Renovate is stuck in a loop making changes to our NPM lockfile

[stekern]

How are you running Renovate?

WhiteSource Renovate hosted app on github.com

If you're self-hosting Renovate, tell us what version of Renovate you run.

No response

Please select which platform you are using if self-hosting.

No response

If you're self-hosting Renovate, tell us what version of the platform you run.

No response

Was this something which used to work for you, and then stopped?

It used to work, and then stopped

Describe the bug

Renovate is continuously making changes to our NPM lockfile by 1) moving a specific dependency up and then later 2) moving it down the dependency tree again, and then moving it up again and continuing in a loop.

We have now accumulated over 10 of these commits, and I expect there are more to come.

See repository https://github.com/capralifecycle/webapp-deploy-lambda for an example.

Relevant debug logs

No response

Have you created a minimal reproduction repository?

No reproduction, but I have linked to a public repo where it occurs

[github-actions[bot]]

Hi there,

We have found that there's a problem with the logs. Depending on which situation applies follow one, some or all of these instructions.

No logs at all

If there's no log posted yet, we need you to find and copy/paste the log into the issue template.

Finding logs on hosted app

Click me to read instructions

If you use the Renovate app (GitHub): 1. Go to the affected PR, and search for "View repository job log here" 1. Click on the link to go to the "WhiteSource Renovate Dashboard" and log in 1. You are now in the correct repository log overview screen 1. Copy/paste the correct log 1. Follow the steps in the **formatting your logs** section

Finding logs when self-hosting

Click me to read instructions

If you're running self-hosted, run with `LOG_LEVEL=debug` in your environment variables and search for whatever dependency/branch/PR that is causing the problem.

Insufficient logs

Click me to read instructions

If you already provided logs, and the Renovate team said they are not enough, follow the instructions from the **No logs at all** section.

Formatting your logs

Click me to read instructions

Please put your logs in a `

` and `

` element like this:

Click me to see logs

``` Copy/paste any log here, between the starting and ending backticks ```

[rarkins]

This bug report is missing some necessary information. To start with, you didn't mention it, but is the problem related to lock file maintenance?

[stekern]

@rarkins Sorry, forgot to mention that. Lock file maintenance is not enabled in the affected repository. It's related to the automatic update of a dependency ansi-regex. All of the commits have the following message: chore(deps): update dependency ansi-regex to 5.0.1 [security]

[rarkins]

In that case, please locate the logs for one branch on the last two times it was updated. You're looking for the runs where you see a docker run command in the logs (this is how lock files are updated).

[stekern]

I've briefly checked the logs, but nothing really pops out. The are no errors or warnings. From what I can tell, this is the most relevant part.

Log snippet

``` DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: ansi-regex@3.0.0 -> 5.0.1 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of strip-ansi starting with 4.0.0 which supports >= ansi-regex@5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: ansi-regex needs strip-ansi@6.0.0 which uses constraint "^5.0.0" in order to update to 5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of ansi-regex to 5.0.1 can be achieved due to parent strip-ansi(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: strip-ansi@4.0.0 -> 6.0.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of string-width starting with 2.1.1 which supports >= strip-ansi@6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: strip-ansi needs string-width@4.2.0 which uses constraint "^6.0.0" in order to update to 6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of strip-ansi to 6.0.0 can be achieved due to parent string-width(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: string-width@2.1.1 -> 4.2.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of wide-align starting with 1.1.5 which supports >= string-width@4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: string-width needs wide-align@1.1.5 which uses constraint "^1.0.2 || 2 || 3 || 4" in order to update to 4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of string-width to 4.2.0 already achieved in parent wide-align@1.1.5(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Getting updated lock files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing package.json files(branch="renovate/npm-ansi-regex-vulnerability") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing any updated package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing lock file: package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") ```

If you take a look at commit https://github.com/capralifecycle/webapp-deploy-lambda/commit/26f51446024257fe575c188d7c10ed438ef65931 and https://github.com/capralifecycle/webapp-deploy-lambda/commit/78223adbf61ac51a46f0ba326d2a93d20d78d91e, you can see the change Renovate keeps cycling between.

[rarkins]

That log is missing a little bit (it's truncated, does not include any npm command) and we need it for both commits.

Seems like another key piece of info about this is that it's a vulnerability remediation PR?

[stekern]

Yep, this is an automerged vulnerability remediation PR. (On that note, may it make things a bit easier for the maintainers by adding an optional field to the bug template for describing the type of update? Lock file maintenance, direct dependency update, vulnerability remediation, ...?)

Is there a way to temporarily disable updates for this specific vulnerability to avoid getting these changes? The commit history on our main branch is becoming a bit of a mess with all of these updates. I assume we can just manually remove the Dependabot alert from the GitHub repository, but we are waiting for an upstream library to make the required changes on their side, so we don't really want to close it before it's fixed. Alternatively we could temporarily turn off automerge.

Since the logs are quite long, I initially only wanted to share the relevant snippets to make troubleshooting easier and to avoid potentially leaking anything that can be considered sensitive. It's not immediately apparent to me what is and isn't relevant in this case, so I've sifted through the full logs and I'm sharing them below (with some minor redactions).

