renovate[bot]
commented
1 year ago β Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
β» Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: yarn.lock
installing v2 tool yarn-slim v1.22.19
ERROR: npm v9.5.1 is known not to run on Node.js v10.20.1. You'll need to upgrade
to a newer Node.js version in order to use this version of npm. This version of
npm supports the following node versions: `^14.17.0 || ^16.13.0 || >=18.0.0`. You
can find the latest version at https://nodejs.org/.
ERROR:
/opt/buildpack/tools/node/18.16.0/lib/node_modules/npm/lib/utils/exit-handler.js:21
const hasLoadedNpm = npm?.config.loaded
^
SyntaxError: Unexpected token .
at Module._compile (internal/modules/cjs/loader.js:723:23)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Module.require (internal/modules/cjs/loader.js:692:17)
at require (internal/modules/cjs/helpers.js:25:18)
at module.exports (/opt/buildpack/tools/node/18.16.0/lib/node_modules/npm/lib/cli.js:81:23)
at Object.<anonymous> (/opt/buildpack/tools/node/18.16.0/lib/node_modules/npm/bin/npm-cli.js:2:25)
at Module._compile (internal/modules/cjs/loader.js:778:30)
This PR contains the following updates:
3.0.5->3.1.5GitHub Vulnerability Alerts
CVE-2022-1365
When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to thirdparty. Ex: you try to fetch example.com with cookie and if it get redirect url to attacker.com then it fetch that redirect url with provided cookie .
Release Notes
lquixada/cross-fetch (cross-fetch)
### [`v3.1.5`](https://togithub.com/lquixada/cross-fetch/releases/tag/v3.1.5) [Compare Source](https://togithub.com/lquixada/cross-fetch/compare/v3.1.4...v3.1.5) #### What's Changed - chore: updated node-fetch version to 2.6.7 by [@dlafreniere](https://togithub.com/dlafreniere) in [https://github.com/lquixada/cross-fetch/pull/124](https://togithub.com/lquixada/cross-fetch/pull/124) #### New Contributors - [@dlafreniere](https://togithub.com/dlafreniere) made their first contribution in [https://github.com/lquixada/cross-fetch/pull/124](https://togithub.com/lquixada/cross-fetch/pull/124) **Full Changelog**: https://github.com/lquixada/cross-fetch/compare/v3.1.4...v3.1.5 ### [`v3.1.4`](https://togithub.com/lquixada/cross-fetch/releases/tag/v3.1.4) [Compare Source](https://togithub.com/lquixada/cross-fetch/compare/v3.1.3...v3.1.4) π fixed typescript errors. ### [`v3.1.3`](https://togithub.com/lquixada/cross-fetch/releases/tag/v3.1.3) [Compare Source](https://togithub.com/lquixada/cross-fetch/compare/v3.1.2...v3.1.3) π fixed typescript compilation error causing [#95](https://togithub.com/lquixada/cross-fetch/issues/95), [#101](https://togithub.com/lquixada/cross-fetch/issues/101), [#102](https://togithub.com/lquixada/cross-fetch/issues/102). ### [`v3.1.2`](https://togithub.com/lquixada/cross-fetch/releases/tag/v3.1.2) [Compare Source](https://togithub.com/lquixada/cross-fetch/compare/v3.1.1...v3.1.2) π added missing Headers interface augmentation from lib.dom.iterable.d.ts ([#97](https://togithub.com/lquixada/cross-fetch/issues/97)) ### [`v3.1.1`](https://togithub.com/lquixada/cross-fetch/releases/tag/v3.1.1) [Compare Source](https://togithub.com/lquixada/cross-fetch/compare/v3.1.0...v3.1.1) π fixed missing fetch api types from constructor signatures [#96](https://togithub.com/lquixada/cross-fetch/issues/96) (thanks [@jstewmon](https://togithub.com/jstewmon)) ### [`v3.1.0`](https://togithub.com/lquixada/cross-fetch/releases/tag/v3.1.0) [Compare Source](https://togithub.com/lquixada/cross-fetch/compare/v3.0.6...v3.1.0) β‘οΈ improved TypeScript support with own fetch API type definitions (thanks [@jstewmon](https://togithub.com/jstewmon)) β‘οΈ set `fetch.ponyfill` to `true` when custom ponyfill implementation is used. π‘ set the same fetch API test suite to run against `node-fetch`, `whatwg-fetch` and native fetch. ### [`v3.0.6`](https://togithub.com/lquixada/cross-fetch/releases/tag/v3.0.6) [Compare Source](https://togithub.com/lquixada/cross-fetch/compare/v3.0.5...v3.0.6) β‘οΈ updated node-fetch to 2.6.1Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.