "autoReplaceStringTemplate": "{{depName}}/autobuild@{{#if newDigest}}{{newDigest}}{{#if newValue}} # renovate: tag={{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}", "currentValue": "v1", "depIndex": 2, "warnings": [], "sourceUrl": "https://github.com/github/codeql-action", "currentVersion": "v1", "fixedVersion": "v1", "updates": [] }, { "depName": "github/codeql-action", "commitMessageTopic": "{{{depName}}} action", "datasource": "github-tags", "versioning": "docker", "depType": "action", "replaceString": "github/codeql-action/analyze@v1", "autoReplaceStringTemplate": "{{depName}}/analyze@{{#if newDigest}}{{newDigest}}{{#if newValue}} # renovate: tag={{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}", "currentValue": "v1", "depIndex": 3, "warnings": [], "sourceUrl": "https://github.com/github/codeql-action", "currentVersion": "v1", "fixedVersion": "v1", "updates": [] } ] }, { "packageFile": ".github/workflows/greetings.yml", "deps": [ { "depName": "actions/first-interaction", "commitMessageTopic": "{{{depName}}} action", "datasource": "github-tags", "versioning": "docker", "depType": "action", "replaceString": "actions/first-interaction@v1", "autoReplaceStringTemplate": "{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # renovate: tag={{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}", "currentValue": "v1", "depIndex": 0, "warnings": [], "sourceUrl": "https://github.com/actions/first-interaction", "currentVersion": "v1", "fixedVersion": "v1", "updates": [] } ] }, { "packageFile": ".github/workflows/main.yml", "deps": [ { "depName": "actions/checkout", "commitMessageTopic": "{{{depName}}} action", "datasource": "github-tags", "versioning": "docker", "depType": "action", "replaceString": "actions/checkout@v2", "autoReplaceStringTemplate": "{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # renovate: tag={{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}", "currentValue": "v2", "depIndex": 0, "warnings": [], "sourceUrl": "https://github.com/actions/checkout", "currentVersion": "v2", "fixedVersion": "v2", "updates": [] }, { "depName": "actions/setup-node", "commitMessageTopic": "{{{depName}}} action", "datasource": "github-tags", "versioning": "docker", "depType": "action", "replaceString": "actions/setup-node@v2", "autoReplaceStringTemplate": "{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # renovate: tag={{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}", "currentValue": "v2", "depIndex": 1, "warnings": [], "sourceUrl": "https://github.com/actions/setup-node", "currentVersion": "v2", "fixedVersion": "v2", "updates": [] }, { "depName": "bahmutov/npm-install", "commitMessageTopic": "{{{depName}}} action", "datasource": "github-tags", "versioning": "docker", "depType": "action", "replaceString": "bahmutov/npm-install@v1", "autoReplaceStringTemplate": "{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # renovate: tag={{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}", "currentValue": "v1", "depIndex": 2, "warnings": [], "sourceUrl": "https://github.com/bahmutov/npm-install", "currentVersion": "v1", "fixedVersion": "v1", "updates": [] } ] }, { "packageFile": ".github/workflows/stale.yml", "deps": [ { "depName": "actions/stale", "commitMessageTopic": "{{{depName}}} action", "datasource": "github-tags", "versioning": "docker", "depType": "action", "replaceString": "actions/stale@v4", "autoReplaceStringTemplate": "{{depName}}@{{#if newDigest}}{{newDigest}}{{#if newValue}} # renovate: tag={{newValue}}{{/if}}{{/if}}{{#unless newDigest}}{{newValue}}{{/unless}}", "currentValue": "v4", "depIndex": 0, "warnings": [], "sourceUrl": "https://github.com/actions/stale", "currentVersion": "v4", "fixedVersion": "v4", "updates": [] } ] } ], "npm": [ { "packageFile": "package.json", "deps": [ { "depType": "dependencies", "depName": "@aw-web-design/styled-system", "currentValue": "^0.1.5", "datasource": "npm", "prettyDepType": "dependency", "lockedVersion": "0.1.5", "depIndex": 0, "warnings": [], "versioning": "npm", "currentVersion": "0.1.5", "fixedVersion": "0.1.5", "updates": [] }, { "depType": "dependencies", "depName": "@aw-web-design/theme", "currentValue": "^0.1.0-alpha-6", "datasource": "npm", "prettyDepType": "dependency", "lockedVersion": "0.1.0-alpha-6", "depIndex": 1, "warnings": [], "versioning": "npm", "currentVersion": "0.1.0-alpha-6", "fixedVersion": "0.1.0-alpha-6", "updates": [] }, { "depType": "dependencies", "depName": "memoize-one", "currentValue": "^6.0.0", "datasource": "npm", "prettyDepType": "dependency", "lockedVersion": "6.0.0", "depIndex": 2, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/alexreardon/memoize-one", "currentVersion": "6.0.0", "fixedVersion": "6.0.0", "updates": [] }, { "depType": "dependencies", "depName": "react-feather", "currentValue": "^2.0.9", "datasource": "npm", "prettyDepType": "dependency", "lockedVersion": "2.0.9", "depIndex": 3, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/feathericons/react-feather", "currentVersion": "2.0.9", "fixedVersion": "2.0.9", "updates": [] }, { "depType": "dependencies", "depName": "react-lazy-named", "currentValue": "^1.2.2", "datasource": "npm", "prettyDepType": "dependency", "lockedVersion": "1.2.2", "depIndex": 4, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/grgur/react-lazy-named", "currentVersion": "1.2.2", "fixedVersion": "1.2.2", "updates": [] }, { "depType": "dependencies", "depName": "styled-components", "currentValue": "^5.3.3", "datasource": "npm", "prettyDepType": "dependency", "lockedVersion": "5.3.3", "depIndex": 5, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/styled-components/styled-components", "homepage": "https://styled-components.com/", "currentVersion": "5.3.3", "fixedVersion": "5.3.3", "updates": [] }, { "depType": "devDependencies", "depName": "@babel/core", "currentValue": "7.16.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "7.16.0", "depIndex": 6, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/babel/babel", "sourceDirectory": "packages/babel-core", "homepage": "https://babel.dev/docs/en/next/babel-core", "currentVersion": "7.16.0", "fixedVersion": "7.16.0", "updates": [] }, { "depType": "devDependencies", "depName": "@size-limit/preset-small-lib", "currentValue": "6.0.4", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "6.0.4", "depIndex": 7, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/ai/size-limit", "currentVersion": "6.0.4", "fixedVersion": "6.0.4", "updates": [] }, { "depType": "devDependencies", "depName": "@storybook/addon-essentials", "currentValue": "6.3.12", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "6.3.12", "depIndex": 8, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/storybookjs/storybook", "sourceDirectory": "addons/essentials", "currentVersion": "6.3.12", "fixedVersion": "6.3.12", "updates": [] }, { "depType": "devDependencies", "depName": "@storybook/addon-info", "currentValue": "5.3.21", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "5.3.21", "depIndex": 9, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/storybookjs/storybook", "sourceDirectory": "addons/info", "currentVersion": "5.3.21", "fixedVersion": "5.3.21", "updates": [] }, { "depType": "devDependencies", "depName": "@storybook/addon-links", "currentValue": "6.3.12", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "6.3.12", "depIndex": 10, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/storybookjs/storybook", "sourceDirectory": "addons/links", "currentVersion": "6.3.12", "fixedVersion": "6.3.12", "updates": [] }, { "depType": "devDependencies", "depName": "@storybook/addons", "currentValue": "6.3.12", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "6.3.12", "depIndex": 11, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/storybookjs/storybook", "sourceDirectory": "lib/addons", "currentVersion": "6.3.12", "fixedVersion": "6.3.12", "updates": [] }, { "depType": "devDependencies", "depName": "@storybook/react", "currentValue": "6.3.12", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "6.3.12", "depIndex": 12, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/storybookjs/storybook", "sourceDirectory": "app/react", "currentVersion": "6.3.12", "fixedVersion": "6.3.12", "updates": [] }, { "depType": "devDependencies", "depName": "@tsconfig/create-react-app", "currentValue": "1.0.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "1.0.2", "depIndex": 13, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/tsconfig/bases", "sourceDirectory": "bases", "currentVersion": "1.0.2", "fixedVersion": "1.0.2", "updates": [] }, { "depType": "devDependencies", "depName": "@tsconfig/recommended", "currentValue": "1.0.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "1.0.1", "depIndex": 14, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/tsconfig/bases", "sourceDirectory": "bases", "currentVersion": "1.0.1", "fixedVersion": "1.0.1", "updates": [] }, { "depType": "devDependencies", "depName": "@types/enzyme", "currentValue": "3.10.10", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "3.10.10", "depIndex": 15, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/DefinitelyTyped/DefinitelyTyped", "sourceDirectory": "types/enzyme", "currentVersion": "3.10.10", "fixedVersion": "3.10.10", "updates": [] }, { "depType": "devDependencies", "depName": "@types/react", "currentValue": "17.0.35", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "17.0.35", "depIndex": 16, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/DefinitelyTyped/DefinitelyTyped", "sourceDirectory": "types/react", "currentVersion": "17.0.35", "fixedVersion": "17.0.35", "updates": [] }, { "depType": "devDependencies", "depName": "@types/react-dom", "currentValue": "17.0.11", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "17.0.11", "depIndex": 17, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/DefinitelyTyped/DefinitelyTyped", "sourceDirectory": "types/react-dom", "currentVersion": "17.0.11", "fixedVersion": "17.0.11", "updates": [] }, { "depType": "devDependencies", "depName": "@types/styled-components", "currentValue": "5.1.15", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "5.1.15", "depIndex": 18, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/DefinitelyTyped/DefinitelyTyped", "sourceDirectory": "types/styled-components", "currentVersion": "5.1.15", "fixedVersion": "5.1.15", "updates": [] }, { "depType": "devDependencies", "depName": "@wojtekmaj/enzyme-adapter-react-17", "currentValue": "0.6.5", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "0.6.5", "depIndex": 19, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/wojtekmaj/enzyme-adapter-react-17", "homepage": "https://enzymejs.github.io/enzyme/", "currentVersion": "0.6.5", "fixedVersion": "0.6.5", "updates": [] }, { "depType": "devDependencies", "depName": "babel-loader", "currentValue": "8.2.3", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "8.2.3", "depIndex": 20, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/babel/babel-loader", "currentVersion": "8.2.3", "fixedVersion": "8.2.3", "updates": [] }, { "depType": "devDependencies", "depName": "babel-plugin-module-resolver", "currentValue": "4.1.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "4.1.0", "depIndex": 21, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/tleunen/babel-plugin-module-resolver", "currentVersion": "4.1.0", "fixedVersion": "4.1.0", "updates": [] }, { "depType": "devDependencies", "depName": "dts-cli", "currentValue": "0.19.5", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "0.19.5", "depIndex": 22, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/weiran-zsd/dts-cli", "currentVersion": "0.19.5", "fixedVersion": "0.19.5", "updates": [] }, { "depType": "devDependencies", "depName": "enzyme", "currentValue": "3.11.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "3.11.0", "depIndex": 23, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/airbnb/enzyme", "sourceDirectory": "packages/enzyme", "homepage": "https://airbnb.io/enzyme/", "currentVersion": "3.11.0", "fixedVersion": "3.11.0", "updates": [] }, { "depType": "devDependencies", "depName": "enzyme-to-json", "currentValue": "3.6.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "3.6.2", "depIndex": 24, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/adriantoine/enzyme-to-json", "currentVersion": "3.6.2", "fixedVersion": "3.6.2", "updates": [] }, { "depType": "devDependencies", "depName": "eslint-plugin-prettier", "currentValue": "4.0.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "4.0.0", "depIndex": 25, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/prettier/eslint-plugin-prettier", "currentVersion": "4.0.0", "fixedVersion": "4.0.0", "updates": [] }, { "depType": "devDependencies", "depName": "husky", "currentValue": "7.0.4", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "7.0.4", "depIndex": 26, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/typicode/husky", "homepage": "https://typicode.github.io/husky", "currentVersion": "7.0.4", "fixedVersion": "7.0.4", "updates": [] }, { "depType": "devDependencies", "depName": "react", "currentValue": "17.0.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "17.0.2", "depIndex": 27, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/facebook/react", "sourceDirectory": "packages/react", "homepage": "https://reactjs.org/", "currentVersion": "17.0.2", "fixedVersion": "17.0.2", "updates": [] }, { "depType": "devDependencies", "depName": "react-dom", "currentValue": "17.0.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "17.0.2", "depIndex": 28, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/facebook/react", "sourceDirectory": "packages/react-dom", "homepage": "https://reactjs.org/", "currentVersion": "17.0.2", "fixedVersion": "17.0.2", "updates": [] }, { "depType": "devDependencies", "depName": "react-is", "currentValue": "17.0.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "17.0.2", "depIndex": 29, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/facebook/react", "sourceDirectory": "packages/react-is", "homepage": "https://reactjs.org/", "currentVersion": "17.0.2", "fixedVersion": "17.0.2", "updates": [] }, { "depType": "devDependencies", "depName": "size-limit", "currentValue": "6.0.4", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "6.0.4", "depIndex": 30, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/ai/size-limit", "currentVersion": "6.0.4", "fixedVersion": "6.0.4", "updates": [] }, { "depType": "devDependencies", "depName": "tslib", "currentValue": "2.3.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.3.1", "depIndex": 31, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/Microsoft/tslib", "homepage": "https://www.typescriptlang.org/", "currentVersion": "2.3.1", "fixedVersion": "2.3.1", "updates": [] }, { "depType": "devDependencies", "depName": "typescript", "currentValue": "4.4.4", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "4.4.4", "depIndex": 32, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/Microsoft/TypeScript", "homepage": "https://www.typescriptlang.org/", "currentVersion": "4.4.4", "fixedVersion": "4.4.4", "updates": [] }, { "depType": "peerDependencies", "depName": "react", "currentValue": ">=16", "datasource": "npm", "prettyDepType": "peerDependency", "depIndex": 33, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/facebook/react", "sourceDirectory": "packages/react", "homepage": "https://reactjs.org/", "currentVersion": "17.0.2", "updates": [] }, { "depType": "engines", "depName": "node", "currentValue": ">=12", "datasource": "github-tags", "lookupName": "nodejs/node", "versioning": "node", "commitMessageTopic": "Node.js", "prettyDepType": "engine", "depIndex": 34, "warnings": [], "sourceUrl": "https://github.com/nodejs/node", "currentVersion": "v17.1.0", "updates": [] } ], "packageJsonName": "components", "packageFileVersion": "0.1.2-alpha1", "packageJsonType": "library", "yarnLock": "yarn.lock", "managerData": { "yarnZeroInstall": false }, "skipInstalls": true, "constraints": { "node": ">=12" }, "lockFiles": [ "yarn.lock" ] } ] } } DEBUG: processRepo() DEBUG: Processing 0 branches: DEBUG: Calculating prConcurrentLimit (20) DEBUG: 0 PRs are currently open DEBUG: PR concurrent limit remaining: 20 DEBUG: Calculated maximum PRs remaining this run { "prsRemaining": 20 } DEBUG: PullRequests limit = 20 DEBUG: Calculating branchConcurrentLimit (20) DEBUG: 0 already existing branches found: DEBUG: Branch concurrent limit remaining: 20 DEBUG: Calculated maximum branches remaining this run { "branchesRemaining": 20 } DEBUG: Branches limit = 20 DEBUG: Ensuring Dependency Dashboard DEBUG: ensureIssue(Dependency Dashboard) DEBUG: Issue is open and up to date - nothing to do DEBUG: Removing any stale branches DEBUG: config.repoIsOnboarded=true DEBUG: No renovate branches found DEBUG: Repository timing splits (milliseconds) { "splits": { "init": 3751, "extract": 501, "lookup": 4390, "update": 1 }, "total": 8881 } DEBUG: http statistics { "urls": { "https://api.github.com/graphql (POST)": 3, "https://api.github.com/repos/The-Code-Monkey/Components/contents/renovate.json (GET)": 1, "https://api.github.com/repos/The-Code-Monkey/Components/issues/905 (GET)": 2, "https://api.github.com/repos/whitesource/merge-confidence/contents/beta.json (GET)": 1, "https://registry.npmjs.org/@aw-web-design%2Fstyled-system (GET)": 1, "https://registry.npmjs.org/@aw-web-design%2Ftheme (GET)": 1, "https://registry.npmjs.org/@babel%2Fcore (GET)": 1, "https://registry.npmjs.org/@size-limit%2Fpreset-small-lib (GET)": 1, "https://registry.npmjs.org/@tsconfig%2Fcreate-react-app (GET)": 1, "https://registry.npmjs.org/@tsconfig%2Frecommended (GET)": 1, "https://registry.npmjs.org/@wojtekmaj%2Fenzyme-adapter-react-17 (GET)": 1, "https://registry.npmjs.org/react-lazy-named (GET)": 1 }, "hostStats": { "api.github.com": { "requestCount": 7, "requestAvgMs": 384, "queueAvgMs": 0 }, "registry.npmjs.org": { "requestCount": 8, "requestAvgMs": 515, "queueAvgMs": 0 } }, "totalRequests": 15 } INFO: Repository finished { "durationMs": 8881 } ```Have you created a minimal reproduction repository?
No reproduction, but I have linked to a public repo where it occurs