Logs for https://github.com/capralifecycle/webapp-deploy-lambda/commit/3e4601d5f0eca5edd080c17485c6d24d2cf42b5f

``` DEBUG: No dangling containers to remove INFO: Repository started { "renovateVersion": "31.66.0" } DEBUG: Using localDir: /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda DEBUG: Repository cache is valid DEBUG: initRepo("capralifecycle/webapp-deploy-lambda") DEBUG: Overriding default GitHub endpoint { "endpoint": "https://api.github.com/" } DEBUG: capralifecycle/webapp-deploy-lambda default branch = master DEBUG: Using app token for git init DEBUG: resetMemCache() DEBUG: Resetting npmrc DEBUG: detectSemanticCommits() DEBUG: checkOnboarding() DEBUG: isOnboarded() DEBUG: Checking cached config file name DEBUG: Existing config file confirmed DEBUG: Repo is onboarded DEBUG: migrateAndValidate() DEBUG: No config migration necessary DEBUG: massaged config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "github>capraconsulting/renovate-config:library" ], "automerge": true, "automergeType": "branch" } } DEBUG: migrated config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "github>capraconsulting/renovate-config:library" ], "automerge": true, "automergeType": "branch" } } DEBUG: Found repo ignorePaths { "ignorePaths": [ "**/node_modules/**", "**/bower_components/**", "**/vendor/**", "**/examples/**", "**/__tests__/**", "**/test/**", "**/tests/**", "**/__fixtures__/**" ] } DEBUG: GitHub vulnerability details { "alerts": { "npm/ansi-regex": { "> 2.1.1, < 5.0.1": "5.0.1" } } } DEBUG: alert package rules { "alertPackageRules": [ { "matchDatasources": [ "npm" ], "matchPackageNames": [ "ansi-regex" ], "matchCurrentVersion": "= 3.0.0", "matchFiles": [ "package-lock.json" ], "enabled": false } ] } DEBUG: findIssue(Dependency Dashboard) DEBUG: Retrieving issueList DEBUG: Retrieved 2 issues DEBUG: Found issue 5 DEBUG: No baseBranches DEBUG: extract() DEBUG: Found cached extract { "baseBranch": "master", "baseBranchSha": "9462a4c61ee629062992613b95e33ef775eb1cec" } DEBUG: Deleted cached dep updates INFO: Dependency extraction complete { "baseBranch": "master", "stats": { "managers": { "npm": { "fileCount": 1, "depCount": 23 }, "pip_requirements": { "fileCount": 1, "depCount": 3 } }, "total": { "fileCount": 2, "depCount": 26 } } } DEBUG: Package releases lookups complete { "baseBranch": "master" } DEBUG: branchifyUpgrades DEBUG: Using group branchName template DEBUG: Dependency @aws-cdk/assert is part of group aws-cdk monorepo DEBUG: Using group branchName template DEBUG: Dependency @commitlint/cli is part of group commitlint monorepo DEBUG: Using group branchName template DEBUG: Dependency @commitlint/config-conventional is part of group commitlint monorepo DEBUG: Using group branchName template DEBUG: Dependency @typescript-eslint/eslint-plugin is part of group typescript-eslint monorepo DEBUG: Using group branchName template DEBUG: Dependency @typescript-eslint/parser is part of group typescript-eslint monorepo DEBUG: Using group branchName template DEBUG: Dependency aws-cdk-lib is part of group aws-cdk monorepo DEBUG: 12 flattened updates found: @aws-cdk/assert, @commitlint/cli, @commitlint/config-conventional, @types/node, @typescript-eslint/eslint-plugin, @typescript-eslint/parser, aws-cdk-lib, constructs, eslint, ansi-regex, black, boto3 DEBUG: Returning 9 branch(es) DEBUG: Fetching changelog: https://github.com/aws/aws-cdk (2.8.0 -> 2.10.0) DEBUG: Fetching changelog: https://github.com/aws/aws-cdk (2.8.0 -> 2.10.0) DEBUG: Fetching changelog: https://github.com/conventional-changelog/commitlint (15.0.0 -> 16.0.0) DEBUG: Fetching changelog: https://github.com/conventional-changelog/commitlint (15.0.0 -> 16.1.0) DEBUG: Fetching changelog: https://github.com/DefinitelyTyped/DefinitelyTyped (16.11.19 -> 16.11.22) DEBUG: Fetching changelog: https://github.com/typescript-eslint/typescript-eslint (5.9.1 -> 5.10.2) DEBUG: Fetching changelog: https://github.com/typescript-eslint/typescript-eslint (5.9.1 -> 5.10.2) DEBUG: Fetching changelog: https://github.com/aws/constructs (10.0.33 -> 10.0.52) DEBUG: Fetching changelog: https://github.com/eslint/eslint (8.6.0 -> 8.8.0) DEBUG: Fetching changelog: https://github.com/psf/black (19.3b0 -> 22.1.0) DEBUG: Fetching changelog: https://github.com/boto/boto3 (1.17.84 -> 1.20.48) DEBUG: config.repoIsOnboarded=true DEBUG: packageFiles with updates { "config": { "npm": [ { "packageFile": "package.json", "deps": [ { "depType": "devDependencies", "depName": "@aws-cdk/assert", "currentValue": "2.8.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.8.0", "depIndex": 0, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/aws-cdk", "sourceDirectory": "packages/@aws-cdk/assert", "currentVersion": "2.8.0", "isSingleVersion": true, "fixedVersion": "2.8.0", "updates": [ { "bucket": "non-major", "newVersion": "2.10.0", "newValue": "2.10.0", "releaseTimestamp": "2022-01-29T06:30:19.801Z", "newMajor": 2, "newMinor": 10, "updateType": "minor", "branchName": "renovate/aws-cdk-monorepo" } ] }, { "depType": "devDependencies", "depName": "@commitlint/cli", "currentValue": "15.0.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "15.0.0", "depIndex": 1, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/conventional-changelog/commitlint", "sourceDirectory": "@commitlint/cli", "homepage": "https://commitlint.js.org/", "currentVersion": "15.0.0", "isSingleVersion": true, "fixedVersion": "15.0.0", "updates": [ { "bucket": "major", "newVersion": "16.1.0", "newValue": "16.1.0", "releaseTimestamp": "2022-01-20T07:21:47.213Z", "newMajor": 16, "newMinor": 1, "updateType": "major", "branchName": "renovate/major-commitlint-monorepo" } ] }, { "depType": "devDependencies", "depName": "@commitlint/config-conventional", "currentValue": "15.0.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "15.0.0", "depIndex": 2, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/conventional-changelog/commitlint", "sourceDirectory": "@commitlint/config-conventional", "homepage": "https://commitlint.js.org/", "currentVersion": "15.0.0", "isSingleVersion": true, "fixedVersion": "15.0.0", "updates": [ { "bucket": "major", "newVersion": "16.0.0", "newValue": "16.0.0", "releaseTimestamp": "2021-12-26T06:55:44.520Z", "newMajor": 16, "newMinor": 0, "updateType": "major", "branchName": "renovate/major-commitlint-monorepo" } ] }, { "depType": "devDependencies", "depName": "@types/jest", "currentValue": "27.4.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "27.4.0", "depIndex": 3, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/DefinitelyTyped/DefinitelyTyped", "sourceDirectory": "types/jest", "currentVersion": "27.4.0", "fixedVersion": "27.4.0", "updates": [] }, { "depType": "devDependencies", "depName": "@types/node", "currentValue": "16.11.19", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "16.11.19", "depIndex": 4, "warnings": [], "versioning": "node", "sourceUrl": "https://github.com/DefinitelyTyped/DefinitelyTyped", "sourceDirectory": "types/node", "currentVersion": "16.11.19", "isSingleVersion": true, "fixedVersion": "16.11.19", "updates": [ { "bucket": "non-major", "newVersion": "16.11.22", "newValue": "16.11.22", "releaseTimestamp": "2022-02-01T08:33:00.727Z", "newMajor": 16, "newMinor": 11, "updateType": "patch", "branchName": "renovate/node-16.x" } ] }, { "depType": "devDependencies", "depName": "@typescript-eslint/eslint-plugin", "currentValue": "5.9.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "5.9.1", "depIndex": 5, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/typescript-eslint/typescript-eslint", "sourceDirectory": "packages/eslint-plugin", "currentVersion": "5.9.1", "isSingleVersion": true, "fixedVersion": "5.9.1", "updates": [ { "bucket": "non-major", "newVersion": "5.10.2", "newValue": "5.10.2", "releaseTimestamp": "2022-01-31T18:02:48.080Z", "newMajor": 5, "newMinor": 10, "updateType": "minor", "branchName": "renovate/typescript-eslint-monorepo" } ] }, { "depType": "devDependencies", "depName": "@typescript-eslint/parser", "currentValue": "5.9.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "5.9.1", "depIndex": 6, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/typescript-eslint/typescript-eslint", "sourceDirectory": "packages/parser", "currentVersion": "5.9.1", "isSingleVersion": true, "fixedVersion": "5.9.1", "updates": [ { "bucket": "non-major", "newVersion": "5.10.2", "newValue": "5.10.2", "releaseTimestamp": "2022-01-31T18:02:34.397Z", "newMajor": 5, "newMinor": 10, "updateType": "minor", "branchName": "renovate/typescript-eslint-monorepo" } ] }, { "depType": "devDependencies", "depName": "aws-cdk-lib", "currentValue": "2.8.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.8.0", "depIndex": 7, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/aws-cdk", "sourceDirectory": "packages/aws-cdk-lib", "currentVersion": "2.8.0", "isSingleVersion": true, "fixedVersion": "2.8.0", "updates": [ { "bucket": "non-major", "newVersion": "2.10.0", "newValue": "2.10.0", "releaseTimestamp": "2022-01-29T06:32:54.784Z", "newMajor": 2, "newMinor": 10, "updateType": "minor", "branchName": "renovate/aws-cdk-monorepo" } ] }, { "depType": "devDependencies", "depName": "constructs", "currentValue": "10.0.33", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "10.0.33", "depIndex": 8, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/constructs", "currentVersion": "10.0.33", "isSingleVersion": true, "fixedVersion": "10.0.33", "updates": [ { "bucket": "non-major", "newVersion": "10.0.52", "newValue": "10.0.52", "releaseTimestamp": "2022-02-02T00:12:44.988Z", "newMajor": 10, "newMinor": 0, "updateType": "patch", "branchName": "renovate/constructs-10.x" } ] }, { "depType": "devDependencies", "depName": "eslint", "currentValue": "8.6.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "8.6.0", "depIndex": 9, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/eslint/eslint", "homepage": "https://eslint.org", "currentVersion": "8.6.0", "isSingleVersion": true, "fixedVersion": "8.6.0", "updates": [ { "bucket": "non-major", "newVersion": "8.8.0", "newValue": "8.8.0", "releaseTimestamp": "2022-01-28T21:13:48.881Z", "newMajor": 8, "newMinor": 8, "updateType": "minor", "branchName": "renovate/eslint-8.x" } ] }, { "depType": "devDependencies", "depName": "eslint-config-prettier", "currentValue": "8.3.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "8.3.0", "depIndex": 10, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/prettier/eslint-config-prettier", "currentVersion": "8.3.0", "fixedVersion": "8.3.0", "updates": [] }, { "depType": "devDependencies", "depName": "eslint-plugin-deprecation", "currentValue": "1.3.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "1.3.2", "depIndex": 11, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/gund/eslint-plugin-deprecation", "currentVersion": "1.3.2", "fixedVersion": "1.3.2", "updates": [] }, { "depType": "devDependencies", "depName": "eslint-plugin-prettier", "currentValue": "4.0.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "4.0.0", "depIndex": 12, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/prettier/eslint-plugin-prettier", "currentVersion": "4.0.0", "fixedVersion": "4.0.0", "updates": [] }, { "depType": "devDependencies", "depName": "husky", "currentValue": "7.0.4", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "7.0.4", "depIndex": 13, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/typicode/husky", "homepage": "https://typicode.github.io/husky", "currentVersion": "7.0.4", "fixedVersion": "7.0.4", "updates": [] }, { "depType": "devDependencies", "depName": "jest", "currentValue": "27.4.7", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "27.4.7", "depIndex": 14, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/facebook/jest", "homepage": "https://jestjs.io/", "currentVersion": "27.4.7", "fixedVersion": "27.4.7", "updates": [] }, { "depType": "devDependencies", "depName": "jest-cdk-snapshot", "currentValue": "2.0.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.0.1", "depIndex": 15, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/hupe1980/jest-cdk-snapshot", "currentVersion": "2.0.1", "fixedVersion": "2.0.1", "updates": [] }, { "depType": "devDependencies", "depName": "prettier", "currentValue": "2.5.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.5.1", "depIndex": 16, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/prettier/prettier", "homepage": "https://prettier.io", "currentVersion": "2.5.1", "fixedVersion": "2.5.1", "updates": [] }, { "depType": "devDependencies", "depName": "semantic-release", "currentValue": "19.0.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "19.0.2", "depIndex": 17, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/semantic-release/semantic-release", "currentVersion": "19.0.2", "fixedVersion": "19.0.2", "updates": [] }, { "depType": "devDependencies", "depName": "ts-jest", "currentValue": "27.1.3", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "27.1.3", "depIndex": 18, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/kulshekhar/ts-jest", "homepage": "https://kulshekhar.github.io/ts-jest", "currentVersion": "27.1.3", "fixedVersion": "27.1.3", "updates": [] }, { "depType": "devDependencies", "depName": "ts-node", "currentValue": "10.4.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "10.4.0", "depIndex": 19, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/TypeStrong/ts-node", "homepage": "https://typestrong.org/ts-node", "currentVersion": "10.4.0", "fixedVersion": "10.4.0", "updates": [] }, { "depType": "devDependencies", "depName": "typescript", "currentValue": "4.5.5", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "4.5.5", "depIndex": 20, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/Microsoft/TypeScript", "homepage": "https://www.typescriptlang.org/", "currentVersion": "4.5.5", "fixedVersion": "4.5.5", "updates": [] }, { "depType": "peerDependencies", "depName": "aws-cdk-lib", "currentValue": "^2.0.0", "datasource": "npm", "prettyDepType": "peerDependency", "lockedVersion": "2.8.0", "depIndex": 21, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/aws-cdk", "sourceDirectory": "packages/aws-cdk-lib", "currentVersion": "2.8.0", "fixedVersion": "2.8.0", "updates": [] }, { "depType": "peerDependencies", "depName": "constructs", "currentValue": "^10.0.0", "datasource": "npm", "prettyDepType": "peerDependency", "lockedVersion": "10.0.33", "depIndex": 22, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/constructs", "currentVersion": "10.0.33", "fixedVersion": "10.0.33", "updates": [] } ], "packageJsonName": "@capraconsulting/webapp-deploy-lambda", "packageFileVersion": "0.0.0-development", "packageJsonType": "library", "npmLock": "package-lock.json", "managerData": { "yarnZeroInstall": false }, "skipInstalls": true, "constraints": { "npm": "<7" }, "lockFiles": [ "package-lock.json" ] } ], "pip_requirements": [ { "packageFile": "requirements.txt", "deps": [ { "depName": "black", "currentValue": "==19.3b0", "datasource": "pypi", "currentVersion": "19.3b0", "depIndex": 0, "warnings": [], "versioning": "pep440", "sourceUrl": "https://github.com/psf/black", "changelogUrl": "https://github.com/psf/black/blob/main/CHANGES.md", "isSingleVersion": true, "fixedVersion": "19.3b0", "updates": [ { "bucket": "major", "newVersion": "22.1.0", "newValue": "==22.1.0", "releaseTimestamp": "2022-01-29T20:39:31.000Z", "newMajor": 22, "newMinor": 1, "updateType": "major", "isRange": true, "branchName": "renovate/black-22.x" } ] }, { "depName": "boto3", "currentValue": "==1.17.84", "datasource": "pypi", "currentVersion": "1.17.84", "depIndex": 1, "warnings": [], "versioning": "pep440", "sourceUrl": "https://github.com/boto/boto3", "isSingleVersion": true, "fixedVersion": "1.17.84", "updates": [ { "bucket": "non-major", "newVersion": "1.20.48", "newValue": "==1.20.48", "releaseTimestamp": "2022-02-03T20:12:00.000Z", "newMajor": 1, "newMinor": 20, "updateType": "minor", "isRange": true, "branchName": "renovate/boto3-1.x" } ] }, { "depName": "flake8", "currentValue": "==4.0.1", "datasource": "pypi", "currentVersion": "4.0.1", "depIndex": 2, "warnings": [], "versioning": "pep440", "sourceUrl": "https://github.com/pycqa/flake8", "changelogUrl": "http://flake8.pycqa.org/en/latest/release-notes/index.html", "fixedVersion": "4.0.1", "updates": [] } ] } ] } } DEBUG: processRepo() DEBUG: Processing 9 branches: renovate/aws-cdk-monorepo, renovate/black-22.x, renovate/boto3-1.x, renovate/constructs-10.x, renovate/eslint-8.x, renovate/major-commitlint-monorepo, renovate/node-16.x, renovate/npm-ansi-regex-vulnerability, renovate/typescript-eslint-monorepo DEBUG: Calculating hourly PRs remaining DEBUG: Retrieving PR list DEBUG: Retrieved 47 Pull Requests DEBUG: currentHourStart=2022-02-04T01:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating prConcurrentLimit (10) DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed) DEBUG: getBranchPr(renovate/node-16.x) DEBUG: findPr(renovate/node-16.x, undefined, open) DEBUG: findPr(renovate/node-16.x, undefined, closed) DEBUG: getBranchPr(renovate/constructs-10.x) DEBUG: findPr(renovate/constructs-10.x, undefined, open) DEBUG: findPr(renovate/constructs-10.x, undefined, closed) DEBUG: getBranchPr(renovate/aws-cdk-monorepo) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, open) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, closed) DEBUG: Found PR #50 DEBUG: getBranchPr(renovate/boto3-1.x) DEBUG: findPr(renovate/boto3-1.x, undefined, open) DEBUG: findPr(renovate/boto3-1.x, undefined, closed) DEBUG: getBranchPr(renovate/eslint-8.x) DEBUG: findPr(renovate/eslint-8.x, undefined, open) DEBUG: findPr(renovate/eslint-8.x, undefined, closed) DEBUG: getBranchPr(renovate/typescript-eslint-monorepo) DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, open) DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, closed) DEBUG: getBranchPr(renovate/major-commitlint-monorepo) DEBUG: findPr(renovate/major-commitlint-monorepo, undefined, open) DEBUG: Found PR #52 DEBUG: Returning from graphql open PR list DEBUG: getBranchPr(renovate/black-22.x) DEBUG: findPr(renovate/black-22.x, undefined, open) DEBUG: Found PR #53 DEBUG: Returning from graphql open PR list DEBUG: 2 PRs are currently open DEBUG: PR concurrent limit remaining: 8 DEBUG: Calculated maximum PRs remaining this run { "prsRemaining": 2 } DEBUG: PullRequests limit = 2 DEBUG: Calculating hourly PRs remaining DEBUG: currentHourStart=2022-02-04T01:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating branchConcurrentLimit (10) DEBUG: 5 already existing branches found: renovate/npm-ansi-regex-vulnerability,renovate/boto3-1.x,renovate/eslint-8.x,renovate/major-commitlint-monorepo,renovate/black-22.x DEBUG: Branch concurrent limit remaining: 5 DEBUG: Calculated maximum branches remaining this run { "branchesRemaining": 2 } DEBUG: Branches limit = 2 DEBUG: Setting current branch to master(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Initializing git repository into /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Performing blobless clone(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: git clone completed(branch="renovate/npm-ansi-regex-vulnerability") { "durationMs": 1156 } DEBUG: latest repository commit(branch="renovate/npm-ansi-regex-vulnerability") { "latestCommit": { "hash": "9462a4c61ee629062992613b95e33ef775eb1cec", "date": "2022-02-03T20:04:40+00:00", "message": "chore(deps): update dependency ansi-regex to 5.0.1 [security]", "refs": "HEAD -> master, origin/master, origin/HEAD", "body": "", "author_name": "Renovate Bot", "author_email": "bot@renovateapp.com" } } DEBUG: latest commit(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "master", "latestCommitDate": "2022-02-03T20:04:40+00:00" } DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: branchExists=true(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: recreateClosed is false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, chore(deps): update dependency ansi-regex to 5.0.1 [security], !open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: prAlreadyExisted=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Checking if PR has been edited(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch has not been modified(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "renovate/npm-ansi-regex-vulnerability" } DEBUG: Checking schedule(, Europe/Oslo)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No schedule defined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch already exists(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: isBranchStale=false(branch="renovate/npm-ansi-regex-vulnerability") { "isStale": false, "currentBranch": "master", "currentBranchSha": "9462a4c61ee629062992613b95e33ef775eb1cec" } DEBUG: Branch is up-to-date(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: isBranchConflicted(master, renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Setting git author name(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorName": "Renovate Bot" } DEBUG: Setting git author email(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorEmail": "bot@renovateapp.com" } DEBUG: Branch does not need rebasing(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using reuseExistingBranch: true(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=true(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: ansi-regex@3.0.0 -> 5.0.1 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of strip-ansi starting with 4.0.0 which supports >= ansi-regex@5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: ansi-regex needs strip-ansi@6.0.0 which uses constraint "^5.0.0" in order to update to 5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of ansi-regex to 5.0.1 can be achieved due to parent strip-ansi(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: strip-ansi@4.0.0 -> 6.0.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of string-width starting with 2.1.1 which supports >= strip-ansi@6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: strip-ansi needs string-width@4.2.0 which uses constraint "^6.0.0" in order to update to 6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of strip-ansi to 6.0.0 can be achieved due to parent string-width(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: string-width@2.1.1 -> 4.2.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of wide-align starting with 1.1.5 which supports >= string-width@4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: string-width needs wide-align@1.1.5 which uses constraint "^1.0.2 || 2 || 3 || 4" in order to update to 4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of string-width to 4.2.0 already achieved in parent wide-align@1.1.5(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Need to retry branch as it is not already up-to-date(branch="renovate/npm-ansi-regex-vulnerability") { "lockFile": "package-lock.json", "depName": "ansi-regex", "status": "updated" } DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: ansi-regex@3.0.0 -> 5.0.1 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of strip-ansi starting with 4.0.0 which supports >= ansi-regex@5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: ansi-regex needs strip-ansi@6.0.0 which uses constraint "^5.0.0" in order to update to 5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of ansi-regex to 5.0.1 can be achieved due to parent strip-ansi(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: strip-ansi@4.0.0 -> 6.0.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of string-width starting with 2.1.1 which supports >= strip-ansi@6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: strip-ansi needs string-width@4.2.0 which uses constraint "^6.0.0" in order to update to 6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of strip-ansi to 6.0.0 can be achieved due to parent string-width(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: string-width@2.1.1 -> 4.2.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of wide-align starting with 1.1.5 which supports >= string-width@4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: string-width needs wide-align@1.1.5 which uses constraint "^1.0.2 || 2 || 3 || 4" in order to update to 4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of string-width to 4.2.0 already achieved in parent wide-align@1.1.5(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Getting updated lock files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing package.json files(branch="renovate/npm-ansi-regex-vulnerability") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing any updated package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing lock file: package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No npmrc file found in repository(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing updated .npmrc file to /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/.npmrc(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Generating package-lock.json for .(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Spawning npm install to create /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updating lock file only(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No node constraint found - using latest(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using docker to execute(branch="renovate/npm-ansi-regex-vulnerability") { "image": "node" } DEBUG: Resolved version(branch="renovate/npm-ansi-regex-vulnerability") { "toolName": "npm", "constraint": "<7", "resolvedVersion": "6.14.16" } DEBUG: No tag or tagConstraint specified(branch="renovate/npm-ansi-regex-vulnerability") { "image": "docker.io/renovate/node" } DEBUG: Docker image is already prefetched: docker.io/renovate/node(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Executing command(branch="renovate/npm-ansi-regex-vulnerability") { "command": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"" } DEBUG: exec completed(branch="renovate/npm-ansi-regex-vulnerability") { "cmd": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"", "durationMs": 103505, "stdout": "Installing legacy tool npm v6.14.16\n/home/ubuntu/npm/6.14.16/bin/npm -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npm-cli.js\n/home/ubuntu/npm/6.14.16/bin/npx -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npx-cli.js\n+ npm@6.14.16\nadded 437 packages from 891 contributors in 52.507s\n+ node-gyp@8.4.1\nadded 61 packages from 20 contributors, updated 2 packages and audited 563 packages in 15.867s\n\n5 packages are looking for funding\n run `npm fund` for details\n\nfound 9 moderate severity vulnerabilities\n run `npm audit fix` to fix them, or `npm audit` for details\n6.14.16\nadded 935 packages in 11.443s\nadded 935 packages in 9.67s\n", "stderr": "npm notice created a lockfile as package-lock.json. You should commit this file.\nnpm WARN using --force I sure hope you know what you are doing.\n" } DEBUG: package-lock.json needs updating(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 lock files(branch="renovate/npm-ansi-regex-vulnerability") { "updatedArtifacts": [ "package-lock.json" ] } DEBUG: 1 file(s) to commit(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Preparing files for commiting to branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: git commit(branch="renovate/npm-ansi-regex-vulnerability") { "deletedFiles": [], "ignoredFiles": [], "result": { "author": null, "branch": "renovate/npm-ansi-regex-vulnerability", "commit": "2e60daa", "root": false, "summary": { "changes": 1, "insertions": 6, "deletions": 8 } } } DEBUG: No file changes detected. Skipping commit(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "renovate/npm-ansi-regex-vulnerability", "deletedFiles": [], "addedModifiedFiles": [ "package-lock.json", "package-lock.json" ], "ignoredFiles": [] } DEBUG: Checking if we can automerge branch(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: resolveBranchStatus(branchName=renovate/npm-ansi-regex-vulnerability, ignoreTests=false)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchStatus(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No check runs found(branch="renovate/npm-ansi-regex-vulnerability") { "result": { "total_count": 0, "check_runs": [] } } DEBUG: Branch status green(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Automerging branch(branch="renovate/npm-ansi-regex-vulnerability") INFO: Branch automerged(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: mergeStatus=automerged(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Deleted remote branch(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "renovate/npm-ansi-regex-vulnerability" } DEBUG: Deleted local branch(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "renovate/npm-ansi-regex-vulnerability" } DEBUG: Branch is automerged - returning(branch="renovate/npm-ansi-regex-vulnerability") ... DEBUG: getBranchPr(renovate/boto3-1.x) DEBUG: findPr(renovate/boto3-1.x, undefined, open) DEBUG: findPr(renovate/boto3-1.x, undefined, closed) DEBUG: Branch has not been modified { "branchName": "renovate/boto3-1.x" } DEBUG: getBranchPr(renovate/eslint-8.x) DEBUG: findPr(renovate/eslint-8.x, undefined, open) DEBUG: findPr(renovate/eslint-8.x, undefined, closed) DEBUG: Branch has not been modified { "branchName": "renovate/eslint-8.x" } DEBUG: Branch has not been modified { "branchName": "renovate/major-commitlint-monorepo" } DEBUG: Branch has not been modified { "branchName": "renovate/black-22.x" } INFO: Renovating repository again after automerge result DEBUG: No dangling containers to remove INFO: Repository started { "renovateVersion": "31.66.0" } DEBUG: Using localDir: /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda DEBUG: Repository cache is valid DEBUG: initRepo("capralifecycle/webapp-deploy-lambda") DEBUG: Overriding default GitHub endpoint { "endpoint": "https://api.github.com/" } DEBUG: capralifecycle/webapp-deploy-lambda default branch = master DEBUG: Using app token for git init DEBUG: resetMemCache() DEBUG: Resetting npmrc DEBUG: detectSemanticCommits() DEBUG: checkOnboarding() DEBUG: isOnboarded() DEBUG: Checking cached config file name DEBUG: Existing config file confirmed DEBUG: Repo is onboarded DEBUG: migrateAndValidate() DEBUG: No config migration necessary DEBUG: massaged config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "github>capraconsulting/renovate-config:library" ], "automerge": true, "automergeType": "branch" } } DEBUG: migrated config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "github>capraconsulting/renovate-config:library" ], "automerge": true, "automergeType": "branch" } } DEBUG: Found repo ignorePaths { "ignorePaths": [ "**/node_modules/**", "**/bower_components/**", "**/vendor/**", "**/examples/**", "**/__tests__/**", "**/test/**", "**/tests/**", "**/__fixtures__/**" ] } DEBUG: GitHub vulnerability details { "alerts": { "npm/ansi-regex": { "> 2.1.1, < 5.0.1": "5.0.1" } } } DEBUG: alert package rules { "alertPackageRules": [ { "matchDatasources": [ "npm" ], "matchPackageNames": [ "ansi-regex" ], "matchCurrentVersion": "= 3.0.0", "matchFiles": [ "package-lock.json" ], "enabled": false } ] } DEBUG: findIssue(Dependency Dashboard) DEBUG: Retrieving issueList DEBUG: Retrieved 2 issues DEBUG: Found issue 5 DEBUG: No baseBranches DEBUG: extract() DEBUG: Setting current branch to master DEBUG: Initializing git repository into /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda DEBUG: resetToBranch(master) DEBUG: resetToBranch(master) DEBUG: { "existingBranches": [] } INFO: git fetch completed { "durationMs": 1658 } DEBUG: latest repository commit { "latestCommit": { "hash": "b357349f3a1df86c833a09d46b673d490dfaf017", "date": "2022-02-03T22:30:38+00:00", "message": "chore(deps): update dependency ansi-regex to 5.0.1 [security]", "refs": "HEAD -> master, origin/master, origin/HEAD", "body": "", "author_name": "Renovate Bot", "author_email": "bot@renovateapp.com" } } DEBUG: latest commit { "branchName": "master", "latestCommitDate": "2022-02-03T22:30:38+00:00" } DEBUG: Using file match: (^|/)tasks/[^/]+\.ya?ml$ for manager ansible DEBUG: Using file match: (^|/)requirements\.ya?ml$ for manager ansible-galaxy DEBUG: Using file match: (^|/)galaxy\.ya?ml$ for manager ansible-galaxy DEBUG: Using file match: azure.*pipelines?.*\.ya?ml$ for manager azure-pipelines DEBUG: Using file match: (^|/)batect(-bundle)?\.yml$ for manager batect DEBUG: Using file match: (^|/)batect$ for manager batect-wrapper DEBUG: Using file match: (^|/)WORKSPACE(|\.bazel)$ for manager bazel DEBUG: Using file match: \.bzl$ for manager bazel DEBUG: Using file match: (^|/)\.?bitbucket-pipelines\.ya?ml$ for manager bitbucket-pipelines DEBUG: Using file match: buildkite\.ya?ml for manager buildkite DEBUG: Using file match: \.buildkite/.+\.ya?ml$ for manager buildkite DEBUG: Using file match: (^|/)Gemfile$ for manager bundler DEBUG: Using file match: \.cake$ for manager cake DEBUG: Using file match: (^|/)Cargo.toml$ for manager cargo DEBUG: Using file match: (^|/).circleci/config.yml$ for manager circleci DEBUG: Using file match: (^|/)cloudbuild.ya?ml for manager cloudbuild DEBUG: Using file match: (^|/)Podfile$ for manager cocoapods DEBUG: Using file match: (^|/)([\w-]*)composer.json$ for manager composer DEBUG: Using file match: (^|/)deps\.edn$ for manager deps-edn DEBUG: Using file match: (^|/)docker-compose[^/]*\.ya?ml$ for manager docker-compose DEBUG: Using file match: (^|/|\.)Dockerfile$ for manager dockerfile DEBUG: Using file match: (^|/)Dockerfile\.[^/]*$ for manager dockerfile DEBUG: Using file match: (^|/).drone.yml$ for manager droneci DEBUG: Using file match: (^|/)flux-system/gotk-components\.yaml$ for manager flux DEBUG: Using file match: (^|/).gitmodules$ for manager git-submodules DEBUG: Using file match: (^workflow-templates|\.github\/workflows)\/[^/]+\.ya?ml$ for manager github-actions DEBUG: Using file match: (^|\/)action\.ya?ml$ for manager github-actions DEBUG: Using file match: \.gitlab-ci\.yml$ for manager gitlabci DEBUG: Using file match: \.gitlab-ci\.yml$ for manager gitlabci-include DEBUG: Using file match: (^|/)go.mod$ for manager gomod DEBUG: Using file match: \.gradle(\.kts)?$ for manager gradle DEBUG: Using file match: (^|\/)gradle\.properties$ for manager gradle DEBUG: Using file match: (^|\/)gradle\/.+\.toml$ for manager gradle DEBUG: Using file match: \.versions\.toml$ for manager gradle DEBUG: Using file match: (^|/)gradle/wrapper/gradle-wrapper.properties$ for manager gradle-wrapper DEBUG: Using file match: (^|/)requirements\.yaml$ for manager helm-requirements DEBUG: Using file match: (^|/)values.yaml$ for manager helm-values DEBUG: Using file match: (^|/)helmfile.yaml$ for manager helmfile DEBUG: Using file match: (^|/)Chart.yaml$ for manager helmv3 DEBUG: Using file match: ^Formula/[^/]+[.]rb$ for manager homebrew DEBUG: Using file match: \.html?$ for manager html DEBUG: Using file match: (^|/)plugins\.(txt|ya?ml)$ for manager jenkins DEBUG: Using file match: (^|/)jsonnetfile.json$ for manager jsonnet-bundler DEBUG: Using file match: (^|/)kustomization\.yaml for manager kustomize DEBUG: Using file match: (^|/)project\.clj$ for manager leiningen DEBUG: Using file match: (^|/|\.)pom\.xml$ for manager maven DEBUG: Using file match: ^(((\.mvn)|(\.m2))/)?settings\.xml$ for manager maven DEBUG: Using file match: (^|/)package.js$ for manager meteor DEBUG: Using file match: (^|/)mix\.exs$ for manager mix DEBUG: Using file match: (^|/).node-version$ for manager nodenv DEBUG: Using file match: (^|/)package.json$ for manager npm DEBUG: Using file match: \.(?:cs|fs|vb)proj$ for manager nuget DEBUG: Using file match: \.(?:props|targets)$ for manager nuget DEBUG: Using file match: (^|\/)dotnet-tools\.json$ for manager nuget DEBUG: Using file match: (^|\/)global\.json$ for manager nuget DEBUG: Using file match: (^|/)\.nvmrc$ for manager nvm DEBUG: Using file match: (^|/)([\w-]*)requirements\.(txt|pip)$ for manager pip_requirements DEBUG: Using file match: (^|/)setup.py$ for manager pip_setup DEBUG: Using file match: (^|/)Pipfile$ for manager pipenv DEBUG: Using file match: (^|/)pyproject\.toml$ for manager poetry DEBUG: Using file match: (^|/)\.pre-commit-config\.yaml$ for manager pre-commit DEBUG: Using file match: (^|/)pubspec\.ya?ml$ for manager pub DEBUG: Using file match: (^|/).python-version$ for manager pyenv DEBUG: Using file match: (^|/)\.ruby-version$ for manager ruby-version DEBUG: Using file match: \.sbt$ for manager sbt DEBUG: Using file match: project/[^/]*.scala$ for manager sbt DEBUG: Using file match: (^|/)setup\.cfg$ for manager setup-cfg DEBUG: Using file match: (^|/)Package\.swift for manager swift DEBUG: Using file match: \.tf$ for manager terraform DEBUG: Using file match: (^|/)\.terraform-version$ for manager terraform-version DEBUG: Using file match: (^|/)terragrunt\.hcl$ for manager terragrunt DEBUG: Using file match: (^|/)\.terragrunt-version$ for manager terragrunt-version DEBUG: Using file match: ^.travis.yml$ for manager travis DEBUG: Matched 1 file(s) for manager npm: package.json DEBUG: Matched 1 file(s) for manager pip_requirements: requirements.txt DEBUG: npm file package.json has name "@capraconsulting/webapp-deploy-lambda" DEBUG: Detecting pnpm Workspaces DEBUG: Detecting Lerna and Yarn Workspaces DEBUG: Finding locked versions DEBUG: Found package-lock.json for package.json DEBUG: Found npm package files DEBUG: Found pip_requirements package files DEBUG: Found 2 package file(s) INFO: Dependency extraction complete { "baseBranch": "master", "stats": { "managers": { "npm": { "fileCount": 1, "depCount": 23 }, "pip_requirements": { "fileCount": 1, "depCount": 3 } }, "total": { "fileCount": 2, "depCount": 26 } } } DEBUG: Package releases lookups complete { "baseBranch": "master" } DEBUG: branchifyUpgrades DEBUG: Using group branchName template DEBUG: Dependency @aws-cdk/assert is part of group aws-cdk monorepo DEBUG: Using group branchName template DEBUG: Dependency @commitlint/cli is part of group commitlint monorepo DEBUG: Using group branchName template DEBUG: Dependency @commitlint/config-conventional is part of group commitlint monorepo DEBUG: Using group branchName template DEBUG: Dependency @typescript-eslint/eslint-plugin is part of group typescript-eslint monorepo DEBUG: Using group branchName template DEBUG: Dependency @typescript-eslint/parser is part of group typescript-eslint monorepo DEBUG: Using group branchName template DEBUG: Dependency aws-cdk-lib is part of group aws-cdk monorepo DEBUG: 12 flattened updates found: @aws-cdk/assert, @commitlint/cli, @commitlint/config-conventional, @types/node, @typescript-eslint/eslint-plugin, @typescript-eslint/parser, aws-cdk-lib, constructs, eslint, ansi-regex, black, boto3 DEBUG: Returning 9 branch(es) DEBUG: Fetching changelog: https://github.com/aws/aws-cdk (2.8.0 -> 2.10.0) DEBUG: Fetching changelog: https://github.com/aws/aws-cdk (2.8.0 -> 2.10.0) DEBUG: Fetching changelog: https://github.com/conventional-changelog/commitlint (15.0.0 -> 16.0.0) DEBUG: Fetching changelog: https://github.com/conventional-changelog/commitlint (15.0.0 -> 16.1.0) DEBUG: Fetching changelog: https://github.com/DefinitelyTyped/DefinitelyTyped (16.11.19 -> 16.11.22) DEBUG: Fetching changelog: https://github.com/typescript-eslint/typescript-eslint (5.9.1 -> 5.10.2) DEBUG: Fetching changelog: https://github.com/typescript-eslint/typescript-eslint (5.9.1 -> 5.10.2) DEBUG: Fetching changelog: https://github.com/aws/constructs (10.0.33 -> 10.0.52) DEBUG: Fetching changelog: https://github.com/eslint/eslint (8.6.0 -> 8.8.0) DEBUG: Fetching changelog: https://github.com/psf/black (19.3b0 -> 22.1.0) DEBUG: Fetching changelog: https://github.com/boto/boto3 (1.17.84 -> 1.20.48) DEBUG: config.repoIsOnboarded=true DEBUG: packageFiles with updates { "config": { "npm": [ { "packageFile": "package.json", "deps": [ { "depType": "devDependencies", "depName": "@aws-cdk/assert", "currentValue": "2.8.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.8.0", "depIndex": 0, "updates": [ { "bucket": "non-major", "newVersion": "2.10.0", "newValue": "2.10.0", "releaseTimestamp": "2022-01-29T06:30:19.801Z", "newMajor": 2, "newMinor": 10, "updateType": "minor", "branchName": "renovate/aws-cdk-monorepo" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/aws-cdk", "sourceDirectory": "packages/@aws-cdk/assert", "currentVersion": "2.8.0", "isSingleVersion": true, "fixedVersion": "2.8.0" }, { "depType": "devDependencies", "depName": "@commitlint/cli", "currentValue": "15.0.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "15.0.0", "depIndex": 1, "updates": [ { "bucket": "major", "newVersion": "16.1.0", "newValue": "16.1.0", "releaseTimestamp": "2022-01-20T07:21:47.213Z", "newMajor": 16, "newMinor": 1, "updateType": "major", "branchName": "renovate/major-commitlint-monorepo" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/conventional-changelog/commitlint", "sourceDirectory": "@commitlint/cli", "homepage": "https://commitlint.js.org/", "currentVersion": "15.0.0", "isSingleVersion": true, "fixedVersion": "15.0.0" }, { "depType": "devDependencies", "depName": "@commitlint/config-conventional", "currentValue": "15.0.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "15.0.0", "depIndex": 2, "updates": [ { "bucket": "major", "newVersion": "16.0.0", "newValue": "16.0.0", "releaseTimestamp": "2021-12-26T06:55:44.520Z", "newMajor": 16, "newMinor": 0, "updateType": "major", "branchName": "renovate/major-commitlint-monorepo" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/conventional-changelog/commitlint", "sourceDirectory": "@commitlint/config-conventional", "homepage": "https://commitlint.js.org/", "currentVersion": "15.0.0", "isSingleVersion": true, "fixedVersion": "15.0.0" }, { "depType": "devDependencies", "depName": "@types/jest", "currentValue": "27.4.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "27.4.0", "depIndex": 3, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/DefinitelyTyped/DefinitelyTyped", "sourceDirectory": "types/jest", "currentVersion": "27.4.0", "fixedVersion": "27.4.0" }, { "depType": "devDependencies", "depName": "@types/node", "currentValue": "16.11.19", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "16.11.19", "depIndex": 4, "updates": [ { "bucket": "non-major", "newVersion": "16.11.22", "newValue": "16.11.22", "releaseTimestamp": "2022-02-01T08:33:00.727Z", "newMajor": 16, "newMinor": 11, "updateType": "patch", "branchName": "renovate/node-16.x" } ], "warnings": [], "versioning": "node", "sourceUrl": "https://github.com/DefinitelyTyped/DefinitelyTyped", "sourceDirectory": "types/node", "currentVersion": "16.11.19", "isSingleVersion": true, "fixedVersion": "16.11.19" }, { "depType": "devDependencies", "depName": "@typescript-eslint/eslint-plugin", "currentValue": "5.9.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "5.9.1", "depIndex": 5, "updates": [ { "bucket": "non-major", "newVersion": "5.10.2", "newValue": "5.10.2", "releaseTimestamp": "2022-01-31T18:02:48.080Z", "newMajor": 5, "newMinor": 10, "updateType": "minor", "branchName": "renovate/typescript-eslint-monorepo" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/typescript-eslint/typescript-eslint", "sourceDirectory": "packages/eslint-plugin", "currentVersion": "5.9.1", "isSingleVersion": true, "fixedVersion": "5.9.1" }, { "depType": "devDependencies", "depName": "@typescript-eslint/parser", "currentValue": "5.9.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "5.9.1", "depIndex": 6, "updates": [ { "bucket": "non-major", "newVersion": "5.10.2", "newValue": "5.10.2", "releaseTimestamp": "2022-01-31T18:02:34.397Z", "newMajor": 5, "newMinor": 10, "updateType": "minor", "branchName": "renovate/typescript-eslint-monorepo" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/typescript-eslint/typescript-eslint", "sourceDirectory": "packages/parser", "currentVersion": "5.9.1", "isSingleVersion": true, "fixedVersion": "5.9.1" }, { "depType": "devDependencies", "depName": "aws-cdk-lib", "currentValue": "2.8.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.8.0", "depIndex": 7, "updates": [ { "bucket": "non-major", "newVersion": "2.10.0", "newValue": "2.10.0", "releaseTimestamp": "2022-01-29T06:32:54.784Z", "newMajor": 2, "newMinor": 10, "updateType": "minor", "branchName": "renovate/aws-cdk-monorepo" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/aws-cdk", "sourceDirectory": "packages/aws-cdk-lib", "currentVersion": "2.8.0", "isSingleVersion": true, "fixedVersion": "2.8.0" }, { "depType": "devDependencies", "depName": "constructs", "currentValue": "10.0.33", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "10.0.33", "depIndex": 8, "updates": [ { "bucket": "non-major", "newVersion": "10.0.52", "newValue": "10.0.52", "releaseTimestamp": "2022-02-02T00:12:44.988Z", "newMajor": 10, "newMinor": 0, "updateType": "patch", "branchName": "renovate/constructs-10.x" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/constructs", "currentVersion": "10.0.33", "isSingleVersion": true, "fixedVersion": "10.0.33" }, { "depType": "devDependencies", "depName": "eslint", "currentValue": "8.6.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "8.6.0", "depIndex": 9, "updates": [ { "bucket": "non-major", "newVersion": "8.8.0", "newValue": "8.8.0", "releaseTimestamp": "2022-01-28T21:13:48.881Z", "newMajor": 8, "newMinor": 8, "updateType": "minor", "branchName": "renovate/eslint-8.x" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/eslint/eslint", "homepage": "https://eslint.org", "currentVersion": "8.6.0", "isSingleVersion": true, "fixedVersion": "8.6.0" }, { "depType": "devDependencies", "depName": "eslint-config-prettier", "currentValue": "8.3.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "8.3.0", "depIndex": 10, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/prettier/eslint-config-prettier", "currentVersion": "8.3.0", "fixedVersion": "8.3.0" }, { "depType": "devDependencies", "depName": "eslint-plugin-deprecation", "currentValue": "1.3.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "1.3.2", "depIndex": 11, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/gund/eslint-plugin-deprecation", "currentVersion": "1.3.2", "fixedVersion": "1.3.2" }, { "depType": "devDependencies", "depName": "eslint-plugin-prettier", "currentValue": "4.0.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "4.0.0", "depIndex": 12, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/prettier/eslint-plugin-prettier", "currentVersion": "4.0.0", "fixedVersion": "4.0.0" }, { "depType": "devDependencies", "depName": "husky", "currentValue": "7.0.4", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "7.0.4", "depIndex": 13, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/typicode/husky", "homepage": "https://typicode.github.io/husky", "currentVersion": "7.0.4", "fixedVersion": "7.0.4" }, { "depType": "devDependencies", "depName": "jest", "currentValue": "27.4.7", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "27.4.7", "depIndex": 14, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/facebook/jest", "homepage": "https://jestjs.io/", "currentVersion": "27.4.7", "fixedVersion": "27.4.7" }, { "depType": "devDependencies", "depName": "jest-cdk-snapshot", "currentValue": "2.0.