Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency semver to v7.5.2 [security] #712

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency semver to v7.5.2 [security] #712

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 30, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
semver 7.3.8 -> 7.5.2 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-25883

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Release Notes

npm/node-semver (semver)

v7.5.2

Compare Source

Bug Fixes

v7.5.1

Compare Source

Bug Fixes

v7.5.0

Compare Source

Features
Bug Fixes

v7.4.0

Compare Source

Features
Bug Fixes
Documentation

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the automerge label Jun 30, 2023
@renovate
Copy link
Contributor Author

renovate bot commented Jun 30, 2023
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock
/usr/local/bin/docker: line 4: .: filename argument required
.: usage: . filename [arguments]

@renovate renovate bot changed the title chore(deps): update dependency semver to v7.5.2 [security] chore(deps): update dependency semver to v7.5.2 [security] - autoclosed Jul 10, 2023
@renovate renovate bot closed this Jul 10, 2023
@renovate renovate bot deleted the renovate/npm-semver-vulnerability branch July 10, 2023 22:07
@renovate renovate bot changed the title chore(deps): update dependency semver to v7.5.2 [security] - autoclosed chore(deps): update dependency semver to v7.5.2 [security] Jul 14, 2023
@renovate renovate bot reopened this Jul 14, 2023
@renovate renovate bot restored the renovate/npm-semver-vulnerability branch July 14, 2023 01:49
@renovate renovate bot force-pushed the renovate/npm-semver-vulnerability branch from 9f87df3 to 2c7ae84 Compare July 14, 2023 01:50
@renovate renovate bot changed the title chore(deps): update dependency semver to v7.5.2 [security] chore(deps): update dependency semver to v7.5.2 [security] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot deleted the renovate/npm-semver-vulnerability branch December 8, 2024 18:42
@renovate renovate bot changed the title chore(deps): update dependency semver to v7.5.2 [security] - autoclosed chore(deps): update dependency semver to v7.5.2 [security] Dec 8, 2024
@renovate renovate bot reopened this Dec 8, 2024
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Dec 8, 2024

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock
➤ YN0000: ┌ Resolution step
➤ YN0002: │ @morrisoncole/jisho-anki@workspace:. doesn't provide @babel/plugin-syntax-flow (p60839), requested by eslint-plugin-flowtype
➤ YN0002: │ @morrisoncole/jisho-anki@workspace:. doesn't provide @babel/plugin-transform-react-jsx (p4f816), requested by eslint-plugin-flowtype
➤ YN0002: │ @morrisoncole/jisho-anki@workspace:. doesn't provide @popperjs/core (p4e8ab), requested by bootstrap
➤ YN0060: │ @morrisoncole/jisho-anki@workspace:. provides @typescript-eslint/eslint-plugin (p887dc) with version 5.41.0, which doesn't satisfy what eslint-config-react-app requests
➤ YN0060: │ @morrisoncole/jisho-anki@workspace:. provides @typescript-eslint/parser (p0fa80) with version 5.0.0, which doesn't satisfy what eslint-config-react-app requests
➤ YN0060: │ @morrisoncole/jisho-anki@workspace:. provides eslint (p2cf27) with version 8.26.0, which doesn't satisfy what eslint-config-react-app requests
➤ YN0060: │ @morrisoncole/jisho-anki@workspace:. provides eslint (p295dd) with version 8.26.0, which doesn't satisfy what eslint-loader requests
➤ YN0060: │ @morrisoncole/jisho-anki@workspace:. provides eslint (p13ec7) with version 8.26.0, which doesn't satisfy what eslint-plugin-react requests
➤ YN0060: │ @morrisoncole/jisho-anki@workspace:. provides eslint-plugin-flowtype (pedd1f) with version 8.0.3, which doesn't satisfy what eslint-config-react-app requests
➤ YN0060: │ @morrisoncole/jisho-anki@workspace:. provides postcss (pfbd65) with version 8.3.6, which doesn't satisfy what postcss-preset-env and some of its descendants request
➤ YN0060: │ @morrisoncole/jisho-anki@workspace:. provides react (pc21a0) with version 18.2.0, which doesn't satisfy what react-dom requests
➤ YN0060: │ @morrisoncole/jisho-anki@workspace:. provides react (p611b5) with version 18.2.0, which doesn't satisfy what reactstrap and some of its descendants request
➤ YN0060: │ @morrisoncole/jisho-anki@workspace:. provides webpack (pae072) with version 5.74.0, which doesn't satisfy what optimize-css-assets-webpack-plugin requests
➤ YN0002: │ react-dev-utils@npm:11.0.4 doesn't provide typescript (p79ddf), requested by fork-ts-checker-webpack-plugin
➤ YN0002: │ react-dev-utils@npm:11.0.4 doesn't provide webpack (p2af19), requested by fork-ts-checker-webpack-plugin
➤ YN0000: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code
➤ YN0000: └ Completed in 0s 906ms
➤ YN0000: ┌ Fetch step
➤ YN0001: │ Error [ERR_STREAM_PREMATURE_CLOSE]: Premature close
    at PassThrough.onclose (node:internal/streams/end-of-stream:153:30)
    at PassThrough.emit (node:events:524:28)
    at emitCloseNT (node:internal/streams/destroy:148:10)
    at process.processTicksAndRejections (node:internal/process/task_queues:89:21)
➤ YN0013: │ 1607 packages were already cached, one had to be fetched (semver@npm:7.5.2)
➤ YN0000: └ Completed in 1s 152ms
➤ YN0000: Failed with errors in 2s 61ms

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
automerge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants