Skip to content

chore(deps): update dependency ansi-regex to 4.1.1 [security] #20807

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 30, 2022
Merged

chore(deps): update dependency ansi-regex to 4.1.1 [security] #20807

merged 3 commits into from
Mar 30, 2022

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 28, 2022
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change
ansi-regex 4.1.0 -> 4.1.1

GitHub Vulnerability Alerts

CVE-2021-3807

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Configuration

📅 Schedule: "" in timezone America/New_York.

🚦 Automerge: Disabled due to failing status checks.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot requested review from a team as code owners March 28, 2022 17:41
@renovate renovate bot added renovate Triggered by renovatebot type: dependencies labels Mar 28, 2022
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Mar 28, 2022

See the guidelines for reviewing dependency updates for info on how to review dependency update PRs.

@renovate renovate bot requested review from jennifer-shehane and removed request for a team March 28, 2022 17:41
@renovate
Copy link
Contributor Author

renovate bot commented Mar 28, 2022
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: system-tests/projects/vite-ct/package-lock.json
npm notice 
npm notice New patch version of npm available! 8.5.0 -> 8.5.5
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.5.5>
npm notice Run `npm install -g npm@8.5.5` to update!
npm notice 
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated fs-access@2.0.0: This package is no longer relevant as Node.js 0.12 is unmaintained.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm ERR! code ENOLOCAL
npm ERR! Could not install from "../../../cli/build" as it does not contain a package.json file.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2022-03-29T21_51_43_182Z-debug.log

jennifer-shehane
jennifer-shehane previously approved these changes Mar 28, 2022
View reviewed changes
Copy link
Member

@jennifer-shehane jennifer-shehane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just security fix. Should be good.

@cypress
Copy link

cypress bot commented Mar 28, 2022
edited
Loading


Test summary

19343 0 218 0Flakiness 0

Run details
Project cypress
Status Passed
Commit 491a567
Started Mar 29, 2022 11:57 PM
Ended Mar 30, 2022 12:09 AM
Duration 11:35 💡
OS Linux Debian - 10.10
Browser Multiple

View run in Cypress Dashboard ➡️

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

@renovate renovate bot force-pushed the renovate/npm-ansi-regex-vulnerability branch from 278d50c to 763df73 Compare March 28, 2022 20:53
@lmiller1990
Copy link
Contributor

lmiller1990 commented Mar 29, 2022

I've not seen a PR that only touches the lockfile. Is this normal @jennifer-shehane?

I can pull it down and re-run the npm command to get the latest lockfile, which should fix CI. Although it still seems weird that a bot would modify the lockfile, instead of the actual package.json.

@renovate renovate bot force-pushed the renovate/npm-ansi-regex-vulnerability branch from 763df73 to 43e1bfd Compare March 29, 2022 10:16
@jennifer-shehane
Copy link
Member

jennifer-shehane commented Mar 29, 2022

@lmiller1990 ansi-regex isn't a direct dependency in that package-lock. Seems like they're locking the dep's dep. It is a slightly unusual way to do it.

@renovate renovate bot force-pushed the renovate/npm-ansi-regex-vulnerability branch from 43e1bfd to 6cd1ee3 Compare March 29, 2022 13:50
@renovate renovate bot force-pushed the renovate/npm-ansi-regex-vulnerability branch from 6cd1ee3 to 6f9b766 Compare March 29, 2022 21:51
@CLAassistant
Copy link

CLAassistant commented Mar 29, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@lmiller1990 lmiller1990 force-pushed the renovate/npm-ansi-regex-vulnerability branch from ccbe1d6 to fe067cc Compare March 29, 2022 23:44
@lmiller1990
Copy link
Contributor

lmiller1990 commented Mar 30, 2022

Fixed it, I just added the rep to the package.json instead. This seems much better.

@lmiller1990 lmiller1990 merged commit 93f421c into develop Mar 30, 2022
@lmiller1990 lmiller1990 deleted the renovate/npm-ansi-regex-vulnerability branch March 30, 2022 00:18
tgriesser added a commit that referenced this pull request Apr 1, 2022
@tgriesser
Merge branch '10.0-release' into tgriesser/feat/UNIFY-1267
7fd7a6a 
* 10.0-release:
  fix: add index.mjs to the published files of cli (#20884)
  refactor: lift indexHtmlFile up to component, add validation (#20870)
  fix: allow migration of pluginsFile using `env` properties (#20770)
  fix: viewport from CLI on CT (#20849)
  fix: git data source unit test failure (#20875)
  fix: Ensuring current browser is synchronized between app and launchpad (#20830)
  Fix missed await on merge conflict resolution
  test(unification): move record keys to contexts (#20860)
  test: move record keys to contexts (#20859)
  make alerts more responsive
  chore: Update Chrome (stable) to 100.0.4896.60 (#20841)
  Revise test.
  fix: cy.root respect timeout option.
  fix(deps): update dependency ansi-regex to v4.1.1 [security] (#20836)
  chore(deps): update dependency ansi-regex to 4.1.1 [security] (#20807)
  chore: Refactor cri-client to use async/await (#20825)
  remove automationId from runnerStore
  fix firefox automation and adress feedback
  feat: add automation warning/disconnected states in app
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Apr 11, 2022

Released in 9.5.4.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v9.5.4, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Apr 11, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jennifer-shehane jennifer-shehane jennifer-shehane left review comments

+1 more reviewer

@lmiller1990 lmiller1990 lmiller1990 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

renovate Triggered by renovatebot type: dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@lmiller1990 @jennifer-shehane @CLAassistant @renovate-bot