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.0.1", "depIndex": 15, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/hupe1980/jest-cdk-snapshot", "currentVersion": "2.0.1", "fixedVersion": "2.0.1" }, { "depType": "devDependencies", "depName": "prettier", "currentValue": "2.5.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.5.1", "depIndex": 16, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/prettier/prettier", "homepage": "https://prettier.io", "currentVersion": "2.5.1", "fixedVersion": "2.5.1" }, { "depType": "devDependencies", "depName": "semantic-release", "currentValue": "19.0.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "19.0.2", "depIndex": 17, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/semantic-release/semantic-release", "currentVersion": "19.0.2", "fixedVersion": "19.0.2" }, { "depType": "devDependencies", "depName": "ts-jest", "currentValue": "27.1.3", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "27.1.3", "depIndex": 18, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/kulshekhar/ts-jest", "homepage": "https://kulshekhar.github.io/ts-jest", "currentVersion": "27.1.3", "fixedVersion": "27.1.3" }, { "depType": "devDependencies", "depName": "ts-node", "currentValue": "10.4.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "10.4.0", "depIndex": 19, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/TypeStrong/ts-node", "homepage": "https://typestrong.org/ts-node", "currentVersion": "10.4.0", "fixedVersion": "10.4.0" }, { "depType": "devDependencies", "depName": "typescript", "currentValue": "4.5.5", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "4.5.5", "depIndex": 20, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/Microsoft/TypeScript", "homepage": "https://www.typescriptlang.org/", "currentVersion": "4.5.5", "fixedVersion": "4.5.5" }, { "depType": "peerDependencies", "depName": "aws-cdk-lib", "currentValue": "^2.0.0", "datasource": "npm", "prettyDepType": "peerDependency", "lockedVersion": "2.8.0", "depIndex": 21, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/aws-cdk", "sourceDirectory": "packages/aws-cdk-lib", "currentVersion": "2.8.0", "fixedVersion": "2.8.0" }, { "depType": "peerDependencies", "depName": "constructs", "currentValue": "^10.0.0", "datasource": "npm", "prettyDepType": "peerDependency", "lockedVersion": "10.0.33", "depIndex": 22, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/constructs", "currentVersion": "10.0.33", "fixedVersion": "10.0.33" } ], "packageJsonName": "@capraconsulting/webapp-deploy-lambda", "packageFileVersion": "0.0.0-development", "packageJsonType": "library", "npmLock": "package-lock.json", "managerData": { "yarnZeroInstall": false }, "skipInstalls": true, "constraints": { "npm": "<7" }, "lockFiles": [ "package-lock.json" ] } ], "pip_requirements": [ { "packageFile": "requirements.txt", "deps": [ { "depName": "black", "currentValue": "==19.3b0", "datasource": "pypi", "currentVersion": "19.3b0", "depIndex": 0, "updates": [ { "bucket": "major", "newVersion": "22.1.0", "newValue": "==22.1.0", "releaseTimestamp": "2022-01-29T20:39:31.000Z", "newMajor": 22, "newMinor": 1, "updateType": "major", "isRange": true, "branchName": "renovate/black-22.x" } ], "warnings": [], "versioning": "pep440", "sourceUrl": "https://github.com/psf/black", "changelogUrl": "https://github.com/psf/black/blob/main/CHANGES.md", "isSingleVersion": true, "fixedVersion": "19.3b0" }, { "depName": "boto3", "currentValue": "==1.17.84", "datasource": "pypi", "currentVersion": "1.17.84", "depIndex": 1, "updates": [ { "bucket": "non-major", "newVersion": "1.20.48", "newValue": "==1.20.48", "releaseTimestamp": "2022-02-03T20:12:00.000Z", "newMajor": 1, "newMinor": 20, "updateType": "minor", "isRange": true, "branchName": "renovate/boto3-1.x" } ], "warnings": [], "versioning": "pep440", "sourceUrl": "https://github.com/boto/boto3", "isSingleVersion": true, "fixedVersion": "1.17.84" }, { "depName": "flake8", "currentValue": "==4.0.1", "datasource": "pypi", "currentVersion": "4.0.1", "depIndex": 2, "updates": [], "warnings": [], "versioning": "pep440", "sourceUrl": "https://github.com/pycqa/flake8", "changelogUrl": "http://flake8.pycqa.org/en/latest/release-notes/index.html", "fixedVersion": "4.0.1" } ] } ] } } DEBUG: processRepo() DEBUG: Processing 9 branches: renovate/aws-cdk-monorepo, renovate/black-22.x, renovate/boto3-1.x, renovate/constructs-10.x, renovate/eslint-8.x, renovate/major-commitlint-monorepo, renovate/node-16.x, renovate/npm-ansi-regex-vulnerability, renovate/typescript-eslint-monorepo DEBUG: Calculating hourly PRs remaining DEBUG: Retrieving PR list DEBUG: Retrieved 47 Pull Requests DEBUG: currentHourStart=2022-02-04T01:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating prConcurrentLimit (10) DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed) DEBUG: getBranchPr(renovate/node-16.x) DEBUG: findPr(renovate/node-16.x, undefined, open) DEBUG: findPr(renovate/node-16.x, undefined, closed) DEBUG: getBranchPr(renovate/constructs-10.x) DEBUG: findPr(renovate/constructs-10.x, undefined, open) DEBUG: findPr(renovate/constructs-10.x, undefined, closed) DEBUG: getBranchPr(renovate/aws-cdk-monorepo) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, open) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, closed) DEBUG: Found PR #50 DEBUG: getBranchPr(renovate/boto3-1.x) DEBUG: findPr(renovate/boto3-1.x, undefined, open) DEBUG: findPr(renovate/boto3-1.x, undefined, closed) DEBUG: getBranchPr(renovate/eslint-8.x) DEBUG: findPr(renovate/eslint-8.x, undefined, open) DEBUG: findPr(renovate/eslint-8.x, undefined, closed) DEBUG: getBranchPr(renovate/typescript-eslint-monorepo) DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, open) DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, closed) DEBUG: getBranchPr(renovate/major-commitlint-monorepo) DEBUG: findPr(renovate/major-commitlint-monorepo, undefined, open) DEBUG: Found PR #52 DEBUG: Returning from graphql open PR list DEBUG: getBranchPr(renovate/black-22.x) DEBUG: findPr(renovate/black-22.x, undefined, open) DEBUG: Found PR #53 DEBUG: Returning from graphql open PR list DEBUG: 2 PRs are currently open DEBUG: PR concurrent limit remaining: 8 DEBUG: Calculated maximum PRs remaining this run { "prsRemaining": 2 } DEBUG: PullRequests limit = 2 DEBUG: Calculating hourly PRs remaining DEBUG: currentHourStart=2022-02-04T01:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating branchConcurrentLimit (10) DEBUG: 4 already existing branches found: renovate/boto3-1.x,renovate/eslint-8.x,renovate/major-commitlint-monorepo,renovate/black-22.x DEBUG: Branch concurrent limit remaining: 6 DEBUG: Calculated maximum branches remaining this run { "branchesRemaining": 2 } DEBUG: Branches limit = 2 DEBUG: Setting current branch to master(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: latest commit(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "master", "latestCommitDate": "2022-02-03T22:30:38+00:00" } DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: branchExists=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: recreateClosed is false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, chore(deps): update dependency ansi-regex to 5.0.1 [security], !open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: prAlreadyExisted=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Checking schedule(, Europe/Oslo)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No schedule defined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch needs creating(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using reuseExistingBranch: false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: ansi-regex@3.0.0 -> 5.0.1 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of strip-ansi starting with 4.0.0 which supports >= ansi-regex@5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: ansi-regex needs strip-ansi@6.0.0 which uses constraint "^5.0.0" in order to update to 5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of ansi-regex to 5.0.1 can be achieved due to parent strip-ansi(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: strip-ansi@4.0.0 -> 6.0.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of string-width starting with 2.1.1 which supports >= strip-ansi@6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: strip-ansi needs string-width@4.2.0 which uses constraint "^6.0.0" in order to update to 6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of strip-ansi to 6.0.0 can be achieved due to parent string-width(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: string-width@2.1.1 -> 4.2.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of wide-align starting with 1.1.5 which supports >= string-width@4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: string-width needs wide-align@1.1.5 which uses constraint "^1.0.2 || 2 || 3 || 4" in order to update to 4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of string-width to 4.2.0 already achieved in parent wide-align@1.1.5(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Getting updated lock files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing package.json files(branch="renovate/npm-ansi-regex-vulnerability") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing any updated package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing lock file: package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No npmrc file found in repository(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing updated .npmrc file to /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/.npmrc(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Generating package-lock.json for .(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Spawning npm install to create /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updating lock file only(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No node constraint found - using latest(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using docker to execute(branch="renovate/npm-ansi-regex-vulnerability") { "image": "node" } DEBUG: Resolved version(branch="renovate/npm-ansi-regex-vulnerability") { "toolName": "npm", "constraint": "<7", "resolvedVersion": "6.14.16" } DEBUG: No tag or tagConstraint specified(branch="renovate/npm-ansi-regex-vulnerability") { "image": "docker.io/renovate/node" } DEBUG: Docker image is already prefetched: docker.io/renovate/node(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Executing command(branch="renovate/npm-ansi-regex-vulnerability") { "command": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"" } DEBUG: exec completed(branch="renovate/npm-ansi-regex-vulnerability") { "cmd": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"", "durationMs": 105569, "stdout": "Installing legacy tool npm v6.14.16\n/home/ubuntu/npm/6.14.16/bin/npm -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npm-cli.js\n/home/ubuntu/npm/6.14.16/bin/npx -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npx-cli.js\n+ npm@6.14.16\nadded 437 packages from 891 contributors in 54.85s\n+ node-gyp@8.4.1\nadded 61 packages from 20 contributors, updated 2 packages and audited 563 packages in 15.22s\n\n5 packages are looking for funding\n run `npm fund` for details\n\nfound 9 moderate severity vulnerabilities\n run `npm audit fix` to fix them, or `npm audit` for details\n6.14.16\nadded 935 packages in 11.351s\nadded 935 packages in 9.785s\n", "stderr": "npm notice created a lockfile as package-lock.json. You should commit this file.\nnpm WARN using --force I sure hope you know what you are doing.\n" } DEBUG: package-lock.json needs updating(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 lock files(branch="renovate/npm-ansi-regex-vulnerability") { "updatedArtifacts": [ "package-lock.json" ] } DEBUG: 1 file(s) to commit(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Preparing files for commiting to branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Setting git author name(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorName": "Renovate Bot" } DEBUG: Setting git author email(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorEmail": "bot@renovateapp.com" } DEBUG: git commit(branch="renovate/npm-ansi-regex-vulnerability") { "deletedFiles": [], "ignoredFiles": [], "result": { "author": null, "branch": "renovate/npm-ansi-regex-vulnerability", "commit": "3e4601d", "root": false, "summary": { "changes": 1, "insertions": 8, "deletions": 0 } } } DEBUG: Pushing branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: git push(branch="renovate/npm-ansi-regex-vulnerability") { "result": { "pushed": [ { "deleted": false, "tag": false, "branch": true, "new": true, "alreadyUpdated": false, "local": "refs/heads/renovate/npm-ansi-regex-vulnerability", "remote": "refs/heads/renovate/npm-ansi-regex-vulnerability" } ], "branch": { "local": "renovate/npm-ansi-regex-vulnerability", "remote": "renovate/npm-ansi-regex-vulnerability", "remoteName": "origin" }, "ref": { "local": "refs/remotes/origin/renovate/npm-ansi-regex-vulnerability" }, "remoteMessages": { "all": [ "Create a pull request for 'renovate/npm-ansi-regex-vulnerability' on GitHub by visiting:", "https://github.com/capralifecycle/webapp-deploy-lambda/pull/new/renovate/npm-ansi-regex-vulnerability" ], "pullRequestUrl": "https://github.com/capralifecycle/webapp-deploy-lambda/pull/new/renovate/npm-ansi-regex-vulnerability" } } } DEBUG: Fetching branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") INFO: Branch created(branch="renovate/npm-ansi-regex-vulnerability") { "commitSha": "3e4601d5f0eca5edd080c17485c6d24d2cf42b5f" } DEBUG: Ensuring PR(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: There are 0 errors and 0 warnings(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch automerge is enabled(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: resolveBranchStatus(branchName=renovate/npm-ansi-regex-vulnerability, ignoreTests=false)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchStatus(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: branch status check result(branch="renovate/npm-ansi-regex-vulnerability") { "state": "pending", "statuses": [] } DEBUG: No check runs found(branch="renovate/npm-ansi-regex-vulnerability") { "result": { "total_count": 0, "check_runs": [] } } DEBUG: Branch status yellow(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch status is: yellow(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Checking how long this branch has been pending(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Setting current branch to master(branch="renovate/node-16.x") DEBUG: latest commit(branch="renovate/node-16.x") { "branchName": "master", "latestCommitDate": "2022-02-03T22:30:38+00:00" } DEBUG: getBranchPr(renovate/node-16.x)(branch="renovate/node-16.x") DEBUG: findPr(renovate/node-16.x, undefined, open)(branch="renovate/node-16.x") DEBUG: findPr(renovate/node-16.x, undefined, closed)(branch="renovate/node-16.x") DEBUG: branchExists=false(branch="renovate/node-16.x") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/node-16.x") DEBUG: recreateClosed is false(branch="renovate/node-16.x") DEBUG: findPr(renovate/node-16.x, chore(deps): update dependency @types/node to v16.11.22, !open)(branch="renovate/node-16.x") DEBUG: prAlreadyExisted=false(branch="renovate/node-16.x") DEBUG: Checking schedule(before 6am,every weekend, Europe/Oslo)(branch="renovate/node-16.x") DEBUG: Found timezone(branch="renovate/node-16.x") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/node-16.x") DEBUG: Checking 2 schedule(s)(branch="renovate/node-16.x") DEBUG: Checking schedule "before 6am"(branch="renovate/node-16.x") { "parsedSchedule": { "schedules": [ { "t_b": [ 21600 ] } ], "exceptions": [], "error": -1 } } DEBUG: Matches schedule before 6am(branch="renovate/node-16.x") DEBUG: Update has not passed stability days(branch="renovate/node-16.x") { "depName": "@types/node", "daysElapsed": 2, "stabilityDays": 3 } DEBUG: Skipping branch creation due to internal status checks not met(branch="renovate/node-16.x") DEBUG: Setting current branch to master(branch="renovate/constructs-10.x") DEBUG: latest commit(branch="renovate/constructs-10.x") { "branchName": "master", "latestCommitDate": "2022-02-03T22:30:38+00:00" } DEBUG: getBranchPr(renovate/constructs-10.x)(branch="renovate/constructs-10.x") DEBUG: findPr(renovate/constructs-10.x, undefined, open)(branch="renovate/constructs-10.x") DEBUG: findPr(renovate/constructs-10.x, undefined, closed)(branch="renovate/constructs-10.x") DEBUG: branchExists=false(branch="renovate/constructs-10.x") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/constructs-10.x") DEBUG: recreateClosed is false(branch="renovate/constructs-10.x") DEBUG: findPr(renovate/constructs-10.x, chore(deps): update dependency constructs to v10.0.52, !open)(branch="renovate/constructs-10.x") DEBUG: prAlreadyExisted=false(branch="renovate/constructs-10.x") DEBUG: Checking schedule(before 6am,every weekend, Europe/Oslo)(branch="renovate/constructs-10.x") DEBUG: Found timezone(branch="renovate/constructs-10.x") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/constructs-10.x") DEBUG: Checking 2 schedule(s)(branch="renovate/constructs-10.x") DEBUG: Checking schedule "before 6am"(branch="renovate/constructs-10.x") { "parsedSchedule": { "schedules": [ { "t_b": [ 21600 ] } ], "exceptions": [], "error": -1 } } DEBUG: Matches schedule before 6am(branch="renovate/constructs-10.x") DEBUG: Update has not passed stability days(branch="renovate/constructs-10.x") { "depName": "constructs", "daysElapsed": 2, "stabilityDays": 3 } DEBUG: Skipping branch creation due to internal status checks not met(branch="renovate/constructs-10.x") DEBUG: Setting current branch to master(branch="renovate/aws-cdk-monorepo") DEBUG: latest commit(branch="renovate/aws-cdk-monorepo") { "branchName": "master", "latestCommitDate": "2022-02-03T22:30:38+00:00" } DEBUG: getBranchPr(renovate/aws-cdk-monorepo)(branch="renovate/aws-cdk-monorepo") DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, open)(branch="renovate/aws-cdk-monorepo") DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, closed)(branch="renovate/aws-cdk-monorepo") DEBUG: Found PR #50(branch="renovate/aws-cdk-monorepo") DEBUG: branchExists=false(branch="renovate/aws-cdk-monorepo") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/aws-cdk-monorepo") DEBUG: recreateClosed is false(branch="renovate/aws-cdk-monorepo") DEBUG: findPr(renovate/aws-cdk-monorepo, chore(deps): update aws-cdk monorepo to v2.10.0, !open)(branch="renovate/aws-cdk-monorepo") DEBUG: prAlreadyExisted=false(branch="renovate/aws-cdk-monorepo") DEBUG: Checking schedule(before 6am,every weekend, Europe/Oslo)(branch="renovate/aws-cdk-monorepo") DEBUG: Found timezone(branch="renovate/aws-cdk-monorepo") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/aws-cdk-monorepo") DEBUG: Checking 2 schedule(s)(branch="renovate/aws-cdk-monorepo") DEBUG: Checking schedule "before 6am"(branch="renovate/aws-cdk-monorepo") { "parsedSchedule": { "schedules": [ { "t_b": [ 21600 ] } ], "exceptions": [], "error": -1 } } DEBUG: Matches schedule before 6am(branch="renovate/aws-cdk-monorepo") DEBUG: Branch needs creating(branch="renovate/aws-cdk-monorepo") DEBUG: Using reuseExistingBranch: false(branch="renovate/aws-cdk-monorepo") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=false(branch="renovate/aws-cdk-monorepo") DEBUG: npm.updateDependency(): devDependencies.@aws-cdk/assert = 2.10.0(branch="renovate/aws-cdk-monorepo") DEBUG: Updating @aws-cdk/assert in package.json(branch="renovate/aws-cdk-monorepo") DEBUG: npm.updateDependency(): devDependencies.aws-cdk-lib = 2.10.0(branch="renovate/aws-cdk-monorepo") DEBUG: Updating aws-cdk-lib in package.json(branch="renovate/aws-cdk-monorepo") DEBUG: Updated 1 package files(branch="renovate/aws-cdk-monorepo") DEBUG: Getting updated lock files(branch="renovate/aws-cdk-monorepo") DEBUG: Writing package.json files(branch="renovate/aws-cdk-monorepo") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/aws-cdk-monorepo") DEBUG: Writing any updated package files(branch="renovate/aws-cdk-monorepo") DEBUG: Writing package.json(branch="renovate/aws-cdk-monorepo") DEBUG: No npmrc file found in repository(branch="renovate/aws-cdk-monorepo") DEBUG: Writing updated .npmrc file to /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/.npmrc(branch="renovate/aws-cdk-monorepo") DEBUG: Generating package-lock.json for .(branch="renovate/aws-cdk-monorepo") DEBUG: Spawning npm install to create /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/package-lock.json(branch="renovate/aws-cdk-monorepo") DEBUG: Updating lock file only(branch="renovate/aws-cdk-monorepo") DEBUG: No node constraint found - using latest(branch="renovate/aws-cdk-monorepo") DEBUG: Using docker to execute(branch="renovate/aws-cdk-monorepo") { "image": "node" } DEBUG: Resolved version(branch="renovate/aws-cdk-monorepo") { "toolName": "npm", "constraint": "<7", "resolvedVersion": "6.14.16" } DEBUG: No tag or tagConstraint specified(branch="renovate/aws-cdk-monorepo") { "image": "docker.io/renovate/node" } DEBUG: Docker image is already prefetched: docker.io/renovate/node(branch="renovate/aws-cdk-monorepo") DEBUG: Executing command(branch="renovate/aws-cdk-monorepo") { "command": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts\"" } DEBUG: exec completed(branch="renovate/aws-cdk-monorepo") { "cmd": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts\"", "durationMs": 133195, "stdout": "Installing legacy tool npm v6.14.16\n/home/ubuntu/npm/6.14.16/bin/npm -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npm-cli.js\n/home/ubuntu/npm/6.14.16/bin/npx -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npx-cli.js\n+ npm@6.14.16\nadded 437 packages from 891 contributors in 55.604s\n+ node-gyp@8.4.1\nadded 61 packages from 20 contributors, updated 2 packages and audited 563 packages in 15.335s\n\n5 packages are looking for funding\n run `npm fund` for details\n\nfound 9 moderate severity vulnerabilities\n run `npm audit fix` to fix them, or `npm audit` for details\n6.14.16\nadded 935 packages from 12 contributors in 50.838s\n", "stderr": "npm notice created a lockfile as package-lock.json. You should commit this file.\nnpm WARN using --force I sure hope you know what you are doing.\n" } DEBUG: package-lock.json needs updating(branch="renovate/aws-cdk-monorepo") DEBUG: Updated 1 lock files(branch="renovate/aws-cdk-monorepo") { "updatedArtifacts": [ "package-lock.json" ] } DEBUG: 2 file(s) to commit(branch="renovate/aws-cdk-monorepo") DEBUG: Preparing files for commiting to branch renovate/aws-cdk-monorepo(branch="renovate/aws-cdk-monorepo") DEBUG: git commit(branch="renovate/aws-cdk-monorepo") { "deletedFiles": [], "ignoredFiles": [], "result": { "author": null, "branch": "renovate/aws-cdk-monorepo", "commit": "1cae176", "root": false, "summary": { "changes": 2, "insertions": 16, "deletions": 16 } } } DEBUG: Pushing branch renovate/aws-cdk-monorepo(branch="renovate/aws-cdk-monorepo") DEBUG: git push(branch="renovate/aws-cdk-monorepo") { "result": { "pushed": [ { "deleted": false, "tag": false, "branch": true, "new": true, "alreadyUpdated": false, "local": "refs/heads/renovate/aws-cdk-monorepo", "remote": "refs/heads/renovate/aws-cdk-monorepo" } ], "branch": { "local": "renovate/aws-cdk-monorepo", "remote": "renovate/aws-cdk-monorepo", "remoteName": "origin" }, "ref": { "local": "refs/remotes/origin/renovate/aws-cdk-monorepo" }, "remoteMessages": { "all": [ "Create a pull request for 'renovate/aws-cdk-monorepo' on GitHub by visiting:", "https://github.com/capralifecycle/webapp-deploy-lambda/pull/new/renovate/aws-cdk-monorepo" ], "pullRequestUrl": "https://github.com/capralifecycle/webapp-deploy-lambda/pull/new/renovate/aws-cdk-monorepo" } } } DEBUG: Fetching branch renovate/aws-cdk-monorepo(branch="renovate/aws-cdk-monorepo") INFO: Branch created(branch="renovate/aws-cdk-monorepo") { "commitSha": "1cae176749cb7d859dfc530c90ff28e5f3b125f5" } DEBUG: Updating renovate/stability-days status check state to green(branch="renovate/aws-cdk-monorepo") DEBUG: Setting branch status(branch="renovate/aws-cdk-monorepo") { "context": "renovate/stability-days", "state": "green" } DEBUG: Branch status pending(branch="renovate/aws-cdk-monorepo") { "commitSha": "1cae176749cb7d859dfc530c90ff28e5f3b125f5" } DEBUG: Setting current branch to master(branch="renovate/boto3-1.x") DEBUG: latest commit(branch="renovate/boto3-1.x") { "branchName": "master", "latestCommitDate": "2022-02-03T22:30:38+00:00" } DEBUG: getBranchPr(renovate/boto3-1.x)(branch="renovate/boto3-1.x") DEBUG: findPr(renovate/boto3-1.x, undefined, open)(branch="renovate/boto3-1.x") DEBUG: findPr(renovate/boto3-1.x, undefined, closed)(branch="renovate/boto3-1.x") DEBUG: branchExists=true(branch="renovate/boto3-1.x") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/boto3-1.x") DEBUG: recreateClosed is false(branch="renovate/boto3-1.x") DEBUG: findPr(renovate/boto3-1.x, chore(deps): update dependency boto3 to v1.20.48, !open)(branch="renovate/boto3-1.x") DEBUG: prAlreadyExisted=false(branch="renovate/boto3-1.x") DEBUG: Checking if PR has been edited(branch="renovate/boto3-1.x") DEBUG: Branch has not been modified(branch="renovate/boto3-1.x") { "branchName": "renovate/boto3-1.x" } DEBUG: Checking schedule(before 3am on the first day of the month, Europe/Oslo)(branch="renovate/boto3-1.x") DEBUG: Found timezone(branch="renovate/boto3-1.x") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/boto3-1.x") DEBUG: Checking 1 schedule(s)(branch="renovate/boto3-1.x") DEBUG: Checking schedule "before 3am on the first day of the month"(branch="renovate/boto3-1.x") { "parsedSchedule": { "schedules": [ { "t_b": [ 10800 ], "D": [ 1 ] } ], "exceptions": [], "error": -1 } } DEBUG: Package not scheduled(branch="renovate/boto3-1.x") DEBUG: Skipping PR creation out of schedule(branch="renovate/boto3-1.x") DEBUG: Setting current branch to master(branch="renovate/eslint-8.x") DEBUG: latest commit(branch="renovate/eslint-8.x") { "branchName": "master", "latestCommitDate": "2022-02-03T22:30:38+00:00" } DEBUG: getBranchPr(renovate/eslint-8.x)(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, undefined, open)(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, undefined, closed)(branch="renovate/eslint-8.x") DEBUG: branchExists=true(branch="renovate/eslint-8.x") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/eslint-8.x") DEBUG: recreateClosed is false(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, chore(deps): update dependency eslint to v8.8.0, !open)(branch="renovate/eslint-8.x") DEBUG: prAlreadyExisted=false(branch="renovate/eslint-8.x") DEBUG: Checking if PR has been edited(branch="renovate/eslint-8.x") DEBUG: Branch has not been modified(branch="renovate/eslint-8.x") { "branchName": "renovate/eslint-8.x" } DEBUG: Checking schedule(before 6am,every weekend, Europe/Oslo)(branch="renovate/eslint-8.x") DEBUG: Found timezone(branch="renovate/eslint-8.x") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/eslint-8.x") DEBUG: Checking 2 schedule(s)(branch="renovate/eslint-8.x") DEBUG: Checking schedule "before 6am"(branch="renovate/eslint-8.x") { "parsedSchedule": { "schedules": [ { "t_b": [ 21600 ] } ], "exceptions": [], "error": -1 } } DEBUG: Matches schedule before 6am(branch="renovate/eslint-8.x") DEBUG: Branch already exists(branch="renovate/eslint-8.x") DEBUG: getBranchPr(renovate/eslint-8.x)(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, undefined, open)(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, undefined, closed)(branch="renovate/eslint-8.x") DEBUG: isBranchStale=true(branch="renovate/eslint-8.x") { "isStale": true, "currentBranch": "master", "currentBranchSha": "b357349f3a1df86c833a09d46b673d490dfaf017" } DEBUG: Branch is stale and needs rebasing(branch="renovate/eslint-8.x") DEBUG: Branch is unmodified, so can be rebased(branch="renovate/eslint-8.x") DEBUG: Using reuseExistingBranch: false(branch="renovate/eslint-8.x") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=false(branch="renovate/eslint-8.x") DEBUG: npm.updateDependency(): devDependencies.eslint = 8.8.0(branch="renovate/eslint-8.x") DEBUG: Updating eslint in package.json(branch="renovate/eslint-8.x") DEBUG: Updated 1 package files(branch="renovate/eslint-8.x") DEBUG: Getting updated lock files(branch="renovate/eslint-8.x") DEBUG: Writing package.json files(branch="renovate/eslint-8.x") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/eslint-8.x") DEBUG: Writing any updated package files(branch="renovate/eslint-8.x") DEBUG: Writing package.json(branch="renovate/eslint-8.x") DEBUG: No npmrc file found in repository(branch="renovate/eslint-8.x") DEBUG: Writing updated .npmrc file to /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/.npmrc(branch="renovate/eslint-8.x") DEBUG: Generating package-lock.json for .(branch="renovate/eslint-8.x") DEBUG: Spawning npm install to create /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/package-lock.json(branch="renovate/eslint-8.x") DEBUG: Updating lock file only(branch="renovate/eslint-8.x") DEBUG: No node constraint found - using latest(branch="renovate/eslint-8.x") DEBUG: Using docker to execute(branch="renovate/eslint-8.x") { "image": "node" } DEBUG: Resolved version(branch="renovate/eslint-8.x") { "toolName": "npm", "constraint": "<7", "resolvedVersion": "6.14.16" } DEBUG: No tag or tagConstraint specified(branch="renovate/eslint-8.x") { "image": "docker.io/renovate/node" } DEBUG: Docker image is already prefetched: docker.io/renovate/node(branch="renovate/eslint-8.x") DEBUG: Executing command(branch="renovate/eslint-8.x") { "command": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts\"" } DEBUG: exec completed(branch="renovate/eslint-8.x") { "cmd": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts\"", "durationMs": 94814, "stdout": "Installing legacy tool npm v6.14.16\n/home/ubuntu/npm/6.14.16/bin/npm -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npm-cli.js\n/home/ubuntu/npm/6.14.16/bin/npx -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npx-cli.js\n+ npm@6.14.16\nadded 437 packages from 891 contributors in 54.486s\n+ node-gyp@8.4.1\nadded 61 packages from 20 contributors, updated 2 packages and audited 563 packages in 15.392s\n\n5 packages are looking for funding\n run `npm fund` for details\n\nfound 9 moderate severity vulnerabilities\n run `npm audit fix` to fix them, or `npm audit` for details\n6.14.16\nadded 931 packages in 13.354s\n", "stderr": "npm notice created a lockfile as package-lock.json. You should commit this file.\nnpm WARN using --force I sure hope you know what you are doing.\n" } DEBUG: package-lock.json needs updating(branch="renovate/eslint-8.x") DEBUG: Updated 1 lock files(branch="renovate/eslint-8.x") { "updatedArtifacts": [ "package-lock.json" ] } DEBUG: isBranchConflicted(master, renovate/eslint-8.x)(branch="renovate/eslint-8.x") DEBUG: 2 file(s) to commit(branch="renovate/eslint-8.x") DEBUG: Preparing files for commiting to branch renovate/eslint-8.x(branch="renovate/eslint-8.x") DEBUG: git commit(branch="renovate/eslint-8.x") { "deletedFiles": [], "ignoredFiles": [], "result": { "author": null, "branch": "renovate/eslint-8.x", "commit": "46eee98", "root": false, "summary": { "changes": 2, "insertions": 9, "deletions": 0 } } } DEBUG: No file changes detected. Skipping commit(branch="renovate/eslint-8.x") { "branchName": "renovate/eslint-8.x", "deletedFiles": [], "addedModifiedFiles": [ "package.json", "package-lock.json" ], "ignoredFiles": [] } DEBUG: Status check renovate/stability-days is already up-to-date(branch="renovate/eslint-8.x") DEBUG: Checking if we can automerge branch(branch="renovate/eslint-8.x") DEBUG: getBranchPr(renovate/eslint-8.x)(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, undefined, open)(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, undefined, closed)(branch="renovate/eslint-8.x") DEBUG: resolveBranchStatus(branchName=renovate/eslint-8.x, ignoreTests=false)(branch="renovate/eslint-8.x") DEBUG: getBranchStatus(renovate/eslint-8.x)(branch="renovate/eslint-8.x") DEBUG: No check runs found(branch="renovate/eslint-8.x") { "result": { "total_count": 0, "check_runs": [] } } DEBUG: Branch status green(branch="renovate/eslint-8.x") DEBUG: Automerging branch(branch="renovate/eslint-8.x") DEBUG: mergeBranch error(branch="renovate/eslint-8.x") { "baseBranch": "master", "baseSha": "b357349f3a1df86c833a09d46b673d490dfaf017", "branchName": "renovate/eslint-8.x", "branchSha": "474b9a137809060cc7229005ed86427bbc0a9dca", "status": { "not_added": [], "conflicted": [], "created": [], "deleted": [], "modified": [], "renamed": [], "files": [], "staged": [], "ahead": 0, "behind": 0, "current": "master", "tracking": "origin/master", "detached": false }, "err": { "task": { "commands": [ "merge", "--ff-only", "renovate/eslint-8.x" ], "format": "utf-8", "parser": "[function]" }, "message": "fatal: Not possible to fast-forward, aborting.\n", "stack": "Error: fatal: Not possible to fast-forward, aborting.\n\n at Object.action (/home/ubuntu/renovateapp/node_modules/simple-git/cjs/index.js:1194:25)\n at PluginStore.exec (/home/ubuntu/renovateapp/node_modules/simple-git/cjs/index.js:1229:29)\n at /home/ubuntu/renovateapp/node_modules/simple-git/cjs/index.js:1589:43\n at new Promise ()\n at GitExecutorChain.handleTaskData (/home/ubuntu/renovateapp/node_modules/simple-git/cjs/index.js:1587:16)\n at GitExecutorChain. (/home/ubuntu/renovateapp/node_modules/simple-git/cjs/index.js:1571:44)\n at Generator.next ()\n at fulfilled (/home/ubuntu/renovateapp/node_modules/simple-git/cjs/index.js:55:24)\n at runMicrotasks ()\n at processTicksAndRejections (internal/process/task_queues.js:95:5)" } } DEBUG: Branch automerge error(branch="renovate/eslint-8.x") { "err": { "task": { "commands": [ "merge", "--ff-only", "renovate/eslint-8.x" ], "format": "utf-8", "parser": "[function]" }, "message": "fatal: Not possible to fast-forward, aborting.\n", "stack": "Error: fatal: Not possible to fast-forward, aborting.\n\n at Object.action (/home/ubuntu/renovateapp/node_modules/simple-git/cjs/index.js:1194:25)\n at PluginStore.exec (/home/ubuntu/renovateapp/node_modules/simple-git/cjs/index.js:1229:29)\n at /home/ubuntu/renovateapp/node_modules/simple-git/cjs/index.js:1589:43\n at new Promise ()\n at GitExecutorChain.handleTaskData (/home/ubuntu/renovateapp/node_modules/simple-git/cjs/index.js:1587:16)\n at GitExecutorChain. (/home/ubuntu/renovateapp/node_modules/simple-git/cjs/index.js:1571:44)\n at Generator.next ()\n at fulfilled (/home/ubuntu/renovateapp/node_modules/simple-git/cjs/index.js:55:24)\n at runMicrotasks ()\n at processTicksAndRejections (internal/process/task_queues.js:95:5)" } } INFO: Branch is not up to date - cannot automerge(branch="renovate/eslint-8.x") DEBUG: mergeStatus=stale(branch="renovate/eslint-8.x") DEBUG: Ensuring PR(branch="renovate/eslint-8.x") DEBUG: There are 0 errors and 0 warnings(branch="renovate/eslint-8.x") DEBUG: getBranchPr(renovate/eslint-8.x)(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, undefined, open)(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, undefined, closed)(branch="renovate/eslint-8.x") DEBUG: Branch automerge is enabled(branch="renovate/eslint-8.x") DEBUG: resolveBranchStatus(branchName=renovate/eslint-8.x, ignoreTests=false)(branch="renovate/eslint-8.x") DEBUG: getBranchStatus(renovate/eslint-8.x)(branch="renovate/eslint-8.x") DEBUG: No check runs found(branch="renovate/eslint-8.x") { "result": { "total_count": 0, "check_runs": [] } } DEBUG: Branch status green(branch="renovate/eslint-8.x") DEBUG: Branch status is: green(branch="renovate/eslint-8.x") DEBUG: Setting current branch to master(branch="renovate/typescript-eslint-monorepo") DEBUG: latest commit(branch="renovate/typescript-eslint-monorepo") { "branchName": "master", "latestCommitDate": "2022-02-03T22:30:38+00:00" } DEBUG: getBranchPr(renovate/typescript-eslint-monorepo)(branch="renovate/typescript-eslint-monorepo") DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, open)(branch="renovate/typescript-eslint-monorepo") DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, closed)(branch="renovate/typescript-eslint-monorepo") DEBUG: branchExists=false(branch="renovate/typescript-eslint-monorepo") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/typescript-eslint-monorepo") DEBUG: recreateClosed is false(branch="renovate/typescript-eslint-monorepo") DEBUG: findPr(renovate/typescript-eslint-monorepo, chore(deps): update typescript-eslint monorepo to v5.10.2, !open)(branch="renovate/typescript-eslint-monorepo") DEBUG: prAlreadyExisted=false(branch="renovate/typescript-eslint-monorepo") DEBUG: Reached branch limit - skipping branch creation(branch="renovate/typescript-eslint-monorepo") DEBUG: Setting current branch to master(branch="renovate/major-commitlint-monorepo") DEBUG: latest commit(branch="renovate/major-commitlint-monorepo") { "branchName": "master", "latestCommitDate": "2022-02-03T22:30:38+00:00" } DEBUG: branchExists=true(branch="renovate/major-commitlint-monorepo") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/major-commitlint-monorepo") DEBUG: PR rebase requested=false(branch="renovate/major-commitlint-monorepo") DEBUG: Checking if PR has been edited(branch="renovate/major-commitlint-monorepo") DEBUG: Branch has not been modified(branch="renovate/major-commitlint-monorepo") { "branchName": "renovate/major-commitlint-monorepo" } DEBUG: Found existing branch PR(branch="renovate/major-commitlint-monorepo") DEBUG: Checking schedule(before 6am,every weekend, Europe/Oslo)(branch="renovate/major-commitlint-monorepo") DEBUG: Found timezone(branch="renovate/major-commitlint-monorepo") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/major-commitlint-monorepo") DEBUG: Checking 2 schedule(s)(branch="renovate/major-commitlint-monorepo") DEBUG: Checking schedule "before 6am"(branch="renovate/major-commitlint-monorepo") { "parsedSchedule": { "schedules": [ { "t_b": [ 21600 ] } ], "exceptions": [], "error": -1 } } DEBUG: Matches schedule before 6am(branch="renovate/major-commitlint-monorepo") DEBUG: Branch already exists(branch="renovate/major-commitlint-monorepo") DEBUG: GitHub 404(branch="renovate/major-commitlint-monorepo") { "url": "repos/capralifecycle/webapp-deploy-lambda/branches/master/protection" } DEBUG: No branch protection found(branch="renovate/major-commitlint-monorepo") DEBUG: Skipping stale branch check due to rebaseWhen=auto(branch="renovate/major-commitlint-monorepo") DEBUG: isBranchConflicted(master, renovate/major-commitlint-monorepo)(branch="renovate/major-commitlint-monorepo") DEBUG: Branch does not need rebasing(branch="renovate/major-commitlint-monorepo") DEBUG: Using reuseExistingBranch: true(branch="renovate/major-commitlint-monorepo") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=true(branch="renovate/major-commitlint-monorepo") DEBUG: npm.updateDependency(): devDependencies.@commitlint/cli = 16.1.0(branch="renovate/major-commitlint-monorepo") DEBUG: npm.updateDependency(): devDependencies.@commitlint/config-conventional = 16.0.0(branch="renovate/major-commitlint-monorepo") DEBUG: No package files need updating(branch="renovate/major-commitlint-monorepo") DEBUG: Getting updated lock files(branch="renovate/major-commitlint-monorepo") DEBUG: Writing package.json files(branch="renovate/major-commitlint-monorepo") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/major-commitlint-monorepo") DEBUG: Writing any updated package files(branch="renovate/major-commitlint-monorepo") DEBUG: No updated lock files in branch(branch="renovate/major-commitlint-monorepo") DEBUG: No files to commit(branch="renovate/major-commitlint-monorepo") DEBUG: Status check renovate/stability-days is already up-to-date(branch="renovate/major-commitlint-monorepo") DEBUG: Checking if we can automerge branch(branch="renovate/major-commitlint-monorepo") DEBUG: mergeStatus=no automerge(branch="renovate/major-commitlint-monorepo") DEBUG: Ensuring PR(branch="renovate/major-commitlint-monorepo") DEBUG: There are 0 errors and 0 warnings(branch="renovate/major-commitlint-monorepo") DEBUG: Found existing PR(branch="renovate/major-commitlint-monorepo") DEBUG: Processing existing PR(branch="renovate/major-commitlint-monorepo") DEBUG: Pull Request #52 does not need updating(branch="renovate/major-commitlint-monorepo") DEBUG: PR is not configured for automerge(branch="renovate/major-commitlint-monorepo") DEBUG: Setting current branch to master(branch="renovate/black-22.x") DEBUG: latest commit(branch="renovate/black-22.x") { "branchName": "master", "latestCommitDate": "2022-02-03T22:30:38+00:00" } DEBUG: branchExists=true(branch="renovate/black-22.x") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/black-22.x") DEBUG: PR rebase requested=false(branch="renovate/black-22.x") DEBUG: Checking if PR has been edited(branch="renovate/black-22.x") DEBUG: Branch has not been modified(branch="renovate/black-22.x") { "branchName": "renovate/black-22.x" } DEBUG: Found existing branch PR(branch="renovate/black-22.x") DEBUG: Checking schedule(before 6am,every weekend, Europe/Oslo)(branch="renovate/black-22.x") DEBUG: Found timezone(branch="renovate/black-22.x") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/black-22.x") DEBUG: Checking 2 schedule(s)(branch="renovate/black-22.x") DEBUG: Checking schedule "before 6am"(branch="renovate/black-22.x") { "parsedSchedule": { "schedules": [ { "t_b": [ 21600 ] } ], "exceptions": [], "error": -1 } } DEBUG: Matches schedule before 6am(branch="renovate/black-22.x") DEBUG: Branch already exists(branch="renovate/black-22.x") DEBUG: Skipping stale branch check due to rebaseWhen=auto(branch="renovate/black-22.x") DEBUG: isBranchConflicted(master, renovate/black-22.x)(branch="renovate/black-22.x") DEBUG: Branch does not need rebasing(branch="renovate/black-22.x") DEBUG: Using reuseExistingBranch: true(branch="renovate/black-22.x") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=true(branch="renovate/black-22.x") DEBUG: Branch dep is already updated(packageFile="requirements.txt", branch="renovate/black-22.x") { "depName": "black" } DEBUG: No content changed(packageFile="requirements.txt", branch="renovate/black-22.x") { "depName": "black" } DEBUG: No package files need updating(branch="renovate/black-22.x") DEBUG: Getting updated lock files(branch="renovate/black-22.x") DEBUG: Writing package.json files(branch="renovate/black-22.x") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/black-22.x") DEBUG: Writing any updated package files(branch="renovate/black-22.x") DEBUG: No updated lock files in branch(branch="renovate/black-22.x") DEBUG: No files to commit(branch="renovate/black-22.x") DEBUG: Status check renovate/stability-days is already up-to-date(branch="renovate/black-22.x") DEBUG: Checking if we can automerge branch(branch="renovate/black-22.x") DEBUG: mergeStatus=no automerge(branch="renovate/black-22.x") DEBUG: Ensuring PR(branch="renovate/black-22.x") DEBUG: There are 0 errors and 0 warnings(branch="renovate/black-22.x") DEBUG: Found existing PR(branch="renovate/black-22.x") DEBUG: Processing existing PR(branch="renovate/black-22.x") DEBUG: Pull Request #53 does not need updating(branch="renovate/black-22.x") DEBUG: PR is not configured for automerge(branch="renovate/black-22.x") DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed) DEBUG: getBranchPr(renovate/aws-cdk-monorepo) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, open) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, closed) DEBUG: Found PR #50 DEBUG: getBranchPr(renovate/boto3-1.x) DEBUG: findPr(renovate/boto3-1.x, undefined, open) DEBUG: findPr(renovate/boto3-1.x, undefined, closed) DEBUG: getBranchPr(renovate/eslint-8.x) DEBUG: findPr(renovate/eslint-8.x, undefined, open) DEBUG: findPr(renovate/eslint-8.x, undefined, closed) DEBUG: Ensuring Dependency Dashboard DEBUG: ensureIssue(Dependency Dashboard) DEBUG: Patching issue DEBUG: Issue updated DEBUG: Removing any stale branches DEBUG: config.repoIsOnboarded=true DEBUG: Branch lists { "branchList": [ "renovate/aws-cdk-monorepo", "renovate/black-22.x", "renovate/boto3-1.x", "renovate/constructs-10.x", "renovate/eslint-8.x", "renovate/major-commitlint-monorepo", "renovate/node-16.x", "renovate/npm-ansi-regex-vulnerability", "renovate/typescript-eslint-monorepo" ], "renovateBranches": [ "renovate/aws-cdk-monorepo", "renovate/black-22.x", "renovate/boto3-1.x", "renovate/eslint-8.x", "renovate/lock-file-maintenance", "renovate/major-commitlint-monorepo", "renovate/npm-ansi-regex-vulnerability" ] } DEBUG: remainingBranches= DEBUG: No branches to clean up DEBUG: Repository timing splits (milliseconds) { "splits": { "init": 3284, "extract": 4081, "lookup": 8718, "update": 351347 }, "total": 368660 } DEBUG: http statistics { "urls": { "https://api.github.com/graphql (POST)": 4, "https://api.github.com/repos/capraconsulting/renovate-config/contents/default.json (GET)": 1, "https://api.github.com/repos/capraconsulting/renovate-config/contents/library.json (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/1cae176749cb7d859dfc530c90ff28e5f3b125f5/statuses (GET)": 2, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/474b9a137809060cc7229005ed86427bbc0a9dca/statuses (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/8db622bcf39eb5760286414d6873924a08cf51f2/statuses (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/e55e574f48e9653d37ce7e571649726c54e99108/statuses (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/renovate/aws-cdk-monorepo/status (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/renovate/eslint-8.x/check-runs (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/renovate/eslint-8.x/status (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/renovate/npm-ansi-regex-vulnerability/check-runs (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/renovate/npm-ansi-regex-vulnerability/status (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/contents/renovate.json (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/issues/5 (GET)": 2, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/issues/5 (PATCH)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/pulls (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/statuses/1cae176749cb7d859dfc530c90ff28e5f3b125f5 (POST)": 1, "https://api.github.com/repos/whitesource/merge-confidence/contents/beta.json (GET)": 1, "https://pypi.org/pypi/black/json (GET)": 1, "https://registry.npmjs.org/@aws-cdk%2Fassert (GET)": 1, "https://registry.npmjs.org/@commitlint%2Fcli (GET)": 1, "https://registry.npmjs.org/@commitlint%2Fconfig-conventional (GET)": 1 }, "hostStats": { "api.github.com": { "requestCount": 23, "requestAvgMs": 312, "queueAvgMs": 0 }, "pypi.org": { "requestCount": 1, "requestAvgMs": 2515, "queueAvgMs": 9 }, "registry.npmjs.org": { "requestCount": 3, "requestAvgMs": 3367, "queueAvgMs": 0 } }, "totalRequests": 27 } INFO: Repository finished { "durationMs": 368660 } ```

Logs for https://github.com/capralifecycle/webapp-deploy-lambda/commit/bac3955622c9b393b4083b713e39da0fc5a440a6

