search

ti-community-infra / tichi

TiChi ☯️ contains the tidb community collaboration automation basic framework and tool set.
https://prow.tidb.net
Apache License 2.0
45 stars 27 forks source link

chore(deps): update dependency shell-quote to 1.7.3 [security] - autoclosed #1064

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change
shell-quote 1.7.2 -> 1.7.3

GitHub Vulnerability Alerts

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.

Configuration

πŸ“… Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 1 year ago

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

β™» Renovate will retry this branch, including artifacts, only when one of the following happens:

The artifact failure details are included below:

File name: web/package-lock.json
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: @next/swc-win32-ia32-msvc@12.0.2 (node_modules/next/node_modules/@next/swc-win32-ia32-msvc):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for @next/swc-win32-ia32-msvc@12.0.2: wanted {"os":"win32","arch":"ia32"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: @next/swc-win32-arm64-msvc@12.0.2 (node_modules/next/node_modules/@next/swc-win32-arm64-msvc):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for @next/swc-win32-arm64-msvc@12.0.2: wanted {"os":"win32","arch":"arm64"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: @next/swc-linux-arm64-gnu@12.0.2 (node_modules/next/node_modules/@next/swc-linux-arm64-gnu):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for @next/swc-linux-arm64-gnu@12.0.2: wanted {"os":"linux","arch":"arm64"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: @next/swc-linux-arm64-musl@12.0.2 (node_modules/next/node_modules/@next/swc-linux-arm64-musl):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for @next/swc-linux-arm64-musl@12.0.2: wanted {"os":"linux","arch":"arm64"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: @next/swc-linux-arm-gnueabihf@12.0.2 (node_modules/next/node_modules/@next/swc-linux-arm-gnueabihf):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for @next/swc-linux-arm-gnueabihf@12.0.2: wanted {"os":"linux","arch":"arm"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: @next/swc-android-arm64@12.0.2 (node_modules/next/node_modules/@next/swc-android-arm64):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for @next/swc-android-arm64@12.0.2: wanted {"os":"android","arch":"arm64"} (current: {"os":"linux","arch":"x64"})

npm ERR! code EBADPLATFORM
npm ERR! notsup Unsupported platform for @next/swc-win32-x64-msvc@12.0.2: wanted {"os":"win32","arch":"x64"} (current: {"os":"linux","arch":"x64"})
npm ERR! notsup Valid OS:    win32
npm ERR! notsup Valid Arch:  x64
npm ERR! notsup Actual OS:   linux
npm ERR! notsup Actual Arch: x64

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2022-11-09T17_36_13_064Z-debug.log
ti-chi-bot commented 1 year ago

[REVIEW NOTIFICATION]

This pull request has been approved by:

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment. After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review. Reviewer can cancel approval by submitting a request changes review.
ti-chi-bot commented 1 year ago

Hi @renovate[bot]. Thanks for your PR.

I'm waiting for a ti-community-infra member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
github-actions[bot] commented 1 year ago

🎊 PR Preview ce9d3fdd927e6a5f46cd534936e639a6a8bc2c5d has been successfully built and deployed to https://ti-community-infra-tichi-preview-pr-1064.surge.sh

:clock1: Build time: 0.009s

πŸ€– By surge-preview

codecov[bot] commented 1 year ago

Codecov Report

Merging #1064 (ce9d3fd) into master (de179ee) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #1064   +/-   ##
=======================================
  Coverage   80.51%   80.51%           
=======================================
  Files          21       21           
  Lines        3321     3321           
=======================================
  Hits         2674     2674           
  Misses        418      418           
  Partials      229      229

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

ti-chi-bot commented 1 year ago

@renovate[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-tichi-web-node12-lint ce9d3fdd927e6a5f46cd534936e639a6a8bc2c5d link true /test pull-tichi-web-node12-lint
pull-tichi-web-node10-lint ce9d3fdd927e6a5f46cd534936e639a6a8bc2c5d link true /test pull-tichi-web-node10-lint
pull-tichi-web-node14-lint ce9d3fdd927e6a5f46cd534936e639a6a8bc2c5d link true /test pull-tichi-web-node14-lint

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
ti-chi-bot commented 1 year ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close. Send feedback to sig-community-infra or wuhuizuo. /lifecycle stale