``` DEBUG: No dangling containers to remove INFO: Repository started { "renovateVersion": "31.66.0" } DEBUG: Using localDir: /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda DEBUG: Repository cache is valid DEBUG: initRepo("capralifecycle/webapp-deploy-lambda") DEBUG: Overriding default GitHub endpoint { "endpoint": "https://api.github.com/" } DEBUG: capralifecycle/webapp-deploy-lambda default branch = master DEBUG: Using app token for git init DEBUG: resetMemCache() DEBUG: Resetting npmrc DEBUG: detectSemanticCommits() DEBUG: checkOnboarding() DEBUG: isOnboarded() DEBUG: Checking cached config file name DEBUG: Existing config file confirmed DEBUG: Repo is onboarded DEBUG: migrateAndValidate() DEBUG: No config migration necessary DEBUG: massaged config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "github>capraconsulting/renovate-config:library" ], "automerge": true, "automergeType": "branch" } } DEBUG: migrated config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "github>capraconsulting/renovate-config:library" ], "automerge": true, "automergeType": "branch" } } DEBUG: Found repo ignorePaths { "ignorePaths": [ "**/node_modules/**", "**/bower_components/**", "**/vendor/**", "**/examples/**", "**/__tests__/**", "**/test/**", "**/tests/**", "**/__fixtures__/**" ] } DEBUG: GitHub vulnerability details { "alerts": { "npm/ansi-regex": { "> 2.1.1, < 5.0.1": "5.0.1" } } } DEBUG: alert package rules { "alertPackageRules": [ { "matchDatasources": [ "npm" ], "matchPackageNames": [ "ansi-regex" ], "matchCurrentVersion": "= 3.0.0", "matchFiles": [ "package-lock.json" ], "enabled": false } ] } DEBUG: findIssue(Dependency Dashboard) DEBUG: Retrieving issueList DEBUG: Retrieved 2 issues DEBUG: Found issue 5 DEBUG: No baseBranches DEBUG: extract() DEBUG: Found cached extract { "baseBranch": "master", "baseBranchSha": "b357349f3a1df86c833a09d46b673d490dfaf017" } DEBUG: Deleted cached dep updates INFO: Dependency extraction complete { "baseBranch": "master", "stats": { "managers": { "npm": { "fileCount": 1, "depCount": 23 }, "pip_requirements": { "fileCount": 1, "depCount": 3 } }, "total": { "fileCount": 2, "depCount": 26 } } } DEBUG: Package releases lookups complete { "baseBranch": "master" } DEBUG: branchifyUpgrades DEBUG: Using group branchName template DEBUG: Dependency @aws-cdk/assert is part of group aws-cdk monorepo DEBUG: Using group branchName template DEBUG: Dependency @commitlint/cli is part of group commitlint monorepo DEBUG: Using group branchName template DEBUG: Dependency @commitlint/config-conventional is part of group commitlint monorepo DEBUG: Using group branchName template DEBUG: Dependency @typescript-eslint/eslint-plugin is part of group typescript-eslint monorepo DEBUG: Using group branchName template DEBUG: Dependency @typescript-eslint/parser is part of group typescript-eslint monorepo DEBUG: Using group branchName template DEBUG: Dependency aws-cdk-lib is part of group aws-cdk monorepo DEBUG: 12 flattened updates found: @aws-cdk/assert, @commitlint/cli, @commitlint/config-conventional, @types/node, @typescript-eslint/eslint-plugin, @typescript-eslint/parser, aws-cdk-lib, constructs, eslint, ansi-regex, black, boto3 DEBUG: Returning 9 branch(es) DEBUG: Fetching changelog: https://github.com/aws/aws-cdk (2.8.0 -> 2.10.0) DEBUG: Fetching changelog: https://github.com/aws/aws-cdk (2.8.0 -> 2.10.0) DEBUG: Fetching changelog: https://github.com/conventional-changelog/commitlint (15.0.0 -> 16.0.0) DEBUG: Fetching changelog: https://github.com/conventional-changelog/commitlint (15.0.0 -> 16.1.0) DEBUG: Fetching changelog: https://github.com/DefinitelyTyped/DefinitelyTyped (16.11.19 -> 16.11.22) DEBUG: Fetching changelog: https://github.com/typescript-eslint/typescript-eslint (5.9.1 -> 5.10.2) DEBUG: Fetching changelog: https://github.com/typescript-eslint/typescript-eslint (5.9.1 -> 5.10.2) DEBUG: Fetching changelog: https://github.com/aws/constructs (10.0.33 -> 10.0.52) DEBUG: Fetching changelog: https://github.com/eslint/eslint (8.6.0 -> 8.8.0) DEBUG: Fetching changelog: https://github.com/psf/black (19.3b0 -> 22.1.0) DEBUG: Fetching changelog: https://github.com/boto/boto3 (1.17.84 -> 1.20.48) DEBUG: config.repoIsOnboarded=true DEBUG: packageFiles with updates { "config": { "npm": [ { "packageFile": "package.json", "deps": [ { "depType": "devDependencies", "depName": "@aws-cdk/assert", "currentValue": "2.8.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.8.0", "depIndex": 0, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/aws-cdk", "sourceDirectory": "packages/@aws-cdk/assert", "currentVersion": "2.8.0", "isSingleVersion": true, "fixedVersion": "2.8.0", "updates": [ { "bucket": "non-major", "newVersion": "2.10.0", "newValue": "2.10.0", "releaseTimestamp": "2022-01-29T06:30:19.801Z", "newMajor": 2, "newMinor": 10, "updateType": "minor", "branchName": "renovate/aws-cdk-monorepo" } ] }, { "depType": "devDependencies", "depName": "@commitlint/cli", "currentValue": "15.0.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "15.0.0", "depIndex": 1, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/conventional-changelog/commitlint", "sourceDirectory": "@commitlint/cli", "homepage": "https://commitlint.js.org/", "currentVersion": "15.0.0", "isSingleVersion": true, "fixedVersion": "15.0.0", "updates": [ { "bucket": "major", "newVersion": "16.1.0", "newValue": "16.1.0", "releaseTimestamp": "2022-01-20T07:21:47.213Z", "newMajor": 16, "newMinor": 1, "updateType": "major", "branchName": "renovate/major-commitlint-monorepo" } ] }, { "depType": "devDependencies", "depName": "@commitlint/config-conventional", "currentValue": "15.0.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "15.0.0", "depIndex": 2, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/conventional-changelog/commitlint", "sourceDirectory": "@commitlint/config-conventional", "homepage": "https://commitlint.js.org/", "currentVersion": "15.0.0", "isSingleVersion": true, "fixedVersion": "15.0.0", "updates": [ { "bucket": "major", "newVersion": "16.0.0", "newValue": "16.0.0", "releaseTimestamp": "2021-12-26T06:55:44.520Z", "newMajor": 16, "newMinor": 0, "updateType": "major", "branchName": "renovate/major-commitlint-monorepo" } ] }, { "depType": "devDependencies", "depName": "@types/jest", "currentValue": "27.4.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "27.4.0", "depIndex": 3, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/DefinitelyTyped/DefinitelyTyped", "sourceDirectory": "types/jest", "currentVersion": "27.4.0", "fixedVersion": "27.4.0", "updates": [] }, { "depType": "devDependencies", "depName": "@types/node", "currentValue": "16.11.19", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "16.11.19", "depIndex": 4, "warnings": [], "versioning": "node", "sourceUrl": "https://github.com/DefinitelyTyped/DefinitelyTyped", "sourceDirectory": "types/node", "currentVersion": "16.11.19", "isSingleVersion": true, "fixedVersion": "16.11.19", "updates": [ { "bucket": "non-major", "newVersion": "16.11.22", "newValue": "16.11.22", "releaseTimestamp": "2022-02-01T08:33:00.727Z", "newMajor": 16, "newMinor": 11, "updateType": "patch", "branchName": "renovate/node-16.x" } ] }, { "depType": "devDependencies", "depName": "@typescript-eslint/eslint-plugin", "currentValue": "5.9.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "5.9.1", "depIndex": 5, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/typescript-eslint/typescript-eslint", "sourceDirectory": "packages/eslint-plugin", "currentVersion": "5.9.1", "isSingleVersion": true, "fixedVersion": "5.9.1", "updates": [ { "bucket": "non-major", "newVersion": "5.10.2", "newValue": "5.10.2", "releaseTimestamp": "2022-01-31T18:02:48.080Z", "newMajor": 5, "newMinor": 10, "updateType": "minor", "branchName": "renovate/typescript-eslint-monorepo" } ] }, { "depType": "devDependencies", "depName": "@typescript-eslint/parser", "currentValue": "5.9.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "5.9.1", "depIndex": 6, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/typescript-eslint/typescript-eslint", "sourceDirectory": "packages/parser", "currentVersion": "5.9.1", "isSingleVersion": true, "fixedVersion": "5.9.1", "updates": [ { "bucket": "non-major", "newVersion": "5.10.2", "newValue": "5.10.2", "releaseTimestamp": "2022-01-31T18:02:34.397Z", "newMajor": 5, "newMinor": 10, "updateType": "minor", "branchName": "renovate/typescript-eslint-monorepo" } ] }, { "depType": "devDependencies", "depName": "aws-cdk-lib", "currentValue": "2.8.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.8.0", "depIndex": 7, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/aws-cdk", "sourceDirectory": "packages/aws-cdk-lib", "currentVersion": "2.8.0", "isSingleVersion": true, "fixedVersion": "2.8.0", "updates": [ { "bucket": "non-major", "newVersion": "2.10.0", "newValue": "2.10.0", "releaseTimestamp": "2022-01-29T06:32:54.784Z", "newMajor": 2, "newMinor": 10, "updateType": "minor", "branchName": "renovate/aws-cdk-monorepo" } ] }, { "depType": "devDependencies", "depName": "constructs", "currentValue": "10.0.33", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "10.0.33", "depIndex": 8, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/constructs", "currentVersion": "10.0.33", "isSingleVersion": true, "fixedVersion": "10.0.33", "updates": [ { "bucket": "non-major", "newVersion": "10.0.52", "newValue": "10.0.52", "releaseTimestamp": "2022-02-02T00:12:44.988Z", "newMajor": 10, "newMinor": 0, "updateType": "patch", "branchName": "renovate/constructs-10.x" } ] }, { "depType": "devDependencies", "depName": "eslint", "currentValue": "8.6.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "8.6.0", "depIndex": 9, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/eslint/eslint", "homepage": "https://eslint.org", "currentVersion": "8.6.0", "isSingleVersion": true, "fixedVersion": "8.6.0", "updates": [ { "bucket": "non-major", "newVersion": "8.8.0", "newValue": "8.8.0", "releaseTimestamp": "2022-01-28T21:13:48.881Z", "newMajor": 8, "newMinor": 8, "updateType": "minor", "branchName": "renovate/eslint-8.x" } ] }, { "depType": "devDependencies", "depName": "eslint-config-prettier", "currentValue": "8.3.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "8.3.0", "depIndex": 10, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/prettier/eslint-config-prettier", "currentVersion": "8.3.0", "fixedVersion": "8.3.0", "updates": [] }, { "depType": "devDependencies", "depName": "eslint-plugin-deprecation", "currentValue": "1.3.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "1.3.2", "depIndex": 11, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/gund/eslint-plugin-deprecation", "currentVersion": "1.3.2", "fixedVersion": "1.3.2", "updates": [] }, { "depType": "devDependencies", "depName": "eslint-plugin-prettier", "currentValue": "4.0.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "4.0.0", "depIndex": 12, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/prettier/eslint-plugin-prettier", "currentVersion": "4.0.0", "fixedVersion": "4.0.0", "updates": [] }, { "depType": "devDependencies", "depName": "husky", "currentValue": "7.0.4", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "7.0.4", "depIndex": 13, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/typicode/husky", "homepage": "https://typicode.github.io/husky", "currentVersion": "7.0.4", "fixedVersion": "7.0.4", "updates": [] }, { "depType": "devDependencies", "depName": "jest", "currentValue": "27.4.7", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "27.4.7", "depIndex": 14, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/facebook/jest", "homepage": "https://jestjs.io/", "currentVersion": "27.4.7", "fixedVersion": "27.4.7", "updates": [] }, { "depType": "devDependencies", "depName": "jest-cdk-snapshot", "currentValue": "2.0.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.0.1", "depIndex": 15, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/hupe1980/jest-cdk-snapshot", "currentVersion": "2.0.1", "fixedVersion": "2.0.1", "updates": [] }, { "depType": "devDependencies", "depName": "prettier", "currentValue": "2.5.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.5.1", "depIndex": 16, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/prettier/prettier", "homepage": "https://prettier.io", "currentVersion": "2.5.1", "fixedVersion": "2.5.1", "updates": [] }, { "depType": "devDependencies", "depName": "semantic-release", "currentValue": "19.0.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "19.0.2", "depIndex": 17, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/semantic-release/semantic-release", "currentVersion": "19.0.2", "fixedVersion": "19.0.2", "updates": [] }, { "depType": "devDependencies", "depName": "ts-jest", "currentValue": "27.1.3", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "27.1.3", "depIndex": 18, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/kulshekhar/ts-jest", "homepage": "https://kulshekhar.github.io/ts-jest", "currentVersion": "27.1.3", "fixedVersion": "27.1.3", "updates": [] }, { "depType": "devDependencies", "depName": "ts-node", "currentValue": "10.4.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "10.4.0", "depIndex": 19, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/TypeStrong/ts-node", "homepage": "https://typestrong.org/ts-node", "currentVersion": "10.4.0", "fixedVersion": "10.4.0", "updates": [] }, { "depType": "devDependencies", "depName": "typescript", "currentValue": "4.5.5", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "4.5.5", "depIndex": 20, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/Microsoft/TypeScript", "homepage": "https://www.typescriptlang.org/", "currentVersion": "4.5.5", "fixedVersion": "4.5.5", "updates": [] }, { "depType": "peerDependencies", "depName": "aws-cdk-lib", "currentValue": "^2.0.0", "datasource": "npm", "prettyDepType": "peerDependency", "lockedVersion": "2.8.0", "depIndex": 21, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/aws-cdk", "sourceDirectory": "packages/aws-cdk-lib", "currentVersion": "2.8.0", "fixedVersion": "2.8.0", "updates": [] }, { "depType": "peerDependencies", "depName": "constructs", "currentValue": "^10.0.0", "datasource": "npm", "prettyDepType": "peerDependency", "lockedVersion": "10.0.33", "depIndex": 22, "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/constructs", "currentVersion": "10.0.33", "fixedVersion": "10.0.33", "updates": [] } ], "packageJsonName": "@capraconsulting/webapp-deploy-lambda", "packageFileVersion": "0.0.0-development", "packageJsonType": "library", "npmLock": "package-lock.json", "managerData": { "yarnZeroInstall": false }, "skipInstalls": true, "constraints": { "npm": "<7" }, "lockFiles": [ "package-lock.json" ] } ], "pip_requirements": [ { "packageFile": "requirements.txt", "deps": [ { "depName": "black", "currentValue": "==19.3b0", "datasource": "pypi", "currentVersion": "19.3b0", "depIndex": 0, "warnings": [], "versioning": "pep440", "sourceUrl": "https://github.com/psf/black", "changelogUrl": "https://github.com/psf/black/blob/main/CHANGES.md", "isSingleVersion": true, "fixedVersion": "19.3b0", "updates": [ { "bucket": "major", "newVersion": "22.1.0", "newValue": "==22.1.0", "releaseTimestamp": "2022-01-29T20:39:31.000Z", "newMajor": 22, "newMinor": 1, "updateType": "major", "isRange": true, "branchName": "renovate/black-22.x" } ] }, { "depName": "boto3", "currentValue": "==1.17.84", "datasource": "pypi", "currentVersion": "1.17.84", "depIndex": 1, "warnings": [], "versioning": "pep440", "sourceUrl": "https://github.com/boto/boto3", "isSingleVersion": true, "fixedVersion": "1.17.84", "updates": [ { "bucket": "non-major", "newVersion": "1.20.48", "newValue": "==1.20.48", "releaseTimestamp": "2022-02-03T20:12:00.000Z", "newMajor": 1, "newMinor": 20, "updateType": "minor", "isRange": true, "branchName": "renovate/boto3-1.x" } ] }, { "depName": "flake8", "currentValue": "==4.0.1", "datasource": "pypi", "currentVersion": "4.0.1", "depIndex": 2, "warnings": [], "versioning": "pep440", "sourceUrl": "https://github.com/pycqa/flake8", "changelogUrl": "http://flake8.pycqa.org/en/latest/release-notes/index.html", "fixedVersion": "4.0.1", "updates": [] } ] } ] } } DEBUG: processRepo() DEBUG: Processing 9 branches: renovate/aws-cdk-monorepo, renovate/black-22.x, renovate/boto3-1.x, renovate/constructs-10.x, renovate/eslint-8.x, renovate/major-commitlint-monorepo, renovate/node-16.x, renovate/npm-ansi-regex-vulnerability, renovate/typescript-eslint-monorepo DEBUG: Calculating hourly PRs remaining DEBUG: Retrieving PR list DEBUG: Retrieved 47 Pull Requests DEBUG: currentHourStart=2022-02-04T03:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating prConcurrentLimit (10) DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed) DEBUG: getBranchPr(renovate/node-16.x) DEBUG: findPr(renovate/node-16.x, undefined, open) DEBUG: findPr(renovate/node-16.x, undefined, closed) DEBUG: getBranchPr(renovate/constructs-10.x) DEBUG: findPr(renovate/constructs-10.x, undefined, open) DEBUG: findPr(renovate/constructs-10.x, undefined, closed) DEBUG: getBranchPr(renovate/aws-cdk-monorepo) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, open) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, closed) DEBUG: Found PR #50 DEBUG: getBranchPr(renovate/boto3-1.x) DEBUG: findPr(renovate/boto3-1.x, undefined, open) DEBUG: findPr(renovate/boto3-1.x, undefined, closed) DEBUG: getBranchPr(renovate/eslint-8.x) DEBUG: findPr(renovate/eslint-8.x, undefined, open) DEBUG: findPr(renovate/eslint-8.x, undefined, closed) DEBUG: getBranchPr(renovate/typescript-eslint-monorepo) DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, open) DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, closed) DEBUG: getBranchPr(renovate/major-commitlint-monorepo) DEBUG: findPr(renovate/major-commitlint-monorepo, undefined, open) DEBUG: Found PR #52 DEBUG: Returning from graphql open PR list DEBUG: getBranchPr(renovate/black-22.x) DEBUG: findPr(renovate/black-22.x, undefined, open) DEBUG: Found PR #53 DEBUG: Returning from graphql open PR list DEBUG: 2 PRs are currently open DEBUG: PR concurrent limit remaining: 8 DEBUG: Calculated maximum PRs remaining this run { "prsRemaining": 2 } DEBUG: PullRequests limit = 2 DEBUG: Calculating hourly PRs remaining DEBUG: currentHourStart=2022-02-04T03:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating branchConcurrentLimit (10) DEBUG: 6 already existing branches found: renovate/npm-ansi-regex-vulnerability,renovate/aws-cdk-monorepo,renovate/boto3-1.x,renovate/eslint-8.x,renovate/major-commitlint-monorepo,renovate/black-22.x DEBUG: Branch concurrent limit remaining: 4 DEBUG: Calculated maximum branches remaining this run { "branchesRemaining": 2 } DEBUG: Branches limit = 2 DEBUG: Setting current branch to master(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Initializing git repository into /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Performing blobless clone(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: git clone completed(branch="renovate/npm-ansi-regex-vulnerability") { "durationMs": 1137 } DEBUG: latest repository commit(branch="renovate/npm-ansi-regex-vulnerability") { "latestCommit": { "hash": "b357349f3a1df86c833a09d46b673d490dfaf017", "date": "2022-02-03T22:30:38+00:00", "message": "chore(deps): update dependency ansi-regex to 5.0.1 [security]", "refs": "HEAD -> master, origin/master, origin/HEAD", "body": "", "author_name": "Renovate Bot", "author_email": "bot@renovateapp.com" } } DEBUG: latest commit(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "master", "latestCommitDate": "2022-02-03T22:30:38+00:00" } DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: branchExists=true(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: recreateClosed is false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, chore(deps): update dependency ansi-regex to 5.0.1 [security], !open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: prAlreadyExisted=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Checking if PR has been edited(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch has not been modified(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "renovate/npm-ansi-regex-vulnerability" } DEBUG: Checking schedule(, Europe/Oslo)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No schedule defined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch already exists(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: isBranchStale=false(branch="renovate/npm-ansi-regex-vulnerability") { "isStale": false, "currentBranch": "master", "currentBranchSha": "b357349f3a1df86c833a09d46b673d490dfaf017" } DEBUG: Branch is up-to-date(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: isBranchConflicted(master, renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Setting git author name(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorName": "Renovate Bot" } DEBUG: Setting git author email(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorEmail": "bot@renovateapp.com" } DEBUG: Branch does not need rebasing(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using reuseExistingBranch: true(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=true(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: ansi-regex@3.0.0 -> 5.0.1 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of strip-ansi starting with 4.0.0 which supports >= ansi-regex@5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: ansi-regex needs strip-ansi@6.0.0 which uses constraint "^5.0.0" in order to update to 5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of ansi-regex to 5.0.1 can be achieved due to parent strip-ansi(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: strip-ansi@4.0.0 -> 6.0.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of string-width starting with 2.1.1 which supports >= strip-ansi@6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: strip-ansi needs string-width@4.2.0 which uses constraint "^6.0.0" in order to update to 6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of strip-ansi to 6.0.0 can be achieved due to parent string-width(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: string-width@2.1.1 -> 4.2.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of wide-align starting with 1.1.5 which supports >= string-width@4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: string-width needs wide-align@1.1.5 which uses constraint "^1.0.2 || 2 || 3 || 4" in order to update to 4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of string-width to 4.2.0 already achieved in parent wide-align@1.1.5(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Need to retry branch as it is not already up-to-date(branch="renovate/npm-ansi-regex-vulnerability") { "lockFile": "package-lock.json", "depName": "ansi-regex", "status": "updated" } DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: ansi-regex@3.0.0 -> 5.0.1 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of strip-ansi starting with 4.0.0 which supports >= ansi-regex@5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: ansi-regex needs strip-ansi@6.0.0 which uses constraint "^5.0.0" in order to update to 5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of ansi-regex to 5.0.1 can be achieved due to parent strip-ansi(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: strip-ansi@4.0.0 -> 6.0.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of string-width starting with 2.1.1 which supports >= strip-ansi@6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: strip-ansi needs string-width@4.2.0 which uses constraint "^6.0.0" in order to update to 6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of strip-ansi to 6.0.0 can be achieved due to parent string-width(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: string-width@2.1.1 -> 4.2.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of wide-align starting with 1.1.5 which supports >= string-width@4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: string-width needs wide-align@1.1.5 which uses constraint "^1.0.2 || 2 || 3 || 4" in order to update to 4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of string-width to 4.2.0 already achieved in parent wide-align@1.1.5(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Getting updated lock files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing package.json files(branch="renovate/npm-ansi-regex-vulnerability") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing any updated package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing lock file: package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No npmrc file found in repository(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing updated .npmrc file to /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/.npmrc(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Generating package-lock.json for .(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Spawning npm install to create /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updating lock file only(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No node constraint found - using latest(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using docker to execute(branch="renovate/npm-ansi-regex-vulnerability") { "image": "node" } DEBUG: Resolved version(branch="renovate/npm-ansi-regex-vulnerability") { "toolName": "npm", "constraint": "<7", "resolvedVersion": "6.14.16" } DEBUG: No tag or tagConstraint specified(branch="renovate/npm-ansi-regex-vulnerability") { "image": "docker.io/renovate/node" } DEBUG: Docker image is already prefetched: docker.io/renovate/node(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Executing command(branch="renovate/npm-ansi-regex-vulnerability") { "command": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"" } DEBUG: exec completed(branch="renovate/npm-ansi-regex-vulnerability") { "cmd": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"", "durationMs": 103408, "stdout": "Installing legacy tool npm v6.14.16\n/home/ubuntu/npm/6.14.16/bin/npm -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npm-cli.js\n/home/ubuntu/npm/6.14.16/bin/npx -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npx-cli.js\n+ npm@6.14.16\nadded 437 packages from 891 contributors in 55.14s\n+ node-gyp@8.4.1\nadded 61 packages from 20 contributors, updated 2 packages and audited 563 packages in 14.382s\n\n5 packages are looking for funding\n run `npm fund` for details\n\nfound 9 moderate severity vulnerabilities\n run `npm audit fix` to fix them, or `npm audit` for details\n6.14.16\nadded 935 packages in 10.92s\nadded 935 packages in 9.246s\n", "stderr": "npm notice created a lockfile as package-lock.json. You should commit this file.\nnpm WARN using --force I sure hope you know what you are doing.\n" } DEBUG: package-lock.json needs updating(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 lock files(branch="renovate/npm-ansi-regex-vulnerability") { "updatedArtifacts": [ "package-lock.json" ] } DEBUG: 1 file(s) to commit(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Preparing files for commiting to branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: git commit(branch="renovate/npm-ansi-regex-vulnerability") { "deletedFiles": [], "ignoredFiles": [], "result": { "author": null, "branch": "renovate/npm-ansi-regex-vulnerability", "commit": "3fc969a", "root": false, "summary": { "changes": 1, "insertions": 8, "deletions": 0 } } } DEBUG: No file changes detected. Skipping commit(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "renovate/npm-ansi-regex-vulnerability", "deletedFiles": [], "addedModifiedFiles": [ "package-lock.json", "package-lock.json" ], "ignoredFiles": [] } DEBUG: Checking if we can automerge branch(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: resolveBranchStatus(branchName=renovate/npm-ansi-regex-vulnerability, ignoreTests=false)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchStatus(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No check runs found(branch="renovate/npm-ansi-regex-vulnerability") { "result": { "total_count": 0, "check_runs": [] } } DEBUG: Branch status green(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Automerging branch(branch="renovate/npm-ansi-regex-vulnerability") INFO: Branch automerged(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: mergeStatus=automerged(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Deleted remote branch(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "renovate/npm-ansi-regex-vulnerability" } DEBUG: Deleted local branch(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "renovate/npm-ansi-regex-vulnerability" } DEBUG: Branch is automerged - returning(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchPr(renovate/aws-cdk-monorepo) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, open) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, closed) DEBUG: Found PR #50 DEBUG: Branch has not been modified { "branchName": "renovate/aws-cdk-monorepo" } DEBUG: getBranchPr(renovate/boto3-1.x) DEBUG: findPr(renovate/boto3-1.x, undefined, open) DEBUG: findPr(renovate/boto3-1.x, undefined, closed) DEBUG: Branch has not been modified { "branchName": "renovate/boto3-1.x" } DEBUG: getBranchPr(renovate/eslint-8.x) DEBUG: findPr(renovate/eslint-8.x, undefined, open) DEBUG: findPr(renovate/eslint-8.x, undefined, closed) DEBUG: Branch has not been modified { "branchName": "renovate/eslint-8.x" } DEBUG: Branch has not been modified { "branchName": "renovate/major-commitlint-monorepo" } DEBUG: Branch has not been modified { "branchName": "renovate/black-22.x" } INFO: Renovating repository again after automerge result DEBUG: No dangling containers to remove INFO: Repository started { "renovateVersion": "31.66.0" } DEBUG: Using localDir: /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda DEBUG: Repository cache is valid DEBUG: initRepo("capralifecycle/webapp-deploy-lambda") DEBUG: Overriding default GitHub endpoint { "endpoint": "https://api.github.com/" } DEBUG: capralifecycle/webapp-deploy-lambda default branch = master DEBUG: Using app token for git init DEBUG: resetMemCache() DEBUG: Resetting npmrc DEBUG: detectSemanticCommits() DEBUG: checkOnboarding() DEBUG: isOnboarded() DEBUG: Checking cached config file name DEBUG: Existing config file confirmed DEBUG: Repo is onboarded DEBUG: migrateAndValidate() DEBUG: No config migration necessary DEBUG: massaged config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "github>capraconsulting/renovate-config:library" ], "automerge": true, "automergeType": "branch" } } DEBUG: migrated config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "github>capraconsulting/renovate-config:library" ], "automerge": true, "automergeType": "branch" } } DEBUG: Found repo ignorePaths { "ignorePaths": [ "**/node_modules/**", "**/bower_components/**", "**/vendor/**", "**/examples/**", "**/__tests__/**", "**/test/**", "**/tests/**", "**/__fixtures__/**" ] } DEBUG: GitHub vulnerability details { "alerts": { "npm/ansi-regex": { "> 2.1.1, < 5.0.1": "5.0.1" } } } DEBUG: alert package rules { "alertPackageRules": [ { "matchDatasources": [ "npm" ], "matchPackageNames": [ "ansi-regex" ], "matchCurrentVersion": "= 3.0.0", "matchFiles": [ "package-lock.json" ], "enabled": false } ] } DEBUG: findIssue(Dependency Dashboard) DEBUG: Retrieving issueList DEBUG: Retrieved 2 issues DEBUG: Found issue 5 DEBUG: No baseBranches DEBUG: extract() DEBUG: Setting current branch to master DEBUG: Initializing git repository into /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda DEBUG: resetToBranch(master) DEBUG: resetToBranch(master) DEBUG: { "existingBranches": [] } INFO: git fetch completed { "durationMs": 1483 } DEBUG: latest repository commit { "latestCommit": { "hash": "3e4601d5f0eca5edd080c17485c6d24d2cf42b5f", "date": "2022-02-04T01:09:30+00:00", "message": "chore(deps): update dependency ansi-regex to 5.0.1 [security]", "refs": "HEAD -> master, origin/master, origin/HEAD", "body": "", "author_name": "Renovate Bot", "author_email": "bot@renovateapp.com" } } DEBUG: latest commit { "branchName": "master", "latestCommitDate": "2022-02-04T01:09:30+00:00" } DEBUG: Using file match: (^|/)tasks/[^/]+\.ya?ml$ for manager ansible DEBUG: Using file match: (^|/)requirements\.ya?ml$ for manager ansible-galaxy DEBUG: Using file match: (^|/)galaxy\.ya?ml$ for manager ansible-galaxy DEBUG: Using file match: azure.*pipelines?.*\.ya?ml$ for manager azure-pipelines DEBUG: Using file match: (^|/)batect(-bundle)?\.yml$ for manager batect DEBUG: Using file match: (^|/)batect$ for manager batect-wrapper DEBUG: Using file match: (^|/)WORKSPACE(|\.bazel)$ for manager bazel DEBUG: Using file match: \.bzl$ for manager bazel DEBUG: Using file match: (^|/)\.?bitbucket-pipelines\.ya?ml$ for manager bitbucket-pipelines DEBUG: Using file match: buildkite\.ya?ml for manager buildkite DEBUG: Using file match: \.buildkite/.+\.ya?ml$ for manager buildkite DEBUG: Using file match: (^|/)Gemfile$ for manager bundler DEBUG: Using file match: \.cake$ for manager cake DEBUG: Using file match: (^|/)Cargo.toml$ for manager cargo DEBUG: Using file match: (^|/).circleci/config.yml$ for manager circleci DEBUG: Using file match: (^|/)cloudbuild.ya?ml for manager cloudbuild DEBUG: Using file match: (^|/)Podfile$ for manager cocoapods DEBUG: Using file match: (^|/)([\w-]*)composer.json$ for manager composer DEBUG: Using file match: (^|/)deps\.edn$ for manager deps-edn DEBUG: Using file match: (^|/)docker-compose[^/]*\.ya?ml$ for manager docker-compose DEBUG: Using file match: (^|/|\.)Dockerfile$ for manager dockerfile DEBUG: Using file match: (^|/)Dockerfile\.[^/]*$ for manager dockerfile DEBUG: Using file match: (^|/).drone.yml$ for manager droneci DEBUG: Using file match: (^|/)flux-system/gotk-components\.yaml$ for manager flux DEBUG: Using file match: (^|/).gitmodules$ for manager git-submodules DEBUG: Using file match: (^workflow-templates|\.github\/workflows)\/[^/]+\.ya?ml$ for manager github-actions DEBUG: Using file match: (^|\/)action\.ya?ml$ for manager github-actions DEBUG: Using file match: \.gitlab-ci\.yml$ for manager gitlabci DEBUG: Using file match: \.gitlab-ci\.yml$ for manager gitlabci-include DEBUG: Using file match: (^|/)go.mod$ for manager gomod DEBUG: Using file match: \.gradle(\.kts)?$ for manager gradle DEBUG: Using file match: (^|\/)gradle\.properties$ for manager gradle DEBUG: Using file match: (^|\/)gradle\/.+\.toml$ for manager gradle DEBUG: Using file match: \.versions\.toml$ for manager gradle DEBUG: Using file match: (^|/)gradle/wrapper/gradle-wrapper.properties$ for manager gradle-wrapper DEBUG: Using file match: (^|/)requirements\.yaml$ for manager helm-requirements DEBUG: Using file match: (^|/)values.yaml$ for manager helm-values DEBUG: Using file match: (^|/)helmfile.yaml$ for manager helmfile DEBUG: Using file match: (^|/)Chart.yaml$ for manager helmv3 DEBUG: Using file match: ^Formula/[^/]+[.]rb$ for manager homebrew DEBUG: Using file match: \.html?$ for manager html DEBUG: Using file match: (^|/)plugins\.(txt|ya?ml)$ for manager jenkins DEBUG: Using file match: (^|/)jsonnetfile.json$ for manager jsonnet-bundler DEBUG: Using file match: (^|/)kustomization\.yaml for manager kustomize DEBUG: Using file match: (^|/)project\.clj$ for manager leiningen DEBUG: Using file match: (^|/|\.)pom\.xml$ for manager maven DEBUG: Using file match: ^(((\.mvn)|(\.m2))/)?settings\.xml$ for manager maven DEBUG: Using file match: (^|/)package.js$ for manager meteor DEBUG: Using file match: (^|/)mix\.exs$ for manager mix DEBUG: Using file match: (^|/).node-version$ for manager nodenv DEBUG: Using file match: (^|/)package.json$ for manager npm DEBUG: Using file match: \.(?:cs|fs|vb)proj$ for manager nuget DEBUG: Using file match: \.(?:props|targets)$ for manager nuget DEBUG: Using file match: (^|\/)dotnet-tools\.json$ for manager nuget DEBUG: Using file match: (^|\/)global\.json$ for manager nuget DEBUG: Using file match: (^|/)\.nvmrc$ for manager nvm DEBUG: Using file match: (^|/)([\w-]*)requirements\.(txt|pip)$ for manager pip_requirements DEBUG: Using file match: (^|/)setup.py$ for manager pip_setup DEBUG: Using file match: (^|/)Pipfile$ for manager pipenv DEBUG: Using file match: (^|/)pyproject\.toml$ for manager poetry DEBUG: Using file match: (^|/)\.pre-commit-config\.yaml$ for manager pre-commit DEBUG: Using file match: (^|/)pubspec\.ya?ml$ for manager pub DEBUG: Using file match: (^|/).python-version$ for manager pyenv DEBUG: Using file match: (^|/)\.ruby-version$ for manager ruby-version DEBUG: Using file match: \.sbt$ for manager sbt DEBUG: Using file match: project/[^/]*.scala$ for manager sbt DEBUG: Using file match: (^|/)setup\.cfg$ for manager setup-cfg DEBUG: Using file match: (^|/)Package\.swift for manager swift DEBUG: Using file match: \.tf$ for manager terraform DEBUG: Using file match: (^|/)\.terraform-version$ for manager terraform-version DEBUG: Using file match: (^|/)terragrunt\.hcl$ for manager terragrunt DEBUG: Using file match: (^|/)\.terragrunt-version$ for manager terragrunt-version DEBUG: Using file match: ^.travis.yml$ for manager travis DEBUG: Matched 1 file(s) for manager npm: package.json DEBUG: Matched 1 file(s) for manager pip_requirements: requirements.txt DEBUG: npm file package.json has name "@capraconsulting/webapp-deploy-lambda" DEBUG: Detecting pnpm Workspaces DEBUG: Detecting Lerna and Yarn Workspaces DEBUG: Finding locked versions DEBUG: Found package-lock.json for package.json DEBUG: Found npm package files DEBUG: Found pip_requirements package files DEBUG: Found 2 package file(s) INFO: Dependency extraction complete { "baseBranch": "master", "stats": { "managers": { "npm": { "fileCount": 1, "depCount": 23 }, "pip_requirements": { "fileCount": 1, "depCount": 3 } }, "total": { "fileCount": 2, "depCount": 26 } } } DEBUG: Package releases lookups complete { "baseBranch": "master" } DEBUG: branchifyUpgrades DEBUG: Using group branchName template DEBUG: Dependency @aws-cdk/assert is part of group aws-cdk monorepo DEBUG: Using group branchName template DEBUG: Dependency @commitlint/cli is part of group commitlint monorepo DEBUG: Using group branchName template DEBUG: Dependency @commitlint/config-conventional is part of group commitlint monorepo DEBUG: Using group branchName template DEBUG: Dependency @typescript-eslint/eslint-plugin is part of group typescript-eslint monorepo DEBUG: Using group branchName template DEBUG: Dependency @typescript-eslint/parser is part of group typescript-eslint monorepo DEBUG: Using group branchName template DEBUG: Dependency aws-cdk-lib is part of group aws-cdk monorepo DEBUG: 12 flattened updates found: @aws-cdk/assert, @commitlint/cli, @commitlint/config-conventional, @types/node, @typescript-eslint/eslint-plugin, @typescript-eslint/parser, aws-cdk-lib, constructs, eslint, ansi-regex, black, boto3 DEBUG: Returning 9 branch(es) DEBUG: Fetching changelog: https://github.com/aws/aws-cdk (2.8.0 -> 2.10.0) DEBUG: Fetching changelog: https://github.com/aws/aws-cdk (2.8.0 -> 2.10.0) DEBUG: Fetching changelog: https://github.com/conventional-changelog/commitlint (15.0.0 -> 16.0.0) DEBUG: Fetching changelog: https://github.com/conventional-changelog/commitlint (15.0.0 -> 16.1.0) DEBUG: Fetching changelog: https://github.com/DefinitelyTyped/DefinitelyTyped (16.11.19 -> 16.11.22) DEBUG: Fetching changelog: https://github.com/typescript-eslint/typescript-eslint (5.9.1 -> 5.10.2) DEBUG: Fetching changelog: https://github.com/typescript-eslint/typescript-eslint (5.9.1 -> 5.10.2) DEBUG: Fetching changelog: https://github.com/aws/constructs (10.0.33 -> 10.0.52) DEBUG: Fetching changelog: https://github.com/eslint/eslint (8.6.0 -> 8.8.0) DEBUG: Fetching changelog: https://github.com/psf/black (19.3b0 -> 22.1.0) DEBUG: Fetching changelog: https://github.com/boto/boto3 (1.17.84 -> 1.20.48) DEBUG: config.repoIsOnboarded=true DEBUG: packageFiles with updates { "config": { "npm": [ { "packageFile": "package.json", "deps": [ { "depType": "devDependencies", "depName": "@aws-cdk/assert", "currentValue": "2.8.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.8.0", "depIndex": 0, "updates": [ { "bucket": "non-major", "newVersion": "2.10.0", "newValue": "2.10.0", "releaseTimestamp": "2022-01-29T06:30:19.801Z", "newMajor": 2, "newMinor": 10, "updateType": "minor", "branchName": "renovate/aws-cdk-monorepo" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/aws-cdk", "sourceDirectory": "packages/@aws-cdk/assert", "currentVersion": "2.8.0", "isSingleVersion": true, "fixedVersion": "2.8.0" }, { "depType": "devDependencies", "depName": "@commitlint/cli", "currentValue": "15.0.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "15.0.0", "depIndex": 1, "updates": [ { "bucket": "major", "newVersion": "16.1.0", "newValue": "16.1.0", "releaseTimestamp": "2022-01-20T07:21:47.213Z", "newMajor": 16, "newMinor": 1, "updateType": "major", "branchName": "renovate/major-commitlint-monorepo" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/conventional-changelog/commitlint", "sourceDirectory": "@commitlint/cli", "homepage": "https://commitlint.js.org/", "currentVersion": "15.0.0", "isSingleVersion": true, "fixedVersion": "15.0.0" }, { "depType": "devDependencies", "depName": "@commitlint/config-conventional", "currentValue": "15.0.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "15.0.0", "depIndex": 2, "updates": [ { "bucket": "major", "newVersion": "16.0.0", "newValue": "16.0.0", "releaseTimestamp": "2021-12-26T06:55:44.520Z", "newMajor": 16, "newMinor": 0, "updateType": "major", "branchName": "renovate/major-commitlint-monorepo" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/conventional-changelog/commitlint", "sourceDirectory": "@commitlint/config-conventional", "homepage": "https://commitlint.js.org/", "currentVersion": "15.0.0", "isSingleVersion": true, "fixedVersion": "15.0.0" }, { "depType": "devDependencies", "depName": "@types/jest", "currentValue": "27.4.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "27.4.0", "depIndex": 3, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/DefinitelyTyped/DefinitelyTyped", "sourceDirectory": "types/jest", "currentVersion": "27.4.0", "fixedVersion": "27.4.0" }, { "depType": "devDependencies", "depName": "@types/node", "currentValue": "16.11.19", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "16.11.19", "depIndex": 4, "updates": [ { "bucket": "non-major", "newVersion": "16.11.22", "newValue": "16.11.22", "releaseTimestamp": "2022-02-01T08:33:00.727Z", "newMajor": 16, "newMinor": 11, "updateType": "patch", "branchName": "renovate/node-16.x" } ], "warnings": [], "versioning": "node", "sourceUrl": "https://github.com/DefinitelyTyped/DefinitelyTyped", "sourceDirectory": "types/node", "currentVersion": "16.11.19", "isSingleVersion": true, "fixedVersion": "16.11.19" }, { "depType": "devDependencies", "depName": "@typescript-eslint/eslint-plugin", "currentValue": "5.9.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "5.9.1", "depIndex": 5, "updates": [ { "bucket": "non-major", "newVersion": "5.10.2", "newValue": "5.10.2", "releaseTimestamp": "2022-01-31T18:02:48.080Z", "newMajor": 5, "newMinor": 10, "updateType": "minor", "branchName": "renovate/typescript-eslint-monorepo" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/typescript-eslint/typescript-eslint", "sourceDirectory": "packages/eslint-plugin", "currentVersion": "5.9.1", "isSingleVersion": true, "fixedVersion": "5.9.1" }, { "depType": "devDependencies", "depName": "@typescript-eslint/parser", "currentValue": "5.9.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "5.9.1", "depIndex": 6, "updates": [ { "bucket": "non-major", "newVersion": "5.10.2", "newValue": "5.10.2", "releaseTimestamp": "2022-01-31T18:02:34.397Z", "newMajor": 5, "newMinor": 10, "updateType": "minor", "branchName": "renovate/typescript-eslint-monorepo" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/typescript-eslint/typescript-eslint", "sourceDirectory": "packages/parser", "currentVersion": "5.9.1", "isSingleVersion": true, "fixedVersion": "5.9.1" }, { "depType": "devDependencies", "depName": "aws-cdk-lib", "currentValue": "2.8.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.8.0", "depIndex": 7, "updates": [ { "bucket": "non-major", "newVersion": "2.10.0", "newValue": "2.10.0", "releaseTimestamp": "2022-01-29T06:32:54.784Z", "newMajor": 2, "newMinor": 10, "updateType": "minor", "branchName": "renovate/aws-cdk-monorepo" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/aws-cdk", "sourceDirectory": "packages/aws-cdk-lib", "currentVersion": "2.8.0", "isSingleVersion": true, "fixedVersion": "2.8.0" }, { "depType": "devDependencies", "depName": "constructs", "currentValue": "10.0.33", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "10.0.33", "depIndex": 8, "updates": [ { "bucket": "non-major", "newVersion": "10.0.52", "newValue": "10.0.52", "releaseTimestamp": "2022-02-02T00:12:44.988Z", "newMajor": 10, "newMinor": 0, "updateType": "patch", "branchName": "renovate/constructs-10.x" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/constructs", "currentVersion": "10.0.33", "isSingleVersion": true, "fixedVersion": "10.0.33" }, { "depType": "devDependencies", "depName": "eslint", "currentValue": "8.6.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "8.6.0", "depIndex": 9, "updates": [ { "bucket": "non-major", "newVersion": "8.8.0", "newValue": "8.8.0", "releaseTimestamp": "2022-01-28T21:13:48.881Z", "newMajor": 8, "newMinor": 8, "updateType": "minor", "branchName": "renovate/eslint-8.x" } ], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/eslint/eslint", "homepage": "https://eslint.org", "currentVersion": "8.6.0", "isSingleVersion": true, "fixedVersion": "8.6.0" }, { "depType": "devDependencies", "depName": "eslint-config-prettier", "currentValue": "8.3.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "8.3.0", "depIndex": 10, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/prettier/eslint-config-prettier", "currentVersion": "8.3.0", "fixedVersion": "8.3.0" }, { "depType": "devDependencies", "depName": "eslint-plugin-deprecation", "currentValue": "1.3.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "1.3.2", "depIndex": 11, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/gund/eslint-plugin-deprecation", "currentVersion": "1.3.2", "fixedVersion": "1.3.2" }, { "depType": "devDependencies", "depName": "eslint-plugin-prettier", "currentValue": "4.0.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "4.0.0", "depIndex": 12, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/prettier/eslint-plugin-prettier", "currentVersion": "4.0.0", "fixedVersion": "4.0.0" }, { "depType": "devDependencies", "depName": "husky", "currentValue": "7.0.4", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "7.0.4", "depIndex": 13, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/typicode/husky", "homepage": "https://typicode.github.io/husky", "currentVersion": "7.0.4", "fixedVersion": "7.0.4" }, { "depType": "devDependencies", "depName": "jest", "currentValue": "27.4.7", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "27.4.7", "depIndex": 14, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/facebook/jest", "homepage": "https://jestjs.io/", "currentVersion": "27.4.7", "fixedVersion": "27.4.7" }, { "depType": "devDependencies", "depName": "jest-cdk-snapshot", "currentValue": "2.0.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.0.1", "depIndex": 15, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/hupe1980/jest-cdk-snapshot", "currentVersion": "2.0.1", "fixedVersion": "2.0.1" }, { "depType": "devDependencies", "depName": "prettier", "currentValue": "2.5.1", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "2.5.1", "depIndex": 16, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/prettier/prettier", "homepage": "https://prettier.io", "currentVersion": "2.5.1", "fixedVersion": "2.5.1" }, { "depType": "devDependencies", "depName": "semantic-release", "currentValue": "19.0.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "19.0.2", "depIndex": 17, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/semantic-release/semantic-release", "currentVersion": "19.0.2", "fixedVersion": "19.0.2" }, { "depType": "devDependencies", "depName": "ts-jest", "currentValue": "27.1.3", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "27.1.3", "depIndex": 18, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/kulshekhar/ts-jest", "homepage": "https://kulshekhar.github.io/ts-jest", "currentVersion": "27.1.3", "fixedVersion": "27.1.3" }, { "depType": "devDependencies", "depName": "ts-node", "currentValue": "10.4.0", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "10.4.0", "depIndex": 19, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/TypeStrong/ts-node", "homepage": "https://typestrong.org/ts-node", "currentVersion": "10.4.0", "fixedVersion": "10.4.0" }, { "depType": "devDependencies", "depName": "typescript", "currentValue": "4.5.5", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "4.5.5", "depIndex": 20, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/Microsoft/TypeScript", "homepage": "https://www.typescriptlang.org/", "currentVersion": "4.5.5", "fixedVersion": "4.5.5" }, { "depType": "peerDependencies", "depName": "aws-cdk-lib", "currentValue": "^2.0.0", "datasource": "npm", "prettyDepType": "peerDependency", "lockedVersion": "2.8.0", "depIndex": 21, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/aws-cdk", "sourceDirectory": "packages/aws-cdk-lib", "currentVersion": "2.8.0", "fixedVersion": "2.8.0" }, { "depType": "peerDependencies", "depName": "constructs", "currentValue": "^10.0.0", "datasource": "npm", "prettyDepType": "peerDependency", "lockedVersion": "10.0.33", "depIndex": 22, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/aws/constructs", "currentVersion": "10.0.33", "fixedVersion": "10.0.33" } ], "packageJsonName": "@capraconsulting/webapp-deploy-lambda", "packageFileVersion": "0.0.0-development", "packageJsonType": "library", "npmLock": "package-lock.json", "managerData": { "yarnZeroInstall": false }, "skipInstalls": true, "constraints": { "npm": "<7" }, "lockFiles": [ "package-lock.json" ] } ], "pip_requirements": [ { "packageFile": "requirements.txt", "deps": [ { "depName": "black", "currentValue": "==19.3b0", "datasource": "pypi", "currentVersion": "19.3b0", "depIndex": 0, "updates": [ { "bucket": "major", "newVersion": "22.1.0", "newValue": "==22.1.0", "releaseTimestamp": "2022-01-29T20:39:31.000Z", "newMajor": 22, "newMinor": 1, "updateType": "major", "isRange": true, "branchName": "renovate/black-22.x" } ], "warnings": [], "versioning": "pep440", "sourceUrl": "https://github.com/psf/black", "changelogUrl": "https://github.com/psf/black/blob/main/CHANGES.md", "isSingleVersion": true, "fixedVersion": "19.3b0" }, { "depName": "boto3", "currentValue": "==1.17.84", "datasource": "pypi", "currentVersion": "1.17.84", "depIndex": 1, "updates": [ { "bucket": "non-major", "newVersion": "1.20.48", "newValue": "==1.20.48", "releaseTimestamp": "2022-02-03T20:12:00.000Z", "newMajor": 1, "newMinor": 20, "updateType": "minor", "isRange": true, "branchName": "renovate/boto3-1.x" } ], "warnings": [], "versioning": "pep440", "sourceUrl": "https://github.com/boto/boto3", "isSingleVersion": true, "fixedVersion": "1.17.84" }, { "depName": "flake8", "currentValue": "==4.0.1", "datasource": "pypi", "currentVersion": "4.0.1", "depIndex": 2, "updates": [], "warnings": [], "versioning": "pep440", "sourceUrl": "https://github.com/pycqa/flake8", "changelogUrl": "http://flake8.pycqa.org/en/latest/release-notes/index.html", "fixedVersion": "4.0.1" } ] } ] } } DEBUG: processRepo() DEBUG: Processing 9 branches: renovate/aws-cdk-monorepo, renovate/black-22.x, renovate/boto3-1.x, renovate/constructs-10.x, renovate/eslint-8.x, renovate/major-commitlint-monorepo, renovate/node-16.x, renovate/npm-ansi-regex-vulnerability, renovate/typescript-eslint-monorepo DEBUG: Calculating hourly PRs remaining DEBUG: Retrieving PR list DEBUG: Retrieved 47 Pull Requests DEBUG: currentHourStart=2022-02-04T03:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating prConcurrentLimit (10) DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed) DEBUG: getBranchPr(renovate/node-16.x) DEBUG: findPr(renovate/node-16.x, undefined, open) DEBUG: findPr(renovate/node-16.x, undefined, closed) DEBUG: getBranchPr(renovate/constructs-10.x) DEBUG: findPr(renovate/constructs-10.x, undefined, open) DEBUG: findPr(renovate/constructs-10.x, undefined, closed) DEBUG: getBranchPr(renovate/aws-cdk-monorepo) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, open) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, closed) DEBUG: Found PR #50 DEBUG: getBranchPr(renovate/boto3-1.x) DEBUG: findPr(renovate/boto3-1.x, undefined, open) DEBUG: findPr(renovate/boto3-1.x, undefined, closed) DEBUG: getBranchPr(renovate/eslint-8.x) DEBUG: findPr(renovate/eslint-8.x, undefined, open) DEBUG: findPr(renovate/eslint-8.x, undefined, closed) DEBUG: getBranchPr(renovate/typescript-eslint-monorepo) DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, open) DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, closed) DEBUG: getBranchPr(renovate/major-commitlint-monorepo) DEBUG: findPr(renovate/major-commitlint-monorepo, undefined, open) DEBUG: Found PR #52 DEBUG: Returning from graphql open PR list DEBUG: getBranchPr(renovate/black-22.x) DEBUG: findPr(renovate/black-22.x, undefined, open) DEBUG: Found PR #53 DEBUG: Returning from graphql open PR list DEBUG: 2 PRs are currently open DEBUG: PR concurrent limit remaining: 8 DEBUG: Calculated maximum PRs remaining this run { "prsRemaining": 2 } DEBUG: PullRequests limit = 2 DEBUG: Calculating hourly PRs remaining DEBUG: currentHourStart=2022-02-04T03:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating branchConcurrentLimit (10) DEBUG: 5 already existing branches found: renovate/aws-cdk-monorepo,renovate/boto3-1.x,renovate/eslint-8.x,renovate/major-commitlint-monorepo,renovate/black-22.x DEBUG: Branch concurrent limit remaining: 5 DEBUG: Calculated maximum branches remaining this run { "branchesRemaining": 2 } DEBUG: Branches limit = 2 DEBUG: Setting current branch to master(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: latest commit(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "master", "latestCommitDate": "2022-02-04T01:09:30+00:00" } DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: branchExists=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: recreateClosed is false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, chore(deps): update dependency ansi-regex to 5.0.1 [security], !open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: prAlreadyExisted=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Checking schedule(, Europe/Oslo)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No schedule defined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch needs creating(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using reuseExistingBranch: false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: ansi-regex@3.0.0 -> 5.0.1 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of strip-ansi starting with 4.0.0 which supports >= ansi-regex@5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: ansi-regex needs strip-ansi@6.0.0 which uses constraint "^5.0.0" in order to update to 5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of ansi-regex to 5.0.1 can be achieved due to parent strip-ansi(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: strip-ansi@4.0.0 -> 6.0.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of string-width starting with 2.1.1 which supports >= strip-ansi@6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: strip-ansi needs string-width@4.2.0 which uses constraint "^6.0.0" in order to update to 6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of strip-ansi to 6.0.0 can be achieved due to parent string-width(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: string-width@2.1.1 -> 4.2.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of wide-align starting with 1.1.5 which supports >= string-width@4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: string-width needs wide-align@1.1.5 which uses constraint "^1.0.2 || 2 || 3 || 4" in order to update to 4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of string-width to 4.2.0 already achieved in parent wide-align@1.1.5(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Getting updated lock files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing package.json files(branch="renovate/npm-ansi-regex-vulnerability") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing any updated package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing lock file: package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No npmrc file found in repository(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing updated .npmrc file to /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/.npmrc(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Generating package-lock.json for .(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Spawning npm install to create /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updating lock file only(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No node constraint found - using latest(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using docker to execute(branch="renovate/npm-ansi-regex-vulnerability") { "image": "node" } DEBUG: Resolved version(branch="renovate/npm-ansi-regex-vulnerability") { "toolName": "npm", "constraint": "<7", "resolvedVersion": "6.14.16" } DEBUG: No tag or tagConstraint specified(branch="renovate/npm-ansi-regex-vulnerability") { "image": "docker.io/renovate/node" } DEBUG: Docker image is already prefetched: docker.io/renovate/node(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Executing command(branch="renovate/npm-ansi-regex-vulnerability") { "command": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"" } DEBUG: exec completed(branch="renovate/npm-ansi-regex-vulnerability") { "cmd": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"", "durationMs": 100930, "stdout": "Installing legacy tool npm v6.14.16\n/home/ubuntu/npm/6.14.16/bin/npm -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npm-cli.js\n/home/ubuntu/npm/6.14.16/bin/npx -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npx-cli.js\n+ npm@6.14.16\nadded 437 packages from 891 contributors in 51.941s\n+ node-gyp@8.4.1\nadded 61 packages from 20 contributors, updated 2 packages and audited 563 packages in 14.247s\n\n5 packages are looking for funding\n run `npm fund` for details\n\nfound 9 moderate severity vulnerabilities\n run `npm audit fix` to fix them, or `npm audit` for details\n6.14.16\nadded 935 packages in 10.878s\nadded 935 packages in 9.26s\n", "stderr": "npm notice created a lockfile as package-lock.json. You should commit this file.\nnpm WARN using --force I sure hope you know what you are doing.\n" } DEBUG: package-lock.json needs updating(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 lock files(branch="renovate/npm-ansi-regex-vulnerability") { "updatedArtifacts": [ "package-lock.json" ] } DEBUG: 1 file(s) to commit(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Preparing files for commiting to branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Setting git author name(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorName": "Renovate Bot" } DEBUG: Setting git author email(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorEmail": "bot@renovateapp.com" } DEBUG: git commit(branch="renovate/npm-ansi-regex-vulnerability") { "deletedFiles": [], "ignoredFiles": [], "result": { "author": null, "branch": "renovate/npm-ansi-regex-vulnerability", "commit": "bac3955", "root": false, "summary": { "changes": 1, "insertions": 6, "deletions": 8 } } } DEBUG: Pushing branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: git push(branch="renovate/npm-ansi-regex-vulnerability") { "result": { "pushed": [ { "deleted": false, "tag": false, "branch": true, "new": true, "alreadyUpdated": false, "local": "refs/heads/renovate/npm-ansi-regex-vulnerability", "remote": "refs/heads/renovate/npm-ansi-regex-vulnerability" } ], "branch": { "local": "renovate/npm-ansi-regex-vulnerability", "remote": "renovate/npm-ansi-regex-vulnerability", "remoteName": "origin" }, "ref": { "local": "refs/remotes/origin/renovate/npm-ansi-regex-vulnerability" }, "remoteMessages": { "all": [ "Create a pull request for 'renovate/npm-ansi-regex-vulnerability' on GitHub by visiting:", "https://github.com/capralifecycle/webapp-deploy-lambda/pull/new/renovate/npm-ansi-regex-vulnerability" ], "pullRequestUrl": "https://github.com/capralifecycle/webapp-deploy-lambda/pull/new/renovate/npm-ansi-regex-vulnerability" } } } DEBUG: Fetching branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") INFO: Branch created(branch="renovate/npm-ansi-regex-vulnerability") { "commitSha": "bac3955622c9b393b4083b713e39da0fc5a440a6" } DEBUG: Ensuring PR(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: There are 0 errors and 0 warnings(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch automerge is enabled(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: resolveBranchStatus(branchName=renovate/npm-ansi-regex-vulnerability, ignoreTests=false)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchStatus(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: branch status check result(branch="renovate/npm-ansi-regex-vulnerability") { "state": "pending", "statuses": [] } DEBUG: No check runs found(branch="renovate/npm-ansi-regex-vulnerability") { "result": { "total_count": 0, "check_runs": [] } } DEBUG: Branch status yellow(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch status is: yellow(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Checking how long this branch has been pending(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Setting current branch to master(branch="renovate/node-16.x") DEBUG: latest commit(branch="renovate/node-16.x") { "branchName": "master", "latestCommitDate": "2022-02-04T01:09:30+00:00" } DEBUG: getBranchPr(renovate/node-16.x)(branch="renovate/node-16.x") DEBUG: findPr(renovate/node-16.x, undefined, open)(branch="renovate/node-16.x") DEBUG: findPr(renovate/node-16.x, undefined, closed)(branch="renovate/node-16.x") DEBUG: branchExists=false(branch="renovate/node-16.x") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/node-16.x") DEBUG: recreateClosed is false(branch="renovate/node-16.x") DEBUG: findPr(renovate/node-16.x, chore(deps): update dependency @types/node to v16.11.22, !open)(branch="renovate/node-16.x") DEBUG: prAlreadyExisted=false(branch="renovate/node-16.x") DEBUG: Checking schedule(before 6am,every weekend, Europe/Oslo)(branch="renovate/node-16.x") DEBUG: Found timezone(branch="renovate/node-16.x") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/node-16.x") DEBUG: Checking 2 schedule(s)(branch="renovate/node-16.x") DEBUG: Checking schedule "before 6am"(branch="renovate/node-16.x") { "parsedSchedule": { "schedules": [ { "t_b": [ 21600 ] } ], "exceptions": [], "error": -1 } } DEBUG: Matches schedule before 6am(branch="renovate/node-16.x") DEBUG: Update has not passed stability days(branch="renovate/node-16.x") { "depName": "@types/node", "daysElapsed": 2, "stabilityDays": 3 } DEBUG: Skipping branch creation due to internal status checks not met(branch="renovate/node-16.x") DEBUG: Setting current branch to master(branch="renovate/constructs-10.x") DEBUG: latest commit(branch="renovate/constructs-10.x") { "branchName": "master", "latestCommitDate": "2022-02-04T01:09:30+00:00" } DEBUG: getBranchPr(renovate/constructs-10.x)(branch="renovate/constructs-10.x") DEBUG: findPr(renovate/constructs-10.x, undefined, open)(branch="renovate/constructs-10.x") DEBUG: findPr(renovate/constructs-10.x, undefined, closed)(branch="renovate/constructs-10.x") DEBUG: branchExists=false(branch="renovate/constructs-10.x") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/constructs-10.x") DEBUG: recreateClosed is false(branch="renovate/constructs-10.x") DEBUG: findPr(renovate/constructs-10.x, chore(deps): update dependency constructs to v10.0.52, !open)(branch="renovate/constructs-10.x") DEBUG: prAlreadyExisted=false(branch="renovate/constructs-10.x") DEBUG: Checking schedule(before 6am,every weekend, Europe/Oslo)(branch="renovate/constructs-10.x") DEBUG: Found timezone(branch="renovate/constructs-10.x") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/constructs-10.x") DEBUG: Checking 2 schedule(s)(branch="renovate/constructs-10.x") DEBUG: Checking schedule "before 6am"(branch="renovate/constructs-10.x") { "parsedSchedule": { "schedules": [ { "t_b": [ 21600 ] } ], "exceptions": [], "error": -1 } } DEBUG: Matches schedule before 6am(branch="renovate/constructs-10.x") DEBUG: Update has not passed stability days(branch="renovate/constructs-10.x") { "depName": "constructs", "daysElapsed": 2, "stabilityDays": 3 } DEBUG: Skipping branch creation due to internal status checks not met(branch="renovate/constructs-10.x") DEBUG: Setting current branch to master(branch="renovate/aws-cdk-monorepo") DEBUG: latest commit(branch="renovate/aws-cdk-monorepo") { "branchName": "master", "latestCommitDate": "2022-02-04T01:09:30+00:00" } DEBUG: getBranchPr(renovate/aws-cdk-monorepo)(branch="renovate/aws-cdk-monorepo") DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, open)(branch="renovate/aws-cdk-monorepo") DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, closed)(branch="renovate/aws-cdk-monorepo") DEBUG: Found PR #50(branch="renovate/aws-cdk-monorepo") DEBUG: branchExists=true(branch="renovate/aws-cdk-monorepo") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/aws-cdk-monorepo") DEBUG: recreateClosed is false(branch="renovate/aws-cdk-monorepo") DEBUG: findPr(renovate/aws-cdk-monorepo, chore(deps): update aws-cdk monorepo to v2.10.0, !open)(branch="renovate/aws-cdk-monorepo") DEBUG: prAlreadyExisted=false(branch="renovate/aws-cdk-monorepo") DEBUG: Checking if PR has been edited(branch="renovate/aws-cdk-monorepo") DEBUG: Branch has not been modified(branch="renovate/aws-cdk-monorepo") { "branchName": "renovate/aws-cdk-monorepo" } DEBUG: Checking schedule(before 6am,every weekend, Europe/Oslo)(branch="renovate/aws-cdk-monorepo") DEBUG: Found timezone(branch="renovate/aws-cdk-monorepo") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/aws-cdk-monorepo") DEBUG: Checking 2 schedule(s)(branch="renovate/aws-cdk-monorepo") DEBUG: Checking schedule "before 6am"(branch="renovate/aws-cdk-monorepo") { "parsedSchedule": { "schedules": [ { "t_b": [ 21600 ] } ], "exceptions": [], "error": -1 } } DEBUG: Matches schedule before 6am(branch="renovate/aws-cdk-monorepo") DEBUG: Branch already exists(branch="renovate/aws-cdk-monorepo") DEBUG: getBranchPr(renovate/aws-cdk-monorepo)(branch="renovate/aws-cdk-monorepo") DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, open)(branch="renovate/aws-cdk-monorepo") DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, closed)(branch="renovate/aws-cdk-monorepo") DEBUG: Found PR #50(branch="renovate/aws-cdk-monorepo") DEBUG: isBranchStale=true(branch="renovate/aws-cdk-monorepo") { "isStale": true, "currentBranch": "master", "currentBranchSha": "3e4601d5f0eca5edd080c17485c6d24d2cf42b5f" } DEBUG: Branch is stale and needs rebasing(branch="renovate/aws-cdk-monorepo") DEBUG: Branch is unmodified, so can be rebased(branch="renovate/aws-cdk-monorepo") DEBUG: Using reuseExistingBranch: false(branch="renovate/aws-cdk-monorepo") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=false(branch="renovate/aws-cdk-monorepo") DEBUG: npm.updateDependency(): devDependencies.@aws-cdk/assert = 2.10.0(branch="renovate/aws-cdk-monorepo") DEBUG: Updating @aws-cdk/assert in package.json(branch="renovate/aws-cdk-monorepo") DEBUG: npm.updateDependency(): devDependencies.aws-cdk-lib = 2.10.0(branch="renovate/aws-cdk-monorepo") DEBUG: Updating aws-cdk-lib in package.json(branch="renovate/aws-cdk-monorepo") DEBUG: Updated 1 package files(branch="renovate/aws-cdk-monorepo") DEBUG: Getting updated lock files(branch="renovate/aws-cdk-monorepo") DEBUG: Writing package.json files(branch="renovate/aws-cdk-monorepo") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/aws-cdk-monorepo") DEBUG: Writing any updated package files(branch="renovate/aws-cdk-monorepo") DEBUG: Writing package.json(branch="renovate/aws-cdk-monorepo") DEBUG: No npmrc file found in repository(branch="renovate/aws-cdk-monorepo") DEBUG: Writing updated .npmrc file to /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/.npmrc(branch="renovate/aws-cdk-monorepo") DEBUG: Generating package-lock.json for .(branch="renovate/aws-cdk-monorepo") DEBUG: Spawning npm install to create /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/package-lock.json(branch="renovate/aws-cdk-monorepo") DEBUG: Updating lock file only(branch="renovate/aws-cdk-monorepo") DEBUG: No node constraint found - using latest(branch="renovate/aws-cdk-monorepo") DEBUG: Using docker to execute(branch="renovate/aws-cdk-monorepo") { "image": "node" } DEBUG: Resolved version(branch="renovate/aws-cdk-monorepo") { "toolName": "npm", "constraint": "<7", "resolvedVersion": "6.14.16" } DEBUG: No tag or tagConstraint specified(branch="renovate/aws-cdk-monorepo") { "image": "docker.io/renovate/node" } DEBUG: Docker image is already prefetched: docker.io/renovate/node(branch="renovate/aws-cdk-monorepo") DEBUG: Executing command(branch="renovate/aws-cdk-monorepo") { "command": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts\"" } DEBUG: exec completed(branch="renovate/aws-cdk-monorepo") { "cmd": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts\"", "durationMs": 127354, "stdout": "Installing legacy tool npm v6.14.16\n/home/ubuntu/npm/6.14.16/bin/npm -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npm-cli.js\n/home/ubuntu/npm/6.14.16/bin/npx -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npx-cli.js\n+ npm@6.14.16\nadded 437 packages from 891 contributors in 53.698s\n+ node-gyp@8.4.1\nadded 61 packages from 20 contributors, updated 2 packages and audited 563 packages in 14.594s\n\n5 packages are looking for funding\n run `npm fund` for details\n\nfound 9 moderate severity vulnerabilities\n run `npm audit fix` to fix them, or `npm audit` for details\n6.14.16\nadded 935 packages from 12 contributors in 48.181s\n", "stderr": "npm notice created a lockfile as package-lock.json. You should commit this file.\nnpm WARN using --force I sure hope you know what you are doing.\n" } DEBUG: package-lock.json needs updating(branch="renovate/aws-cdk-monorepo") DEBUG: Updated 1 lock files(branch="renovate/aws-cdk-monorepo") { "updatedArtifacts": [ "package-lock.json" ] } DEBUG: isBranchConflicted(master, renovate/aws-cdk-monorepo)(branch="renovate/aws-cdk-monorepo") DEBUG: 2 file(s) to commit(branch="renovate/aws-cdk-monorepo") DEBUG: Preparing files for commiting to branch renovate/aws-cdk-monorepo(branch="renovate/aws-cdk-monorepo") DEBUG: git commit(branch="renovate/aws-cdk-monorepo") { "deletedFiles": [], "ignoredFiles": [], "result": { "author": null, "branch": "renovate/aws-cdk-monorepo", "commit": "211efe0", "root": false, "summary": { "changes": 2, "insertions": 16, "deletions": 0 } } } DEBUG: Pushing branch renovate/aws-cdk-monorepo(branch="renovate/aws-cdk-monorepo") DEBUG: git push(branch="renovate/aws-cdk-monorepo") { "result": { "pushed": [], "branch": { "local": "renovate/aws-cdk-monorepo", "remote": "renovate/aws-cdk-monorepo", "remoteName": "origin" }, "ref": { "local": "refs/remotes/origin/renovate/aws-cdk-monorepo" }, "remoteMessages": { "all": [] } } } DEBUG: Fetching branch renovate/aws-cdk-monorepo(branch="renovate/aws-cdk-monorepo") INFO: Branch updated(branch="renovate/aws-cdk-monorepo") { "commitSha": "211efe038f032ceb837d8c10da96354068651f93" } DEBUG: Updating renovate/stability-days status check state to green(branch="renovate/aws-cdk-monorepo") DEBUG: Setting branch status(branch="renovate/aws-cdk-monorepo") { "context": "renovate/stability-days", "state": "green" } DEBUG: Branch status pending(branch="renovate/aws-cdk-monorepo") { "commitSha": "211efe038f032ceb837d8c10da96354068651f93" } DEBUG: Setting current branch to master(branch="renovate/boto3-1.x") DEBUG: latest commit(branch="renovate/boto3-1.x") { "branchName": "master", "latestCommitDate": "2022-02-04T01:09:30+00:00" } DEBUG: getBranchPr(renovate/boto3-1.x)(branch="renovate/boto3-1.x") DEBUG: findPr(renovate/boto3-1.x, undefined, open)(branch="renovate/boto3-1.x") DEBUG: findPr(renovate/boto3-1.x, undefined, closed)(branch="renovate/boto3-1.x") DEBUG: branchExists=true(branch="renovate/boto3-1.x") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/boto3-1.x") DEBUG: recreateClosed is false(branch="renovate/boto3-1.x") DEBUG: findPr(renovate/boto3-1.x, chore(deps): update dependency boto3 to v1.20.48, !open)(branch="renovate/boto3-1.x") DEBUG: prAlreadyExisted=false(branch="renovate/boto3-1.x") DEBUG: Checking if PR has been edited(branch="renovate/boto3-1.x") DEBUG: Branch has not been modified(branch="renovate/boto3-1.x") { "branchName": "renovate/boto3-1.x" } DEBUG: Checking schedule(before 3am on the first day of the month, Europe/Oslo)(branch="renovate/boto3-1.x") DEBUG: Found timezone(branch="renovate/boto3-1.x") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/boto3-1.x") DEBUG: Checking 1 schedule(s)(branch="renovate/boto3-1.x") DEBUG: Checking schedule "before 3am on the first day of the month"(branch="renovate/boto3-1.x") { "parsedSchedule": { "schedules": [ { "t_b": [ 10800 ], "D": [ 1 ] } ], "exceptions": [], "error": -1 } } DEBUG: Package not scheduled(branch="renovate/boto3-1.x") DEBUG: Skipping PR creation out of schedule(branch="renovate/boto3-1.x") DEBUG: Setting current branch to master(branch="renovate/eslint-8.x") DEBUG: latest commit(branch="renovate/eslint-8.x") { "branchName": "master", "latestCommitDate": "2022-02-04T01:09:30+00:00" } DEBUG: getBranchPr(renovate/eslint-8.x)(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, undefined, open)(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, undefined, closed)(branch="renovate/eslint-8.x") DEBUG: branchExists=true(branch="renovate/eslint-8.x") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/eslint-8.x") DEBUG: recreateClosed is false(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, chore(deps): update dependency eslint to v8.8.0, !open)(branch="renovate/eslint-8.x") DEBUG: prAlreadyExisted=false(branch="renovate/eslint-8.x") DEBUG: Checking if PR has been edited(branch="renovate/eslint-8.x") DEBUG: Branch has not been modified(branch="renovate/eslint-8.x") { "branchName": "renovate/eslint-8.x" } DEBUG: Checking schedule(before 6am,every weekend, Europe/Oslo)(branch="renovate/eslint-8.x") DEBUG: Found timezone(branch="renovate/eslint-8.x") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/eslint-8.x") DEBUG: Checking 2 schedule(s)(branch="renovate/eslint-8.x") DEBUG: Checking schedule "before 6am"(branch="renovate/eslint-8.x") { "parsedSchedule": { "schedules": [ { "t_b": [ 21600 ] } ], "exceptions": [], "error": -1 } } DEBUG: Matches schedule before 6am(branch="renovate/eslint-8.x") DEBUG: Branch already exists(branch="renovate/eslint-8.x") DEBUG: getBranchPr(renovate/eslint-8.x)(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, undefined, open)(branch="renovate/eslint-8.x") DEBUG: findPr(renovate/eslint-8.x, undefined, closed)(branch="renovate/eslint-8.x") DEBUG: isBranchStale=true(branch="renovate/eslint-8.x") { "isStale": true, "currentBranch": "master", "currentBranchSha": "3e4601d5f0eca5edd080c17485c6d24d2cf42b5f" } DEBUG: Branch is stale and needs rebasing(branch="renovate/eslint-8.x") DEBUG: Branch is unmodified, so can be rebased(branch="renovate/eslint-8.x") DEBUG: Using reuseExistingBranch: false(branch="renovate/eslint-8.x") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=false(branch="renovate/eslint-8.x") DEBUG: npm.updateDependency(): devDependencies.eslint = 8.8.0(branch="renovate/eslint-8.x") DEBUG: Updating eslint in package.json(branch="renovate/eslint-8.x") DEBUG: Updated 1 package files(branch="renovate/eslint-8.x") DEBUG: Getting updated lock files(branch="renovate/eslint-8.x") DEBUG: Writing package.json files(branch="renovate/eslint-8.x") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/eslint-8.x") DEBUG: Writing any updated package files(branch="renovate/eslint-8.x") DEBUG: Writing package.json(branch="renovate/eslint-8.x") DEBUG: No npmrc file found in repository(branch="renovate/eslint-8.x") DEBUG: Writing updated .npmrc file to /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/.npmrc(branch="renovate/eslint-8.x") DEBUG: Generating package-lock.json for .(branch="renovate/eslint-8.x") DEBUG: Spawning npm install to create /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/package-lock.json(branch="renovate/eslint-8.x") DEBUG: Updating lock file only(branch="renovate/eslint-8.x") DEBUG: No node constraint found - using latest(branch="renovate/eslint-8.x") DEBUG: Using docker to execute(branch="renovate/eslint-8.x") { "image": "node" } DEBUG: Resolved version(branch="renovate/eslint-8.x") { "toolName": "npm", "constraint": "<7", "resolvedVersion": "6.14.16" } DEBUG: No tag or tagConstraint specified(branch="renovate/eslint-8.x") { "image": "docker.io/renovate/node" } DEBUG: Docker image is already prefetched: docker.io/renovate/node(branch="renovate/eslint-8.x") DEBUG: Executing command(branch="renovate/eslint-8.x") { "command": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts\"" } DEBUG: exec completed(branch="renovate/eslint-8.x") { "cmd": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts\"", "durationMs": 90571, "stdout": "Installing legacy tool npm v6.14.16\n/home/ubuntu/npm/6.14.16/bin/npm -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npm-cli.js\n/home/ubuntu/npm/6.14.16/bin/npx -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npx-cli.js\n+ npm@6.14.16\nadded 437 packages from 891 contributors in 52.423s\n+ node-gyp@8.4.1\nadded 61 packages from 20 contributors, updated 2 packages and audited 563 packages in 14.344s\n\n5 packages are looking for funding\n run `npm fund` for details\n\nfound 9 moderate severity vulnerabilities\n run `npm audit fix` to fix them, or `npm audit` for details\n6.14.16\nadded 931 packages in 12.711s\n", "stderr": "npm notice created a lockfile as package-lock.json. You should commit this file.\nnpm WARN using --force I sure hope you know what you are doing.\n" } DEBUG: package-lock.json needs updating(branch="renovate/eslint-8.x") DEBUG: Updated 1 lock files(branch="renovate/eslint-8.x") { "updatedArtifacts": [ "package-lock.json" ] } DEBUG: isBranchConflicted(master, renovate/eslint-8.x)(branch="renovate/eslint-8.x") DEBUG: 2 file(s) to commit(branch="renovate/eslint-8.x") DEBUG: Preparing files for commiting to branch renovate/eslint-8.x(branch="renovate/eslint-8.x") DEBUG: git commit(branch="renovate/eslint-8.x") { "deletedFiles": [], "ignoredFiles": [], "result": { "author": null, "branch": "renovate/eslint-8.x", "commit": "3df30cd", "root": false, "summary": { "changes": 2, "insertions": 9, "deletions": 39 } } } DEBUG: Pushing branch renovate/eslint-8.x(branch="renovate/eslint-8.x") DEBUG: git push(branch="renovate/eslint-8.x") { "result": { "pushed": [], "branch": { "local": "renovate/eslint-8.x", "remote": "renovate/eslint-8.x", "remoteName": "origin" }, "ref": { "local": "refs/remotes/origin/renovate/eslint-8.x" }, "remoteMessages": { "all": [] } } } DEBUG: Fetching branch renovate/eslint-8.x(branch="renovate/eslint-8.x") INFO: Branch updated(branch="renovate/eslint-8.x") { "commitSha": "3df30cd6e648160bf45c1886c04256122b513fee" } DEBUG: Updating renovate/stability-days status check state to green(branch="renovate/eslint-8.x") DEBUG: Setting branch status(branch="renovate/eslint-8.x") { "context": "renovate/stability-days", "state": "green" } DEBUG: Branch status pending(branch="renovate/eslint-8.x") { "commitSha": "3df30cd6e648160bf45c1886c04256122b513fee" } DEBUG: Setting current branch to master(branch="renovate/typescript-eslint-monorepo") DEBUG: latest commit(branch="renovate/typescript-eslint-monorepo") { "branchName": "master", "latestCommitDate": "2022-02-04T01:09:30+00:00" } DEBUG: getBranchPr(renovate/typescript-eslint-monorepo)(branch="renovate/typescript-eslint-monorepo") DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, open)(branch="renovate/typescript-eslint-monorepo") DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, closed)(branch="renovate/typescript-eslint-monorepo") DEBUG: branchExists=false(branch="renovate/typescript-eslint-monorepo") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/typescript-eslint-monorepo") DEBUG: recreateClosed is false(branch="renovate/typescript-eslint-monorepo") DEBUG: findPr(renovate/typescript-eslint-monorepo, chore(deps): update typescript-eslint monorepo to v5.10.2, !open)(branch="renovate/typescript-eslint-monorepo") DEBUG: prAlreadyExisted=false(branch="renovate/typescript-eslint-monorepo") DEBUG: Checking schedule(before 6am,every weekend, Europe/Oslo)(branch="renovate/typescript-eslint-monorepo") DEBUG: Found timezone(branch="renovate/typescript-eslint-monorepo") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/typescript-eslint-monorepo") DEBUG: Checking 2 schedule(s)(branch="renovate/typescript-eslint-monorepo") DEBUG: Checking schedule "before 6am"(branch="renovate/typescript-eslint-monorepo") { "parsedSchedule": { "schedules": [ { "t_b": [ 21600 ] } ], "exceptions": [], "error": -1 } } DEBUG: Matches schedule before 6am(branch="renovate/typescript-eslint-monorepo") DEBUG: Branch needs creating(branch="renovate/typescript-eslint-monorepo") DEBUG: Using reuseExistingBranch: false(branch="renovate/typescript-eslint-monorepo") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=false(branch="renovate/typescript-eslint-monorepo") DEBUG: npm.updateDependency(): devDependencies.@typescript-eslint/eslint-plugin = 5.10.2(branch="renovate/typescript-eslint-monorepo") DEBUG: Updating @typescript-eslint/eslint-plugin in package.json(branch="renovate/typescript-eslint-monorepo") DEBUG: npm.updateDependency(): devDependencies.@typescript-eslint/parser = 5.10.2(branch="renovate/typescript-eslint-monorepo") DEBUG: Updating @typescript-eslint/parser in package.json(branch="renovate/typescript-eslint-monorepo") DEBUG: Updated 1 package files(branch="renovate/typescript-eslint-monorepo") DEBUG: Getting updated lock files(branch="renovate/typescript-eslint-monorepo") DEBUG: Writing package.json files(branch="renovate/typescript-eslint-monorepo") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/typescript-eslint-monorepo") DEBUG: Writing any updated package files(branch="renovate/typescript-eslint-monorepo") DEBUG: Writing package.json(branch="renovate/typescript-eslint-monorepo") DEBUG: No npmrc file found in repository(branch="renovate/typescript-eslint-monorepo") DEBUG: Writing updated .npmrc file to /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/.npmrc(branch="renovate/typescript-eslint-monorepo") DEBUG: Generating package-lock.json for .(branch="renovate/typescript-eslint-monorepo") DEBUG: Spawning npm install to create /mnt/renovate/gh/capralifecycle/webapp-deploy-lambda/package-lock.json(branch="renovate/typescript-eslint-monorepo") DEBUG: Updating lock file only(branch="renovate/typescript-eslint-monorepo") DEBUG: No node constraint found - using latest(branch="renovate/typescript-eslint-monorepo") DEBUG: Using docker to execute(branch="renovate/typescript-eslint-monorepo") { "image": "node" } DEBUG: Resolved version(branch="renovate/typescript-eslint-monorepo") { "toolName": "npm", "constraint": "<7", "resolvedVersion": "6.14.16" } DEBUG: No tag or tagConstraint specified(branch="renovate/typescript-eslint-monorepo") { "image": "docker.io/renovate/node" } DEBUG: Docker image is already prefetched: docker.io/renovate/node(branch="renovate/typescript-eslint-monorepo") DEBUG: Executing command(branch="renovate/typescript-eslint-monorepo") { "command": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts\"" } DEBUG: exec completed(branch="renovate/typescript-eslint-monorepo") { "cmd": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\":\"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/capralifecycle/webapp-deploy-lambda\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts\"", "durationMs": 90746, "stdout": "Installing legacy tool npm v6.14.16\n/home/ubuntu/npm/6.14.16/bin/npm -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npm-cli.js\n/home/ubuntu/npm/6.14.16/bin/npx -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npx-cli.js\n+ npm@6.14.16\nadded 437 packages from 891 contributors in 52.778s\n+ node-gyp@8.4.1\nadded 61 packages from 20 contributors, updated 2 packages and audited 563 packages in 14.347s\n\n5 packages are looking for funding\n run `npm fund` for details\n\nfound 9 moderate severity vulnerabilities\n run `npm audit fix` to fix them, or `npm audit` for details\n6.14.16\nadded 947 packages in 12.575s\n", "stderr": "npm notice created a lockfile as package-lock.json. You should commit this file.\nnpm WARN using --force I sure hope you know what you are doing.\n" } DEBUG: package-lock.json needs updating(branch="renovate/typescript-eslint-monorepo") DEBUG: Updated 1 lock files(branch="renovate/typescript-eslint-monorepo") { "updatedArtifacts": [ "package-lock.json" ] } DEBUG: 2 file(s) to commit(branch="renovate/typescript-eslint-monorepo") DEBUG: Preparing files for commiting to branch renovate/typescript-eslint-monorepo(branch="renovate/typescript-eslint-monorepo") DEBUG: git commit(branch="renovate/typescript-eslint-monorepo") { "deletedFiles": [], "ignoredFiles": [], "result": { "author": null, "branch": "renovate/typescript-eslint-monorepo", "commit": "f69d5ab", "root": false, "summary": { "changes": 2, "insertions": 146, "deletions": 0 } } } DEBUG: Pushing branch renovate/typescript-eslint-monorepo(branch="renovate/typescript-eslint-monorepo") DEBUG: git push(branch="renovate/typescript-eslint-monorepo") { "result": { "pushed": [ { "deleted": false, "tag": false, "branch": true, "new": true, "alreadyUpdated": false, "local": "refs/heads/renovate/typescript-eslint-monorepo", "remote": "refs/heads/renovate/typescript-eslint-monorepo" } ], "branch": { "local": "renovate/typescript-eslint-monorepo", "remote": "renovate/typescript-eslint-monorepo", "remoteName": "origin" }, "ref": { "local": "refs/remotes/origin/renovate/typescript-eslint-monorepo" }, "remoteMessages": { "all": [ "Create a pull request for 'renovate/typescript-eslint-monorepo' on GitHub by visiting:", "https://github.com/capralifecycle/webapp-deploy-lambda/pull/new/renovate/typescript-eslint-monorepo" ], "pullRequestUrl": "https://github.com/capralifecycle/webapp-deploy-lambda/pull/new/renovate/typescript-eslint-monorepo" } } } DEBUG: Fetching branch renovate/typescript-eslint-monorepo(branch="renovate/typescript-eslint-monorepo") INFO: Branch created(branch="renovate/typescript-eslint-monorepo") { "commitSha": "f69d5ab33d53e43cfcba887fcdc573932d366f9a" } DEBUG: Updating renovate/stability-days status check state to green(branch="renovate/typescript-eslint-monorepo") DEBUG: Setting branch status(branch="renovate/typescript-eslint-monorepo") { "context": "renovate/stability-days", "state": "green" } DEBUG: Branch status pending(branch="renovate/typescript-eslint-monorepo") { "commitSha": "f69d5ab33d53e43cfcba887fcdc573932d366f9a" } DEBUG: Setting current branch to master(branch="renovate/major-commitlint-monorepo") DEBUG: latest commit(branch="renovate/major-commitlint-monorepo") { "branchName": "master", "latestCommitDate": "2022-02-04T01:09:30+00:00" } DEBUG: branchExists=true(branch="renovate/major-commitlint-monorepo") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/major-commitlint-monorepo") DEBUG: PR rebase requested=false(branch="renovate/major-commitlint-monorepo") DEBUG: Checking if PR has been edited(branch="renovate/major-commitlint-monorepo") DEBUG: Branch has not been modified(branch="renovate/major-commitlint-monorepo") { "branchName": "renovate/major-commitlint-monorepo" } DEBUG: Found existing branch PR(branch="renovate/major-commitlint-monorepo") DEBUG: Checking schedule(before 6am,every weekend, Europe/Oslo)(branch="renovate/major-commitlint-monorepo") DEBUG: Found timezone(branch="renovate/major-commitlint-monorepo") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/major-commitlint-monorepo") DEBUG: Checking 2 schedule(s)(branch="renovate/major-commitlint-monorepo") DEBUG: Checking schedule "before 6am"(branch="renovate/major-commitlint-monorepo") { "parsedSchedule": { "schedules": [ { "t_b": [ 21600 ] } ], "exceptions": [], "error": -1 } } DEBUG: Matches schedule before 6am(branch="renovate/major-commitlint-monorepo") DEBUG: Branch already exists(branch="renovate/major-commitlint-monorepo") DEBUG: GitHub 404(branch="renovate/major-commitlint-monorepo") { "url": "repos/capralifecycle/webapp-deploy-lambda/branches/master/protection" } DEBUG: No branch protection found(branch="renovate/major-commitlint-monorepo") DEBUG: Skipping stale branch check due to rebaseWhen=auto(branch="renovate/major-commitlint-monorepo") DEBUG: isBranchConflicted(master, renovate/major-commitlint-monorepo)(branch="renovate/major-commitlint-monorepo") DEBUG: Branch does not need rebasing(branch="renovate/major-commitlint-monorepo") DEBUG: Using reuseExistingBranch: true(branch="renovate/major-commitlint-monorepo") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=true(branch="renovate/major-commitlint-monorepo") DEBUG: npm.updateDependency(): devDependencies.@commitlint/cli = 16.1.0(branch="renovate/major-commitlint-monorepo") DEBUG: npm.updateDependency(): devDependencies.@commitlint/config-conventional = 16.0.0(branch="renovate/major-commitlint-monorepo") DEBUG: No package files need updating(branch="renovate/major-commitlint-monorepo") DEBUG: Getting updated lock files(branch="renovate/major-commitlint-monorepo") DEBUG: Writing package.json files(branch="renovate/major-commitlint-monorepo") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/major-commitlint-monorepo") DEBUG: Writing any updated package files(branch="renovate/major-commitlint-monorepo") DEBUG: No updated lock files in branch(branch="renovate/major-commitlint-monorepo") DEBUG: No files to commit(branch="renovate/major-commitlint-monorepo") DEBUG: Status check renovate/stability-days is already up-to-date(branch="renovate/major-commitlint-monorepo") DEBUG: Checking if we can automerge branch(branch="renovate/major-commitlint-monorepo") DEBUG: mergeStatus=no automerge(branch="renovate/major-commitlint-monorepo") DEBUG: Ensuring PR(branch="renovate/major-commitlint-monorepo") DEBUG: There are 0 errors and 0 warnings(branch="renovate/major-commitlint-monorepo") DEBUG: Found existing PR(branch="renovate/major-commitlint-monorepo") DEBUG: Processing existing PR(branch="renovate/major-commitlint-monorepo") DEBUG: Pull Request #52 does not need updating(branch="renovate/major-commitlint-monorepo") DEBUG: PR is not configured for automerge(branch="renovate/major-commitlint-monorepo") DEBUG: Setting current branch to master(branch="renovate/black-22.x") DEBUG: latest commit(branch="renovate/black-22.x") { "branchName": "master", "latestCommitDate": "2022-02-04T01:09:30+00:00" } DEBUG: branchExists=true(branch="renovate/black-22.x") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/black-22.x") DEBUG: PR rebase requested=false(branch="renovate/black-22.x") DEBUG: Checking if PR has been edited(branch="renovate/black-22.x") DEBUG: Branch has not been modified(branch="renovate/black-22.x") { "branchName": "renovate/black-22.x" } DEBUG: Found existing branch PR(branch="renovate/black-22.x") DEBUG: Checking schedule(before 6am,every weekend, Europe/Oslo)(branch="renovate/black-22.x") DEBUG: Found timezone(branch="renovate/black-22.x") { "timezone": "Europe/Oslo" } DEBUG: Adjusting now for timezone(branch="renovate/black-22.x") DEBUG: Checking 2 schedule(s)(branch="renovate/black-22.x") DEBUG: Checking schedule "before 6am"(branch="renovate/black-22.x") { "parsedSchedule": { "schedules": [ { "t_b": [ 21600 ] } ], "exceptions": [], "error": -1 } } DEBUG: Matches schedule before 6am(branch="renovate/black-22.x") DEBUG: Branch already exists(branch="renovate/black-22.x") DEBUG: Skipping stale branch check due to rebaseWhen=auto(branch="renovate/black-22.x") DEBUG: isBranchConflicted(master, renovate/black-22.x)(branch="renovate/black-22.x") DEBUG: Branch does not need rebasing(branch="renovate/black-22.x") DEBUG: Using reuseExistingBranch: true(branch="renovate/black-22.x") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=true(branch="renovate/black-22.x") DEBUG: Branch dep is already updated(packageFile="requirements.txt", branch="renovate/black-22.x") { "depName": "black" } DEBUG: No content changed(packageFile="requirements.txt", branch="renovate/black-22.x") { "depName": "black" } DEBUG: No package files need updating(branch="renovate/black-22.x") DEBUG: Getting updated lock files(branch="renovate/black-22.x") DEBUG: Writing package.json files(branch="renovate/black-22.x") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/black-22.x") DEBUG: Writing any updated package files(branch="renovate/black-22.x") DEBUG: No updated lock files in branch(branch="renovate/black-22.x") DEBUG: No files to commit(branch="renovate/black-22.x") DEBUG: Status check renovate/stability-days is already up-to-date(branch="renovate/black-22.x") DEBUG: Checking if we can automerge branch(branch="renovate/black-22.x") DEBUG: mergeStatus=no automerge(branch="renovate/black-22.x") DEBUG: Ensuring PR(branch="renovate/black-22.x") DEBUG: There are 0 errors and 0 warnings(branch="renovate/black-22.x") DEBUG: Found existing PR(branch="renovate/black-22.x") DEBUG: Processing existing PR(branch="renovate/black-22.x") DEBUG: Pull Request #53 does not need updating(branch="renovate/black-22.x") DEBUG: PR is not configured for automerge(branch="renovate/black-22.x") DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed) DEBUG: getBranchPr(renovate/aws-cdk-monorepo) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, open) DEBUG: findPr(renovate/aws-cdk-monorepo, undefined, closed) DEBUG: Found PR #50 DEBUG: getBranchPr(renovate/boto3-1.x) DEBUG: findPr(renovate/boto3-1.x, undefined, open) DEBUG: findPr(renovate/boto3-1.x, undefined, closed) DEBUG: getBranchPr(renovate/eslint-8.x) DEBUG: findPr(renovate/eslint-8.x, undefined, open) DEBUG: findPr(renovate/eslint-8.x, undefined, closed) DEBUG: getBranchPr(renovate/typescript-eslint-monorepo) DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, open) DEBUG: findPr(renovate/typescript-eslint-monorepo, undefined, closed) DEBUG: Ensuring Dependency Dashboard DEBUG: ensureIssue(Dependency Dashboard) DEBUG: Patching issue DEBUG: Issue updated DEBUG: Removing any stale branches DEBUG: config.repoIsOnboarded=true DEBUG: Branch lists { "branchList": [ "renovate/aws-cdk-monorepo", "renovate/black-22.x", "renovate/boto3-1.x", "renovate/constructs-10.x", "renovate/eslint-8.x", "renovate/major-commitlint-monorepo", "renovate/node-16.x", "renovate/npm-ansi-regex-vulnerability", "renovate/typescript-eslint-monorepo" ], "renovateBranches": [ "renovate/aws-cdk-monorepo", "renovate/black-22.x", "renovate/boto3-1.x", "renovate/eslint-8.x", "renovate/lock-file-maintenance", "renovate/major-commitlint-monorepo", "renovate/npm-ansi-regex-vulnerability", "renovate/typescript-eslint-monorepo" ] } DEBUG: remainingBranches= DEBUG: No branches to clean up DEBUG: Repository timing splits (milliseconds) { "splits": { "init": 3151, "extract": 3471, "lookup": 9170, "update": 433368 }, "total": 450327 } DEBUG: http statistics { "urls": { "https://api.github.com/graphql (POST)": 4, "https://api.github.com/repos/capraconsulting/renovate-config/contents/default.json (GET)": 1, "https://api.github.com/repos/capraconsulting/renovate-config/contents/library.json (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/211efe038f032ceb837d8c10da96354068651f93/statuses (GET)": 2, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/3df30cd6e648160bf45c1886c04256122b513fee/statuses (GET)": 2, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/8db622bcf39eb5760286414d6873924a08cf51f2/statuses (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/e55e574f48e9653d37ce7e571649726c54e99108/statuses (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/f69d5ab33d53e43cfcba887fcdc573932d366f9a/statuses (GET)": 2, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/renovate/aws-cdk-monorepo/status (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/renovate/eslint-8.x/status (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/renovate/npm-ansi-regex-vulnerability/check-runs (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/renovate/npm-ansi-regex-vulnerability/status (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/commits/renovate/typescript-eslint-monorepo/status (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/contents/renovate.json (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/issues/5 (GET)": 2, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/issues/5 (PATCH)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/pulls (GET)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/statuses/211efe038f032ceb837d8c10da96354068651f93 (POST)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/statuses/3df30cd6e648160bf45c1886c04256122b513fee (POST)": 1, "https://api.github.com/repos/capralifecycle/webapp-deploy-lambda/statuses/f69d5ab33d53e43cfcba887fcdc573932d366f9a (POST)": 1, "https://api.github.com/repos/whitesource/merge-confidence/contents/beta.json (GET)": 1, "https://pypi.org/pypi/boto3/json (GET)": 1, "https://registry.npmjs.org/@aws-cdk%2Fassert (GET)": 1, "https://registry.npmjs.org/@commitlint%2Fcli (GET)": 1, "https://registry.npmjs.org/@commitlint%2Fconfig-conventional (GET)": 1 }, "hostStats": { "api.github.com": { "requestCount": 28, "requestAvgMs": 284, "queueAvgMs": 0 }, "pypi.org": { "requestCount": 1, "requestAvgMs": 4447, "queueAvgMs": 0 }, "registry.npmjs.org": { "requestCount": 3, "requestAvgMs": 3840, "queueAvgMs": 0 } }, "totalRequests": 32 } INFO: Repository finished { "durationMs": 450327 } ```

[rarkins]

Yep, this is an automerged vulnerability remediation PR. (On that note, may it make things a bit easier for the maintainers by adding an optional field to the bug template for describing the type of update? Lock file maintenance, direct dependency update, vulnerability remediation, ...?)

There is a limit to how many fields we can add to the bug template before it becomes too difficult to use. There are a LOT of different types of use, not all relate to an update. Thankfully most people voluntarily describe their problem in detail.

[github-actions[bot]]

Hi there,

Help us by making a minimal reproduction repository.

Before we can start work on your issue we first need to know exactly what's causing the current behavior. A minimal reproduction helps us with this.

To get started, please read our guide on creating a minimal reproduction to understand what is needed.

We may close the issue if you (or someone else) have not provided a minimal reproduction within two weeks. If you need more time, or are stuck, please ask for help or more time in a comment.

Good luck,

The Renovate team

[rarkins]

In both the logs you gave, the branch already existed, whereas we need to see a job when the branch/commit was first created to understand why. A public reproduction would allow us to debug/troubleshoot it directly.

In terms of making the problem go away, you could try setting "transitiveRemediation": false in your config to stop this type of nested vulnerability fixing (but it will be for every transitive vulnerability).

[stekern]

@rarkins First of, thanks for the quick response and help.

I understand that you can't include all types of optional parameters to cover all types of different use-cases to the bug template, but I figured it was worth suggesting at least in the case it could be used as a common discriminator. I do try to add the necessary amount of detail to the bug reports I submit, but apologies for the lack in this case. Especially for projects one might not be very familiar with, there are nuances that can make it easy to forget to include something of importance (e.g., it was not immediately clear to me which logs are actually useful to share in this situation).

The issue has occurred across a wide range of our repositories, so it's not an isolated incident. I figured the public repository I mentioned in this bug report could serve as the reproduction repository, but it unfortunately seems like the logs you requested from when the branch was first created has expired (?), unfortunately.

I've set up a minimal repository https://github.com/stekern/repro-renovate-13977 with the same Dependabot alert, and I'm waiting for Renovate to take action.

[rarkins]

Perfect! Thank you for taking the time for the reproduction - I'll take a look

[stekern]

Alright, I've managed to reproduce the issue in my new repository.

Renovate first creates a commit that performs the only automatically fixable change for the Dependabot alert in question (through npm audit fix I assume). This is exhibited in https://github.com/stekern/repro-renovate-13977/commit/c6e95adad28fd00c87e926346c6e5baf4ae76c39.

Logs from commit c6e95ad

``` DEBUG: No dangling containers to remove INFO: Repository started { "renovateVersion": "31.66.3" } DEBUG: Using localDir: /mnt/renovate/gh/stekern/repro-renovate-13977 DEBUG: Repository cache is valid DEBUG: initRepo("stekern/repro-renovate-13977") DEBUG: Overriding default GitHub endpoint { "endpoint": "https://api.github.com/" } DEBUG: stekern/repro-renovate-13977 default branch = master DEBUG: Using app token for git init DEBUG: resetMemCache() DEBUG: Resetting npmrc DEBUG: detectSemanticCommits() DEBUG: checkOnboarding() DEBUG: isOnboarded() DEBUG: Checking cached config file name DEBUG: Existing config file confirmed DEBUG: Repo is onboarded DEBUG: migrateAndValidate() DEBUG: No config migration necessary DEBUG: massaged config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "config:base" ], "automerge": true, "automergeType": "branch", "schedule": [ "at any time" ] } } DEBUG: migrated config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "config:base" ], "automerge": true, "automergeType": "branch", "schedule": [ "at any time" ] } } DEBUG: Setting hostRules from config DEBUG: Found repo ignorePaths { "ignorePaths": [ "**/node_modules/**", "**/bower_components/**", "**/vendor/**", "**/examples/**", "**/__tests__/**", "**/test/**", "**/tests/**", "**/__fixtures__/**" ] } DEBUG: GitHub vulnerability details { "alerts": { "npm/ansi-regex": { "> 2.1.1, < 5.0.1": "5.0.1" } } } DEBUG: alert package rules { "alertPackageRules": [ { "matchDatasources": [ "npm" ], "matchPackageNames": [ "ansi-regex" ], "matchCurrentVersion": "= 3.0.0", "matchFiles": [ "package-lock.json" ], "enabled": false } ] } DEBUG: findIssue(Dependency Dashboard) DEBUG: Retrieving issueList DEBUG: Retrieved 0 issues DEBUG: No baseBranches DEBUG: extract() DEBUG: Setting current branch to master DEBUG: Initializing git repository into /mnt/renovate/gh/stekern/repro-renovate-13977 DEBUG: Performing blobless clone DEBUG: git clone completed { "durationMs": 901 } DEBUG: latest repository commit { "latestCommit": { "hash": "4b7278398d88ce0ae8537ffdc2a048b0165f5def", "date": "2022-02-04T12:30:18+01:00", "message": "extend default renovate config", "refs": "HEAD -> master, origin/master, origin/HEAD", "body": "", "author_name": "stekern", "author_email": "stekern@users.noreply.github.com" } } DEBUG: latest commit { "branchName": "master", "latestCommitDate": "2022-02-04T12:30:18+01:00" } DEBUG: Using file match: (^|/)tasks/[^/]+\.ya?ml$ for manager ansible DEBUG: Using file match: (^|/)requirements\.ya?ml$ for manager ansible-galaxy DEBUG: Using file match: (^|/)galaxy\.ya?ml$ for manager ansible-galaxy DEBUG: Using file match: azure.*pipelines?.*\.ya?ml$ for manager azure-pipelines DEBUG: Using file match: (^|/)batect(-bundle)?\.yml$ for manager batect DEBUG: Using file match: (^|/)batect$ for manager batect-wrapper DEBUG: Using file match: (^|/)WORKSPACE(|\.bazel)$ for manager bazel DEBUG: Using file match: \.bzl$ for manager bazel DEBUG: Using file match: (^|/)\.?bitbucket-pipelines\.ya?ml$ for manager bitbucket-pipelines DEBUG: Using file match: buildkite\.ya?ml for manager buildkite DEBUG: Using file match: \.buildkite/.+\.ya?ml$ for manager buildkite DEBUG: Using file match: (^|/)Gemfile$ for manager bundler DEBUG: Using file match: \.cake$ for manager cake DEBUG: Using file match: (^|/)Cargo.toml$ for manager cargo DEBUG: Using file match: (^|/).circleci/config.yml$ for manager circleci DEBUG: Using file match: (^|/)cloudbuild.ya?ml for manager cloudbuild DEBUG: Using file match: (^|/)Podfile$ for manager cocoapods DEBUG: Using file match: (^|/)([\w-]*)composer.json$ for manager composer DEBUG: Using file match: (^|/)deps\.edn$ for manager deps-edn DEBUG: Using file match: (^|/)docker-compose[^/]*\.ya?ml$ for manager docker-compose DEBUG: Using file match: (^|/|\.)Dockerfile$ for manager dockerfile DEBUG: Using file match: (^|/)Dockerfile\.[^/]*$ for manager dockerfile DEBUG: Using file match: (^|/).drone.yml$ for manager droneci DEBUG: Using file match: (^|/)flux-system/gotk-components\.yaml$ for manager flux DEBUG: Using file match: (^|/).gitmodules$ for manager git-submodules DEBUG: Using file match: (^workflow-templates|\.github\/workflows)\/[^/]+\.ya?ml$ for manager github-actions DEBUG: Using file match: (^|\/)action\.ya?ml$ for manager github-actions DEBUG: Using file match: \.gitlab-ci\.yml$ for manager gitlabci DEBUG: Using file match: \.gitlab-ci\.yml$ for manager gitlabci-include DEBUG: Using file match: (^|/)go.mod$ for manager gomod DEBUG: Using file match: \.gradle(\.kts)?$ for manager gradle DEBUG: Using file match: (^|\/)gradle\.properties$ for manager gradle DEBUG: Using file match: (^|\/)gradle\/.+\.toml$ for manager gradle DEBUG: Using file match: \.versions\.toml$ for manager gradle DEBUG: Using file match: (^|/)gradle/wrapper/gradle-wrapper.properties$ for manager gradle-wrapper DEBUG: Using file match: (^|/)requirements\.yaml$ for manager helm-requirements DEBUG: Using file match: (^|/)values.yaml$ for manager helm-values DEBUG: Using file match: (^|/)helmfile.yaml$ for manager helmfile DEBUG: Using file match: (^|/)Chart.yaml$ for manager helmv3 DEBUG: Using file match: ^Formula/[^/]+[.]rb$ for manager homebrew DEBUG: Using file match: \.html?$ for manager html DEBUG: Using file match: (^|/)plugins\.(txt|ya?ml)$ for manager jenkins DEBUG: Using file match: (^|/)jsonnetfile.json$ for manager jsonnet-bundler DEBUG: Using file match: (^|/)kustomization\.yaml for manager kustomize DEBUG: Using file match: (^|/)project\.clj$ for manager leiningen DEBUG: Using file match: (^|/|\.)pom\.xml$ for manager maven DEBUG: Using file match: ^(((\.mvn)|(\.m2))/)?settings\.xml$ for manager maven DEBUG: Using file match: (^|/)package.js$ for manager meteor DEBUG: Using file match: (^|/)mix\.exs$ for manager mix DEBUG: Using file match: (^|/).node-version$ for manager nodenv DEBUG: Using file match: (^|/)package.json$ for manager npm DEBUG: Using file match: \.(?:cs|fs|vb)proj$ for manager nuget DEBUG: Using file match: \.(?:props|targets)$ for manager nuget DEBUG: Using file match: (^|\/)dotnet-tools\.json$ for manager nuget DEBUG: Using file match: (^|\/)global\.json$ for manager nuget DEBUG: Using file match: (^|/)\.nvmrc$ for manager nvm DEBUG: Using file match: (^|/)([\w-]*)requirements\.(txt|pip)$ for manager pip_requirements DEBUG: Using file match: (^|/)setup.py$ for manager pip_setup DEBUG: Using file match: (^|/)Pipfile$ for manager pipenv DEBUG: Using file match: (^|/)pyproject\.toml$ for manager poetry DEBUG: Using file match: (^|/)\.pre-commit-config\.yaml$ for manager pre-commit DEBUG: Using file match: (^|/)pubspec\.ya?ml$ for manager pub DEBUG: Using file match: (^|/).python-version$ for manager pyenv DEBUG: Using file match: (^|/)\.ruby-version$ for manager ruby-version DEBUG: Using file match: \.sbt$ for manager sbt DEBUG: Using file match: project/[^/]*.scala$ for manager sbt DEBUG: Using file match: (^|/)setup\.cfg$ for manager setup-cfg DEBUG: Using file match: (^|/)Package\.swift for manager swift DEBUG: Using file match: \.tf$ for manager terraform DEBUG: Using file match: (^|/)\.terraform-version$ for manager terraform-version DEBUG: Using file match: (^|/)terragrunt\.hcl$ for manager terragrunt DEBUG: Using file match: (^|/)\.terragrunt-version$ for manager terragrunt-version DEBUG: Using file match: ^.travis.yml$ for manager travis DEBUG: Matched 1 file(s) for manager npm: package.json DEBUG: npm file package.json has name "repro-renovate-13977" DEBUG: Detecting pnpm Workspaces DEBUG: Detecting Lerna and Yarn Workspaces DEBUG: Finding locked versions DEBUG: Found package-lock.json for package.json DEBUG: Found npm package files DEBUG: Found 1 package file(s) INFO: Dependency extraction complete { "baseBranch": "master", "stats": { "managers": { "npm": { "fileCount": 1, "depCount": 1 } }, "total": { "fileCount": 1, "depCount": 1 } } } DEBUG: Package releases lookups complete { "baseBranch": "master" } DEBUG: branchifyUpgrades DEBUG: 1 flattened updates found: ansi-regex DEBUG: Returning 1 branch(es) DEBUG: config.repoIsOnboarded=true DEBUG: packageFiles with updates { "config": { "npm": [ { "packageFile": "package.json", "deps": [ { "depType": "devDependencies", "depName": "semantic-release", "currentValue": "19.0.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "19.0.2", "depIndex": 0, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/semantic-release/semantic-release", "currentVersion": "19.0.2", "fixedVersion": "19.0.2" } ], "packageJsonName": "repro-renovate-13977", "packageFileVersion": "1.0.0", "packageJsonType": "library", "npmLock": "package-lock.json", "managerData": { "yarnZeroInstall": false }, "skipInstalls": true, "constraints": { "npm": "<7" }, "lockFiles": [ "package-lock.json" ] } ] } } DEBUG: processRepo() DEBUG: Processing 1 branch: renovate/npm-ansi-regex-vulnerability DEBUG: Calculating hourly PRs remaining DEBUG: Retrieving PR list DEBUG: Retrieved 0 Pull Requests DEBUG: currentHourStart=2022-02-04T11:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating prConcurrentLimit (10) DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed) DEBUG: 0 PRs are currently open DEBUG: PR concurrent limit remaining: 10 DEBUG: Calculated maximum PRs remaining this run { "prsRemaining": 2 } DEBUG: PullRequests limit = 2 DEBUG: Calculating hourly PRs remaining DEBUG: currentHourStart=2022-02-04T11:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating branchConcurrentLimit (10) DEBUG: 0 already existing branches found: DEBUG: Branch concurrent limit remaining: 10 DEBUG: Calculated maximum branches remaining this run { "branchesRemaining": 2 } DEBUG: Branches limit = 2 DEBUG: Setting current branch to master(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: latest commit(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "master", "latestCommitDate": "2022-02-04T12:30:18+01:00" } DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: branchExists=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: recreateClosed is false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, Update dependency ansi-regex to 5.0.1 [SECURITY], !open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: prAlreadyExisted=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Checking schedule(, null)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No schedule defined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch needs creating(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using reuseExistingBranch: false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: ansi-regex@3.0.0 -> 5.0.1 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of strip-ansi starting with 4.0.0 which supports >= ansi-regex@5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: ansi-regex needs strip-ansi@6.0.0 which uses constraint "^5.0.0" in order to update to 5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of ansi-regex to 5.0.1 can be achieved due to parent strip-ansi(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: strip-ansi@4.0.0 -> 6.0.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of string-width starting with 2.1.1 which supports >= strip-ansi@6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: strip-ansi needs string-width@4.2.0 which uses constraint "^6.0.0" in order to update to 6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of strip-ansi to 6.0.0 can be achieved due to parent string-width(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: string-width@2.1.1 -> 4.2.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of wide-align starting with 1.1.3 which supports >= string-width@4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: string-width needs wide-align@1.1.5 which uses constraint "^1.0.2 || 2 || 3 || 4" in order to update to 4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of string-width to 4.2.0 can be achieved due to parent wide-align(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: wide-align@1.1.3 -> 1.1.5 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: wide-align can be updated to 1.1.5 in-range with matching constraint "^1.1.2" in gauge@4.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Getting updated lock files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing package.json files(branch="renovate/npm-ansi-regex-vulnerability") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing any updated package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing lock file: package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No npmrc file found in repository(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing updated .npmrc file to /mnt/renovate/gh/stekern/repro-renovate-13977/.npmrc(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Generating package-lock.json for .(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Spawning npm install to create /mnt/renovate/gh/stekern/repro-renovate-13977/package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updating lock file only(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No node constraint found - using latest(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using docker to execute(branch="renovate/npm-ansi-regex-vulnerability") { "image": "node" } DEBUG: Resolved version(branch="renovate/npm-ansi-regex-vulnerability") { "toolName": "npm", "constraint": "<7", "resolvedVersion": "6.14.16" } DEBUG: No tag or tagConstraint specified(branch="renovate/npm-ansi-regex-vulnerability") { "image": "docker.io/renovate/node" } DEBUG: Fetching Docker image: docker.io/renovate/node(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finished fetching Docker image(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Executing command(branch="renovate/npm-ansi-regex-vulnerability") { "command": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/stekern/repro-renovate-13977\":\"/mnt/renovate/gh/stekern/repro-renovate-13977\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/stekern/repro-renovate-13977\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"" } DEBUG: exec completed(branch="renovate/npm-ansi-regex-vulnerability") { "cmd": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/stekern/repro-renovate-13977\":\"/mnt/renovate/gh/stekern/repro-renovate-13977\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/stekern/repro-renovate-13977\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"", "durationMs": 89675, "stdout": "Installing legacy tool npm v6.14.16\n/home/ubuntu/npm/6.14.16/bin/npm -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npm-cli.js\n/home/ubuntu/npm/6.14.16/bin/npx -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npx-cli.js\n+ npm@6.14.16\nadded 437 packages from 891 contributors in 52.041s\n+ node-gyp@8.4.1\nadded 61 packages from 20 contributors, updated 2 packages and audited 563 packages in 14.013s\n\n5 packages are looking for funding\n run `npm fund` for details\n\nfound 9 moderate severity vulnerabilities\n run `npm audit fix` to fix them, or `npm audit` for details\n6.14.16\nadded 529 packages in 5.999s\nadded 529 packages in 4.887s\n", "stderr": "npm notice created a lockfile as package-lock.json. You should commit this file.\nnpm WARN using --force I sure hope you know what you are doing.\nnpm WARN repro-renovate-13977@1.0.0 No repository field.\n\nnpm WARN repro-renovate-13977@1.0.0 No repository field.\n\n" } DEBUG: package-lock.json needs updating(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 lock files(branch="renovate/npm-ansi-regex-vulnerability") { "updatedArtifacts": [ "package-lock.json" ] } DEBUG: 1 file(s) to commit(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Preparing files for commiting to branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Setting git author name(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorName": "Renovate Bot" } DEBUG: Setting git author email(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorEmail": "bot@renovateapp.com" } DEBUG: git commit(branch="renovate/npm-ansi-regex-vulnerability") { "deletedFiles": [], "ignoredFiles": [], "result": { "author": null, "branch": "renovate/npm-ansi-regex-vulnerability", "commit": "c6e95ad", "root": false, "summary": { "changes": 1, "insertions": 35, "deletions": 0 } } } DEBUG: Pushing branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: git push(branch="renovate/npm-ansi-regex-vulnerability") { "result": { "pushed": [ { "deleted": false, "tag": false, "branch": true, "new": true, "alreadyUpdated": false, "local": "refs/heads/renovate/npm-ansi-regex-vulnerability", "remote": "refs/heads/renovate/npm-ansi-regex-vulnerability" } ], "branch": { "local": "renovate/npm-ansi-regex-vulnerability", "remote": "renovate/npm-ansi-regex-vulnerability", "remoteName": "origin" }, "ref": { "local": "refs/remotes/origin/renovate/npm-ansi-regex-vulnerability" }, "remoteMessages": { "all": [ "Create a pull request for 'renovate/npm-ansi-regex-vulnerability' on GitHub by visiting:", "https://github.com/stekern/repro-renovate-13977/pull/new/renovate/npm-ansi-regex-vulnerability" ], "pullRequestUrl": "https://github.com/stekern/repro-renovate-13977/pull/new/renovate/npm-ansi-regex-vulnerability" } } } DEBUG: Fetching branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") INFO: Branch created(branch="renovate/npm-ansi-regex-vulnerability") { "commitSha": "c6e95adad28fd00c87e926346c6e5baf4ae76c39" } DEBUG: Ensuring PR(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: There are 0 errors and 0 warnings(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch automerge is enabled(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: resolveBranchStatus(branchName=renovate/npm-ansi-regex-vulnerability, ignoreTests=false)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchStatus(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: branch status check result(branch="renovate/npm-ansi-regex-vulnerability") { "state": "pending", "statuses": [] } DEBUG: No check runs found(branch="renovate/npm-ansi-regex-vulnerability") { "result": { "total_count": 0, "check_runs": [] } } DEBUG: Branch status yellow(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch status is: yellow(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Checking how long this branch has been pending(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed) DEBUG: Ensuring Dependency Dashboard DEBUG: ensureIssue(Dependency Dashboard) INFO: Issue created DEBUG: Removing any stale branches DEBUG: config.repoIsOnboarded=true DEBUG: Branch lists { "branchList": [ "renovate/npm-ansi-regex-vulnerability" ], "renovateBranches": [ "renovate/npm-ansi-regex-vulnerability" ] } DEBUG: remainingBranches= DEBUG: No branches to clean up DEBUG: Retrieving issueList DEBUG: Retrieved 1 issues DEBUG: Repository timing splits (milliseconds) { "splits": { "init": 2259, "extract": 2597, "lookup": 230, "update": 102223 }, "total": 108231 } DEBUG: http statistics { "urls": { "https://api.github.com/graphql (POST)": 4, "https://api.github.com/repos/stekern/repro-renovate-13977/commits/renovate/npm-ansi-regex-vulnerability/check-runs (GET)": 1, "https://api.github.com/repos/stekern/repro-renovate-13977/commits/renovate/npm-ansi-regex-vulnerability/status (GET)": 1, "https://api.github.com/repos/stekern/repro-renovate-13977/contents/renovate.json (GET)": 1, "https://api.github.com/repos/stekern/repro-renovate-13977/issues (POST)": 1, "https://api.github.com/repos/stekern/repro-renovate-13977/pulls (GET)": 1, "https://api.github.com/repos/whitesource/merge-confidence/contents/beta.json (GET)": 1 }, "hostStats": { "api.github.com": { "requestCount": 10, "requestAvgMs": 249, "queueAvgMs": 0 } }, "totalRequests": 10 } INFO: Repository finished { "durationMs": 108231 } ```

This commit is then merged in, and after this I get a series of commits from Renovate that just seem to move dependencies up and down the dependency tree. It seems like every time Renovate scans the repository, it creates a commit that moves a dependency up the dependency tree (https://github.com/stekern/repro-renovate-13977/commit/344624e9f8ac646dceb4fbabeb4b5dfaa8a3f9da) followed by a new commit that reverses this change (https://github.com/stekern/repro-renovate-13977/commit/194c08fe2985f94450c241e092e2df6811c8653b).

Logs from commits 344624e and 194c08f

``` DEBUG: No dangling containers to remove INFO: Repository started { "renovateVersion": "31.66.3" } DEBUG: Using localDir: /mnt/renovate/gh/stekern/repro-renovate-13977 DEBUG: Repository cache is valid DEBUG: initRepo("stekern/repro-renovate-13977") DEBUG: Overriding default GitHub endpoint { "endpoint": "https://api.github.com/" } DEBUG: stekern/repro-renovate-13977 default branch = master DEBUG: Using app token for git init DEBUG: resetMemCache() DEBUG: Resetting npmrc DEBUG: detectSemanticCommits() DEBUG: checkOnboarding() DEBUG: isOnboarded() DEBUG: Checking cached config file name DEBUG: Existing config file confirmed DEBUG: Repo is onboarded DEBUG: migrateAndValidate() DEBUG: No config migration necessary DEBUG: massaged config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "config:base" ], "automerge": true, "automergeType": "branch", "schedule": [ "at any time" ], "ignoreTests": true } } DEBUG: migrated config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "config:base" ], "automerge": true, "automergeType": "branch", "schedule": [ "at any time" ], "ignoreTests": true } } DEBUG: Setting hostRules from config DEBUG: Found repo ignorePaths { "ignorePaths": [ "**/node_modules/**", "**/bower_components/**", "**/vendor/**", "**/examples/**", "**/__tests__/**", "**/test/**", "**/tests/**", "**/__fixtures__/**" ] } DEBUG: GitHub vulnerability details { "alerts": { "npm/ansi-regex": { "> 2.1.1, < 5.0.1": "5.0.1" } } } DEBUG: alert package rules { "alertPackageRules": [ { "matchDatasources": [ "npm" ], "matchPackageNames": [ "ansi-regex" ], "matchCurrentVersion": "= 3.0.0", "matchFiles": [ "package-lock.json" ], "enabled": false } ] } DEBUG: findIssue(Dependency Dashboard) DEBUG: Retrieving issueList DEBUG: Retrieved 1 issues DEBUG: Found issue 1 DEBUG: No baseBranches DEBUG: extract() DEBUG: Setting current branch to master DEBUG: Initializing git repository into /mnt/renovate/gh/stekern/repro-renovate-13977 DEBUG: Performing blobless clone DEBUG: git clone completed { "durationMs": 913 } DEBUG: latest repository commit { "latestCommit": { "hash": "58111ebd3818bc346099c512577fd4f447b4661a", "date": "2022-02-04T12:40:25+01:00", "message": "trigger renovate", "refs": "HEAD -> master, origin/master, origin/HEAD", "body": "", "author_name": "stekern", "author_email": "stekern@users.noreply.github.com" } } DEBUG: latest commit { "branchName": "master", "latestCommitDate": "2022-02-04T12:40:25+01:00" } DEBUG: Using file match: (^|/)tasks/[^/]+\.ya?ml$ for manager ansible DEBUG: Using file match: (^|/)requirements\.ya?ml$ for manager ansible-galaxy DEBUG: Using file match: (^|/)galaxy\.ya?ml$ for manager ansible-galaxy DEBUG: Using file match: azure.*pipelines?.*\.ya?ml$ for manager azure-pipelines DEBUG: Using file match: (^|/)batect(-bundle)?\.yml$ for manager batect DEBUG: Using file match: (^|/)batect$ for manager batect-wrapper DEBUG: Using file match: (^|/)WORKSPACE(|\.bazel)$ for manager bazel DEBUG: Using file match: \.bzl$ for manager bazel DEBUG: Using file match: (^|/)\.?bitbucket-pipelines\.ya?ml$ for manager bitbucket-pipelines DEBUG: Using file match: buildkite\.ya?ml for manager buildkite DEBUG: Using file match: \.buildkite/.+\.ya?ml$ for manager buildkite DEBUG: Using file match: (^|/)Gemfile$ for manager bundler DEBUG: Using file match: \.cake$ for manager cake DEBUG: Using file match: (^|/)Cargo.toml$ for manager cargo DEBUG: Using file match: (^|/).circleci/config.yml$ for manager circleci DEBUG: Using file match: (^|/)cloudbuild.ya?ml for manager cloudbuild DEBUG: Using file match: (^|/)Podfile$ for manager cocoapods DEBUG: Using file match: (^|/)([\w-]*)composer.json$ for manager composer DEBUG: Using file match: (^|/)deps\.edn$ for manager deps-edn DEBUG: Using file match: (^|/)docker-compose[^/]*\.ya?ml$ for manager docker-compose DEBUG: Using file match: (^|/|\.)Dockerfile$ for manager dockerfile DEBUG: Using file match: (^|/)Dockerfile\.[^/]*$ for manager dockerfile DEBUG: Using file match: (^|/).drone.yml$ for manager droneci DEBUG: Using file match: (^|/)flux-system/gotk-components\.yaml$ for manager flux DEBUG: Using file match: (^|/).gitmodules$ for manager git-submodules DEBUG: Using file match: (^workflow-templates|\.github\/workflows)\/[^/]+\.ya?ml$ for manager github-actions DEBUG: Using file match: (^|\/)action\.ya?ml$ for manager github-actions DEBUG: Using file match: \.gitlab-ci\.yml$ for manager gitlabci DEBUG: Using file match: \.gitlab-ci\.yml$ for manager gitlabci-include DEBUG: Using file match: (^|/)go.mod$ for manager gomod DEBUG: Using file match: \.gradle(\.kts)?$ for manager gradle DEBUG: Using file match: (^|\/)gradle\.properties$ for manager gradle DEBUG: Using file match: (^|\/)gradle\/.+\.toml$ for manager gradle DEBUG: Using file match: \.versions\.toml$ for manager gradle DEBUG: Using file match: (^|/)gradle/wrapper/gradle-wrapper.properties$ for manager gradle-wrapper DEBUG: Using file match: (^|/)requirements\.yaml$ for manager helm-requirements DEBUG: Using file match: (^|/)values.yaml$ for manager helm-values DEBUG: Using file match: (^|/)helmfile.yaml$ for manager helmfile DEBUG: Using file match: (^|/)Chart.yaml$ for manager helmv3 DEBUG: Using file match: ^Formula/[^/]+[.]rb$ for manager homebrew DEBUG: Using file match: \.html?$ for manager html DEBUG: Using file match: (^|/)plugins\.(txt|ya?ml)$ for manager jenkins DEBUG: Using file match: (^|/)jsonnetfile.json$ for manager jsonnet-bundler DEBUG: Using file match: (^|/)kustomization\.yaml for manager kustomize DEBUG: Using file match: (^|/)project\.clj$ for manager leiningen DEBUG: Using file match: (^|/|\.)pom\.xml$ for manager maven DEBUG: Using file match: ^(((\.mvn)|(\.m2))/)?settings\.xml$ for manager maven DEBUG: Using file match: (^|/)package.js$ for manager meteor DEBUG: Using file match: (^|/)mix\.exs$ for manager mix DEBUG: Using file match: (^|/).node-version$ for manager nodenv DEBUG: Using file match: (^|/)package.json$ for manager npm DEBUG: Using file match: \.(?:cs|fs|vb)proj$ for manager nuget DEBUG: Using file match: \.(?:props|targets)$ for manager nuget DEBUG: Using file match: (^|\/)dotnet-tools\.json$ for manager nuget DEBUG: Using file match: (^|\/)global\.json$ for manager nuget DEBUG: Using file match: (^|/)\.nvmrc$ for manager nvm DEBUG: Using file match: (^|/)([\w-]*)requirements\.(txt|pip)$ for manager pip_requirements DEBUG: Using file match: (^|/)setup.py$ for manager pip_setup DEBUG: Using file match: (^|/)Pipfile$ for manager pipenv DEBUG: Using file match: (^|/)pyproject\.toml$ for manager poetry DEBUG: Using file match: (^|/)\.pre-commit-config\.yaml$ for manager pre-commit DEBUG: Using file match: (^|/)pubspec\.ya?ml$ for manager pub DEBUG: Using file match: (^|/).python-version$ for manager pyenv DEBUG: Using file match: (^|/)\.ruby-version$ for manager ruby-version DEBUG: Using file match: \.sbt$ for manager sbt DEBUG: Using file match: project/[^/]*.scala$ for manager sbt DEBUG: Using file match: (^|/)setup\.cfg$ for manager setup-cfg DEBUG: Using file match: (^|/)Package\.swift for manager swift DEBUG: Using file match: \.tf$ for manager terraform DEBUG: Using file match: (^|/)\.terraform-version$ for manager terraform-version DEBUG: Using file match: (^|/)terragrunt\.hcl$ for manager terragrunt DEBUG: Using file match: (^|/)\.terragrunt-version$ for manager terragrunt-version DEBUG: Using file match: ^.travis.yml$ for manager travis DEBUG: Matched 1 file(s) for manager npm: package.json DEBUG: npm file package.json has name "repro-renovate-13977" DEBUG: Detecting pnpm Workspaces DEBUG: Detecting Lerna and Yarn Workspaces DEBUG: Finding locked versions DEBUG: Found package-lock.json for package.json DEBUG: Found npm package files DEBUG: Found 1 package file(s) INFO: Dependency extraction complete { "baseBranch": "master", "stats": { "managers": { "npm": { "fileCount": 1, "depCount": 1 } }, "total": { "fileCount": 1, "depCount": 1 } } } DEBUG: Package releases lookups complete { "baseBranch": "master" } DEBUG: branchifyUpgrades DEBUG: 1 flattened updates found: ansi-regex DEBUG: Returning 1 branch(es) DEBUG: config.repoIsOnboarded=true DEBUG: packageFiles with updates { "config": { "npm": [ { "packageFile": "package.json", "deps": [ { "depType": "devDependencies", "depName": "semantic-release", "currentValue": "19.0.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "19.0.2", "depIndex": 0, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/semantic-release/semantic-release", "currentVersion": "19.0.2", "fixedVersion": "19.0.2" } ], "packageJsonName": "repro-renovate-13977", "packageFileVersion": "1.0.0", "packageJsonType": "library", "npmLock": "package-lock.json", "managerData": { "yarnZeroInstall": false }, "skipInstalls": true, "constraints": { "npm": "<7" }, "lockFiles": [ "package-lock.json" ] } ] } } DEBUG: processRepo() DEBUG: Processing 1 branch: renovate/npm-ansi-regex-vulnerability DEBUG: Calculating hourly PRs remaining DEBUG: Retrieving PR list DEBUG: Retrieved 0 Pull Requests DEBUG: currentHourStart=2022-02-04T11:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating prConcurrentLimit (10) DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed) DEBUG: 0 PRs are currently open DEBUG: PR concurrent limit remaining: 10 DEBUG: Calculated maximum PRs remaining this run { "prsRemaining": 2 } DEBUG: PullRequests limit = 2 DEBUG: Calculating hourly PRs remaining DEBUG: currentHourStart=2022-02-04T11:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating branchConcurrentLimit (10) DEBUG: 0 already existing branches found: DEBUG: Branch concurrent limit remaining: 10 DEBUG: Calculated maximum branches remaining this run { "branchesRemaining": 2 } DEBUG: Branches limit = 2 DEBUG: Setting current branch to master(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: latest commit(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "master", "latestCommitDate": "2022-02-04T12:40:25+01:00" } DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: branchExists=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: recreateClosed is false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, Update dependency ansi-regex to 5.0.1 [SECURITY], !open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: prAlreadyExisted=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Checking schedule(, null)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No schedule defined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch needs creating(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using reuseExistingBranch: false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: ansi-regex@3.0.0 -> 5.0.1 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of strip-ansi starting with 4.0.0 which supports >= ansi-regex@5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: ansi-regex needs strip-ansi@6.0.0 which uses constraint "^5.0.0" in order to update to 5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of ansi-regex to 5.0.1 can be achieved due to parent strip-ansi(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: strip-ansi@4.0.0 -> 6.0.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of string-width starting with 2.1.1 which supports >= strip-ansi@6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: strip-ansi needs string-width@4.2.0 which uses constraint "^6.0.0" in order to update to 6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of strip-ansi to 6.0.0 can be achieved due to parent string-width(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: string-width@2.1.1 -> 4.2.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of wide-align starting with 1.1.5 which supports >= string-width@4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: string-width needs wide-align@1.1.5 which uses constraint "^1.0.2 || 2 || 3 || 4" in order to update to 4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of string-width to 4.2.0 already achieved in parent wide-align@1.1.5(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Getting updated lock files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing package.json files(branch="renovate/npm-ansi-regex-vulnerability") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing any updated package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing lock file: package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No npmrc file found in repository(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing updated .npmrc file to /mnt/renovate/gh/stekern/repro-renovate-13977/.npmrc(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Generating package-lock.json for .(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Spawning npm install to create /mnt/renovate/gh/stekern/repro-renovate-13977/package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updating lock file only(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No node constraint found - using latest(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using docker to execute(branch="renovate/npm-ansi-regex-vulnerability") { "image": "node" } DEBUG: Resolved version(branch="renovate/npm-ansi-regex-vulnerability") { "toolName": "npm", "constraint": "<7", "resolvedVersion": "6.14.16" } DEBUG: No tag or tagConstraint specified(branch="renovate/npm-ansi-regex-vulnerability") { "image": "docker.io/renovate/node" } DEBUG: Fetching Docker image: docker.io/renovate/node(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finished fetching Docker image(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Executing command(branch="renovate/npm-ansi-regex-vulnerability") { "command": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/stekern/repro-renovate-13977\":\"/mnt/renovate/gh/stekern/repro-renovate-13977\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/stekern/repro-renovate-13977\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"" } DEBUG: exec completed(branch="renovate/npm-ansi-regex-vulnerability") { "cmd": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/stekern/repro-renovate-13977\":\"/mnt/renovate/gh/stekern/repro-renovate-13977\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/stekern/repro-renovate-13977\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"", "durationMs": 98669, "stdout": "Installing legacy tool npm v6.14.16\n/home/ubuntu/npm/6.14.16/bin/npm -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npm-cli.js\n/home/ubuntu/npm/6.14.16/bin/npx -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npx-cli.js\n+ npm@6.14.16\nadded 437 packages from 891 contributors in 57.307s\n+ node-gyp@8.4.1\nadded 61 packages from 20 contributors, updated 2 packages and audited 563 packages in 15.763s\n\n5 packages are looking for funding\n run `npm fund` for details\n\nfound 9 moderate severity vulnerabilities\n run `npm audit fix` to fix them, or `npm audit` for details\n6.14.16\nadded 529 packages in 6.881s\nadded 529 packages in 5.54s\n", "stderr": "npm notice created a lockfile as package-lock.json. You should commit this file.\nnpm WARN using --force I sure hope you know what you are doing.\nnpm WARN repro-renovate-13977@1.0.0 No repository field.\n\nnpm WARN repro-renovate-13977@1.0.0 No repository field.\n\n" } DEBUG: package-lock.json needs updating(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 lock files(branch="renovate/npm-ansi-regex-vulnerability") { "updatedArtifacts": [ "package-lock.json" ] } DEBUG: 1 file(s) to commit(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Preparing files for commiting to branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Setting git author name(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorName": "Renovate Bot" } DEBUG: Setting git author email(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorEmail": "bot@renovateapp.com" } DEBUG: git commit(branch="renovate/npm-ansi-regex-vulnerability") { "deletedFiles": [], "ignoredFiles": [], "result": { "author": null, "branch": "renovate/npm-ansi-regex-vulnerability", "commit": "344624e", "root": false, "summary": { "changes": 1, "insertions": 6, "deletions": 0 } } } DEBUG: Pushing branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: git push(branch="renovate/npm-ansi-regex-vulnerability") { "result": { "pushed": [ { "deleted": false, "tag": false, "branch": true, "new": true, "alreadyUpdated": false, "local": "refs/heads/renovate/npm-ansi-regex-vulnerability", "remote": "refs/heads/renovate/npm-ansi-regex-vulnerability" } ], "branch": { "local": "renovate/npm-ansi-regex-vulnerability", "remote": "renovate/npm-ansi-regex-vulnerability", "remoteName": "origin" }, "ref": { "local": "refs/remotes/origin/renovate/npm-ansi-regex-vulnerability" }, "remoteMessages": { "all": [ "Create a pull request for 'renovate/npm-ansi-regex-vulnerability' on GitHub by visiting:", "https://github.com/stekern/repro-renovate-13977/pull/new/renovate/npm-ansi-regex-vulnerability" ], "pullRequestUrl": "https://github.com/stekern/repro-renovate-13977/pull/new/renovate/npm-ansi-regex-vulnerability" } } } DEBUG: Fetching branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") INFO: Branch created(branch="renovate/npm-ansi-regex-vulnerability") { "commitSha": "344624e9f8ac646dceb4fbabeb4b5dfaa8a3f9da" } DEBUG: Checking if we can automerge branch(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: resolveBranchStatus(branchName=renovate/npm-ansi-regex-vulnerability, ignoreTests=true)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Ignore tests. Return green(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Automerging branch(branch="renovate/npm-ansi-regex-vulnerability") INFO: Branch automerged(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: mergeStatus=automerged(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Deleted remote branch(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "renovate/npm-ansi-regex-vulnerability" } DEBUG: Deleted local branch(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "renovate/npm-ansi-regex-vulnerability" } DEBUG: Branch is automerged - returning(branch="renovate/npm-ansi-regex-vulnerability") INFO: Renovating repository again after automerge result DEBUG: No dangling containers to remove INFO: Repository started { "renovateVersion": "31.66.3" } DEBUG: Using localDir: /mnt/renovate/gh/stekern/repro-renovate-13977 DEBUG: Repository cache is valid DEBUG: initRepo("stekern/repro-renovate-13977") DEBUG: Overriding default GitHub endpoint { "endpoint": "https://api.github.com/" } DEBUG: stekern/repro-renovate-13977 default branch = master DEBUG: Using app token for git init DEBUG: resetMemCache() DEBUG: Resetting npmrc DEBUG: detectSemanticCommits() DEBUG: checkOnboarding() DEBUG: isOnboarded() DEBUG: Checking cached config file name DEBUG: Existing config file confirmed DEBUG: Repo is onboarded DEBUG: migrateAndValidate() DEBUG: No config migration necessary DEBUG: massaged config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "config:base" ], "automerge": true, "automergeType": "branch", "schedule": [ "at any time" ], "ignoreTests": true } } DEBUG: migrated config { "config": { "extends": [ "github>whitesource/merge-confidence:beta", "config:base" ], "automerge": true, "automergeType": "branch", "schedule": [ "at any time" ], "ignoreTests": true } } DEBUG: Setting hostRules from config DEBUG: Found repo ignorePaths { "ignorePaths": [ "**/node_modules/**", "**/bower_components/**", "**/vendor/**", "**/examples/**", "**/__tests__/**", "**/test/**", "**/tests/**", "**/__fixtures__/**" ] } DEBUG: GitHub vulnerability details { "alerts": { "npm/ansi-regex": { "> 2.1.1, < 5.0.1": "5.0.1" } } } DEBUG: alert package rules { "alertPackageRules": [ { "matchDatasources": [ "npm" ], "matchPackageNames": [ "ansi-regex" ], "matchCurrentVersion": "= 3.0.0", "matchFiles": [ "package-lock.json" ], "enabled": false } ] } DEBUG: findIssue(Dependency Dashboard) DEBUG: Retrieving issueList DEBUG: Retrieved 1 issues DEBUG: Found issue 1 DEBUG: No baseBranches DEBUG: extract() DEBUG: Setting current branch to master DEBUG: Initializing git repository into /mnt/renovate/gh/stekern/repro-renovate-13977 DEBUG: resetToBranch(master) DEBUG: resetToBranch(master) DEBUG: { "existingBranches": [] } INFO: git fetch completed { "durationMs": 1497 } DEBUG: latest repository commit { "latestCommit": { "hash": "344624e9f8ac646dceb4fbabeb4b5dfaa8a3f9da", "date": "2022-02-04T11:46:17+00:00", "message": "Update dependency ansi-regex to 5.0.1 [SECURITY]", "refs": "HEAD -> master, origin/master, origin/HEAD", "body": "", "author_name": "Renovate Bot", "author_email": "bot@renovateapp.com" } } DEBUG: latest commit { "branchName": "master", "latestCommitDate": "2022-02-04T11:46:17+00:00" } DEBUG: Using file match: (^|/)tasks/[^/]+\.ya?ml$ for manager ansible DEBUG: Using file match: (^|/)requirements\.ya?ml$ for manager ansible-galaxy DEBUG: Using file match: (^|/)galaxy\.ya?ml$ for manager ansible-galaxy DEBUG: Using file match: azure.*pipelines?.*\.ya?ml$ for manager azure-pipelines DEBUG: Using file match: (^|/)batect(-bundle)?\.yml$ for manager batect DEBUG: Using file match: (^|/)batect$ for manager batect-wrapper DEBUG: Using file match: (^|/)WORKSPACE(|\.bazel)$ for manager bazel DEBUG: Using file match: \.bzl$ for manager bazel DEBUG: Using file match: (^|/)\.?bitbucket-pipelines\.ya?ml$ for manager bitbucket-pipelines DEBUG: Using file match: buildkite\.ya?ml for manager buildkite DEBUG: Using file match: \.buildkite/.+\.ya?ml$ for manager buildkite DEBUG: Using file match: (^|/)Gemfile$ for manager bundler DEBUG: Using file match: \.cake$ for manager cake DEBUG: Using file match: (^|/)Cargo.toml$ for manager cargo DEBUG: Using file match: (^|/).circleci/config.yml$ for manager circleci DEBUG: Using file match: (^|/)cloudbuild.ya?ml for manager cloudbuild DEBUG: Using file match: (^|/)Podfile$ for manager cocoapods DEBUG: Using file match: (^|/)([\w-]*)composer.json$ for manager composer DEBUG: Using file match: (^|/)deps\.edn$ for manager deps-edn DEBUG: Using file match: (^|/)docker-compose[^/]*\.ya?ml$ for manager docker-compose DEBUG: Using file match: (^|/|\.)Dockerfile$ for manager dockerfile DEBUG: Using file match: (^|/)Dockerfile\.[^/]*$ for manager dockerfile DEBUG: Using file match: (^|/).drone.yml$ for manager droneci DEBUG: Using file match: (^|/)flux-system/gotk-components\.yaml$ for manager flux DEBUG: Using file match: (^|/).gitmodules$ for manager git-submodules DEBUG: Using file match: (^workflow-templates|\.github\/workflows)\/[^/]+\.ya?ml$ for manager github-actions DEBUG: Using file match: (^|\/)action\.ya?ml$ for manager github-actions DEBUG: Using file match: \.gitlab-ci\.yml$ for manager gitlabci DEBUG: Using file match: \.gitlab-ci\.yml$ for manager gitlabci-include DEBUG: Using file match: (^|/)go.mod$ for manager gomod DEBUG: Using file match: \.gradle(\.kts)?$ for manager gradle DEBUG: Using file match: (^|\/)gradle\.properties$ for manager gradle DEBUG: Using file match: (^|\/)gradle\/.+\.toml$ for manager gradle DEBUG: Using file match: \.versions\.toml$ for manager gradle DEBUG: Using file match: (^|/)gradle/wrapper/gradle-wrapper.properties$ for manager gradle-wrapper DEBUG: Using file match: (^|/)requirements\.yaml$ for manager helm-requirements DEBUG: Using file match: (^|/)values.yaml$ for manager helm-values DEBUG: Using file match: (^|/)helmfile.yaml$ for manager helmfile DEBUG: Using file match: (^|/)Chart.yaml$ for manager helmv3 DEBUG: Using file match: ^Formula/[^/]+[.]rb$ for manager homebrew DEBUG: Using file match: \.html?$ for manager html DEBUG: Using file match: (^|/)plugins\.(txt|ya?ml)$ for manager jenkins DEBUG: Using file match: (^|/)jsonnetfile.json$ for manager jsonnet-bundler DEBUG: Using file match: (^|/)kustomization\.yaml for manager kustomize DEBUG: Using file match: (^|/)project\.clj$ for manager leiningen DEBUG: Using file match: (^|/|\.)pom\.xml$ for manager maven DEBUG: Using file match: ^(((\.mvn)|(\.m2))/)?settings\.xml$ for manager maven DEBUG: Using file match: (^|/)package.js$ for manager meteor DEBUG: Using file match: (^|/)mix\.exs$ for manager mix DEBUG: Using file match: (^|/).node-version$ for manager nodenv DEBUG: Using file match: (^|/)package.json$ for manager npm DEBUG: Using file match: \.(?:cs|fs|vb)proj$ for manager nuget DEBUG: Using file match: \.(?:props|targets)$ for manager nuget DEBUG: Using file match: (^|\/)dotnet-tools\.json$ for manager nuget DEBUG: Using file match: (^|\/)global\.json$ for manager nuget DEBUG: Using file match: (^|/)\.nvmrc$ for manager nvm DEBUG: Using file match: (^|/)([\w-]*)requirements\.(txt|pip)$ for manager pip_requirements DEBUG: Using file match: (^|/)setup.py$ for manager pip_setup DEBUG: Using file match: (^|/)Pipfile$ for manager pipenv DEBUG: Using file match: (^|/)pyproject\.toml$ for manager poetry DEBUG: Using file match: (^|/)\.pre-commit-config\.yaml$ for manager pre-commit DEBUG: Using file match: (^|/)pubspec\.ya?ml$ for manager pub DEBUG: Using file match: (^|/).python-version$ for manager pyenv DEBUG: Using file match: (^|/)\.ruby-version$ for manager ruby-version DEBUG: Using file match: \.sbt$ for manager sbt DEBUG: Using file match: project/[^/]*.scala$ for manager sbt DEBUG: Using file match: (^|/)setup\.cfg$ for manager setup-cfg DEBUG: Using file match: (^|/)Package\.swift for manager swift DEBUG: Using file match: \.tf$ for manager terraform DEBUG: Using file match: (^|/)\.terraform-version$ for manager terraform-version DEBUG: Using file match: (^|/)terragrunt\.hcl$ for manager terragrunt DEBUG: Using file match: (^|/)\.terragrunt-version$ for manager terragrunt-version DEBUG: Using file match: ^.travis.yml$ for manager travis DEBUG: Matched 1 file(s) for manager npm: package.json DEBUG: npm file package.json has name "repro-renovate-13977" DEBUG: Detecting pnpm Workspaces DEBUG: Detecting Lerna and Yarn Workspaces DEBUG: Finding locked versions DEBUG: Found package-lock.json for package.json DEBUG: Found npm package files DEBUG: Found 1 package file(s) INFO: Dependency extraction complete { "baseBranch": "master", "stats": { "managers": { "npm": { "fileCount": 1, "depCount": 1 } }, "total": { "fileCount": 1, "depCount": 1 } } } DEBUG: Package releases lookups complete { "baseBranch": "master" } DEBUG: branchifyUpgrades DEBUG: 1 flattened updates found: ansi-regex DEBUG: Returning 1 branch(es) DEBUG: config.repoIsOnboarded=true DEBUG: packageFiles with updates { "config": { "npm": [ { "packageFile": "package.json", "deps": [ { "depType": "devDependencies", "depName": "semantic-release", "currentValue": "19.0.2", "datasource": "npm", "prettyDepType": "devDependency", "lockedVersion": "19.0.2", "depIndex": 0, "updates": [], "warnings": [], "versioning": "npm", "sourceUrl": "https://github.com/semantic-release/semantic-release", "currentVersion": "19.0.2", "fixedVersion": "19.0.2" } ], "packageJsonName": "repro-renovate-13977", "packageFileVersion": "1.0.0", "packageJsonType": "library", "npmLock": "package-lock.json", "managerData": { "yarnZeroInstall": false }, "skipInstalls": true, "constraints": { "npm": "<7" }, "lockFiles": [ "package-lock.json" ] } ] } } DEBUG: processRepo() DEBUG: Processing 1 branch: renovate/npm-ansi-regex-vulnerability DEBUG: Calculating hourly PRs remaining DEBUG: Retrieving PR list DEBUG: Retrieved 0 Pull Requests DEBUG: currentHourStart=2022-02-04T11:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating prConcurrentLimit (10) DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open) DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed) DEBUG: 0 PRs are currently open DEBUG: PR concurrent limit remaining: 10 DEBUG: Calculated maximum PRs remaining this run { "prsRemaining": 2 } DEBUG: PullRequests limit = 2 DEBUG: Calculating hourly PRs remaining DEBUG: currentHourStart=2022-02-04T11:00:00.000+00:00 DEBUG: PR hourly limit remaining: 2 DEBUG: Calculating branchConcurrentLimit (10) DEBUG: 0 already existing branches found: DEBUG: Branch concurrent limit remaining: 10 DEBUG: Calculated maximum branches remaining this run { "branchesRemaining": 2 } DEBUG: Branches limit = 2 DEBUG: Setting current branch to master(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: latest commit(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "master", "latestCommitDate": "2022-02-04T11:46:17+00:00" } DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: branchExists=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: dependencyDashboardCheck=undefined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: recreateClosed is false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, Update dependency ansi-regex to 5.0.1 [SECURITY], !open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: prAlreadyExisted=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Checking schedule(, null)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No schedule defined(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Branch needs creating(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using reuseExistingBranch: false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: manager.getUpdatedPackageFiles() reuseExistinbranch=false(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: ansi-regex@3.0.0 -> 5.0.1 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of strip-ansi starting with 4.0.0 which supports >= ansi-regex@5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: ansi-regex needs strip-ansi@6.0.0 which uses constraint "^5.0.0" in order to update to 5.0.1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of ansi-regex to 5.0.1 can be achieved due to parent strip-ansi(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: strip-ansi@4.0.0 -> 6.0.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of string-width starting with 2.1.1 which supports >= strip-ansi@6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: strip-ansi needs string-width@4.2.0 which uses constraint "^6.0.0" in order to update to 6.0.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of strip-ansi to 6.0.0 can be achieved due to parent string-width(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: npm.updateLockedDependency: string-width@2.1.1 -> 4.2.0 [package-lock.json](branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Found matching dependencies with length 1(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Finding first version of wide-align starting with 1.1.5 which supports >= string-width@4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: string-width needs wide-align@1.1.5 which uses constraint "^1.0.2 || 2 || 3 || 4" in order to update to 4.2.0(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Update of string-width to 4.2.0 already achieved in parent wide-align@1.1.5(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Getting updated lock files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing package.json files(branch="renovate/npm-ansi-regex-vulnerability") { "packageFiles": [ "package.json" ] } DEBUG: Writing package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing any updated package files(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing lock file: package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No npmrc file found in repository(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Writing updated .npmrc file to /mnt/renovate/gh/stekern/repro-renovate-13977/.npmrc(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Generating package-lock.json for .(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Spawning npm install to create /mnt/renovate/gh/stekern/repro-renovate-13977/package-lock.json(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updating lock file only(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: No node constraint found - using latest(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Using docker to execute(branch="renovate/npm-ansi-regex-vulnerability") { "image": "node" } DEBUG: Resolved version(branch="renovate/npm-ansi-regex-vulnerability") { "toolName": "npm", "constraint": "<7", "resolvedVersion": "6.14.16" } DEBUG: No tag or tagConstraint specified(branch="renovate/npm-ansi-regex-vulnerability") { "image": "docker.io/renovate/node" } DEBUG: Docker image is already prefetched: docker.io/renovate/node(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Executing command(branch="renovate/npm-ansi-regex-vulnerability") { "command": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/stekern/repro-renovate-13977\":\"/mnt/renovate/gh/stekern/repro-renovate-13977\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/stekern/repro-renovate-13977\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"" } DEBUG: exec completed(branch="renovate/npm-ansi-regex-vulnerability") { "cmd": "docker run --rm --name=renovate_node --label=renovate_child -v \"/mnt/renovate/gh/stekern/repro-renovate-13977\":\"/mnt/renovate/gh/stekern/repro-renovate-13977\" -v \"/tmp/renovate-cache\":\"/tmp/renovate-cache\" -e NPM_CONFIG_CACHE -e npm_config_store -w \"/mnt/renovate/gh/stekern/repro-renovate-13977\" docker.io/renovate/node bash -l -c \"install-tool npm 6.14.16 && hash -d npm 2>/dev/null || true && npm install --package-lock-only --no-audit --ignore-scripts && npm install --package-lock-only --no-audit --ignore-scripts\"", "durationMs": 97853, "stdout": "Installing legacy tool npm v6.14.16\n/home/ubuntu/npm/6.14.16/bin/npm -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npm-cli.js\n/home/ubuntu/npm/6.14.16/bin/npx -> /home/ubuntu/npm/6.14.16/lib/node_modules/npm/bin/npx-cli.js\n+ npm@6.14.16\nadded 437 packages from 891 contributors in 57.49s\n+ node-gyp@8.4.1\nadded 61 packages from 20 contributors, updated 2 packages and audited 563 packages in 15.328s\n\n5 packages are looking for funding\n run `npm fund` for details\n\nfound 9 moderate severity vulnerabilities\n run `npm audit fix` to fix them, or `npm audit` for details\n6.14.16\nadded 529 packages in 6.703s\nadded 529 packages in 5.604s\n", "stderr": "npm notice created a lockfile as package-lock.json. You should commit this file.\nnpm WARN using --force I sure hope you know what you are doing.\nnpm WARN repro-renovate-13977@1.0.0 No repository field.\n\nnpm WARN repro-renovate-13977@1.0.0 No repository field.\n\n" } DEBUG: package-lock.json needs updating(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Updated 1 lock files(branch="renovate/npm-ansi-regex-vulnerability") { "updatedArtifacts": [ "package-lock.json" ] } DEBUG: 1 file(s) to commit(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Preparing files for commiting to branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Setting git author name(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorName": "Renovate Bot" } DEBUG: Setting git author email(branch="renovate/npm-ansi-regex-vulnerability") { "gitAuthorEmail": "bot@renovateapp.com" } DEBUG: git commit(branch="renovate/npm-ansi-regex-vulnerability") { "deletedFiles": [], "ignoredFiles": [], "result": { "author": null, "branch": "renovate/npm-ansi-regex-vulnerability", "commit": "194c08f", "root": false, "summary": { "changes": 1, "insertions": 8, "deletions": 6 } } } DEBUG: Pushing branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: git push(branch="renovate/npm-ansi-regex-vulnerability") { "result": { "pushed": [ { "deleted": false, "tag": false, "branch": true, "new": true, "alreadyUpdated": false, "local": "refs/heads/renovate/npm-ansi-regex-vulnerability", "remote": "refs/heads/renovate/npm-ansi-regex-vulnerability" } ], "branch": { "local": "renovate/npm-ansi-regex-vulnerability", "remote": "renovate/npm-ansi-regex-vulnerability", "remoteName": "origin" }, "ref": { "local": "refs/remotes/origin/renovate/npm-ansi-regex-vulnerability" }, "remoteMessages": { "all": [ "Create a pull request for 'renovate/npm-ansi-regex-vulnerability' on GitHub by visiting:", "https://github.com/stekern/repro-renovate-13977/pull/new/renovate/npm-ansi-regex-vulnerability" ], "pullRequestUrl": "https://github.com/stekern/repro-renovate-13977/pull/new/renovate/npm-ansi-regex-vulnerability" } } } DEBUG: Fetching branch renovate/npm-ansi-regex-vulnerability(branch="renovate/npm-ansi-regex-vulnerability") INFO: Branch created(branch="renovate/npm-ansi-regex-vulnerability") { "commitSha": "194c08fe2985f94450c241e092e2df6811c8653b" } DEBUG: Checking if we can automerge branch(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: getBranchPr(renovate/npm-ansi-regex-vulnerability)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, open)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: findPr(renovate/npm-ansi-regex-vulnerability, undefined, closed)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: resolveBranchStatus(branchName=renovate/npm-ansi-regex-vulnerability, ignoreTests=true)(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Ignore tests. Return green(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Automerging branch(branch="renovate/npm-ansi-regex-vulnerability") INFO: Branch automerged(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: mergeStatus=automerged(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Deleted remote branch(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "renovate/npm-ansi-regex-vulnerability" } DEBUG: Deleted local branch(branch="renovate/npm-ansi-regex-vulnerability") { "branchName": "renovate/npm-ansi-regex-vulnerability" } DEBUG: Branch is automerged - returning(branch="renovate/npm-ansi-regex-vulnerability") DEBUG: Automerged but already retried once DEBUG: Removing any stale branches DEBUG: config.repoIsOnboarded=true DEBUG: No renovate branches found DEBUG: Repository timing splits (milliseconds) { "splits": { "init": 2364, "extract": 3152, "lookup": 435, "update": 102923 }, "total": 108898 } DEBUG: http statistics { "urls": { "https://api.github.com/graphql (POST)": 3, "https://api.github.com/repos/stekern/repro-renovate-13977/contents/renovate.json (GET)": 1, "https://api.github.com/repos/stekern/repro-renovate-13977/issues/1 (GET)": 1, "https://api.github.com/repos/stekern/repro-renovate-13977/pulls (GET)": 1, "https://api.github.com/repos/whitesource/merge-confidence/contents/beta.json (GET)": 1 }, "hostStats": { "api.github.com": { "requestCount": 7, "requestAvgMs": 184, "queueAvgMs": 0 } }, "totalRequests": 7 } INFO: Repository finished { "durationMs": 108898 } ```

[rarkins]

FYI the problem is essentially because the npm package itself "bundles" its dependencies, which is a really weird way to handle dependencies, and it's fooling our remediation. Our remediation makes a change but then running npm install puts the vulnerable package back in. The reason why it's such a problem for you is because of the combination of ignoreTests and automerge.

[viceice]

We should probably stop sending any remediation for npm children, as they always embed ?

[rarkins]

I'm planning to abort any time we find that the locked dependency we need to update is part of a bundle

[stekern]

ignoreTests was only enabled because I wanted to enable automerge in a repository without any checks. The issue still occurs in other repositories where we have checks that Renovate needs to wait for (i.e., where ignoreTests is disabled).

Is this a bug that should be handled by Renovate, or is it something that end-users should handle themselves in their configuration?

This is the first time I've had issue with the automerge feature. It's a really valuable feature, and it would be a shame if the only way to mitigate the issue is to disable it. As a hotfix, we could close the Dependabot alert on our side to avoid this specific issue, but I assume it can crop up again when another vulnerability appears.

[rarkins]

I'm hoping to handle this ASAP, or at least be able to tell you if a hotfix is unlikely quickly. If you'd like, I can turn off transitive remediation for your org while you wait? I think it's only turned on by default for public repos right now

[stekern]

We've determined that the CVE in question is not relevant for the affected repositories and have closed the Dependabot alert. Renovate hasn't made any similar commits after that, so we should be fine until a permanent fix is in place unless you believe there's a high probability the bug may appear in the next couple of days... (there would need to be a new Dependabot alert where npm is involved for this to happen again, no?)

Won't be necessary to make any temporary, organization-specific changes on your end, but thanks for the offer. We're using an org-wide config, so we'd effectively be able to globally disable it ourselves.

[rarkins]

Sounds resolved for now but I'm aiming for a fix too

[renovate-release]

:tada: This issue has been resolved in version 31.67.1 :tada:

The release is available on:

• GitHub release
• 31.67.1

Your semantic-release bot :package::rocket: