chore(deps): update dependency renovate to v23 [security]- autoclosed #34

renovate · 2020-09-14T17:10:03Z

This PR contains the following updates:

Package	Type	Update	Change
renovate (source)	devDependencies	major	`19.239.11` -> `23.25.1`

GitHub Vulnerability Alerts

GHSA-36rh-ggpr-j3gj

Impact

Applies to Azure DevOps users only. The bot's token may be exposed in server or pipeline logs due to the http.extraheader=AUTHORIZATION parameter being logged without redaction. It is recommended that Azure DevOps users revoke their existing bot credentials and generate new ones after upgrading if there's a potential that logs have been saved to a location that others can view.

Patches

Fixed in 23.25.1

Workarounds

Do not share Renovate logs with anyone who cannot be trusted with access to the token.

For more information

If you have any questions or comments about this advisory:

Email us at security@renovatebot.com

Release Notes

renovatebot/renovate

`v23.25.1`

Compare Source

23.25.1 (2020-09-12)

Bug Fixes

azure: add auth value to sanitized strings (6c9c4ac)

Miscellaneous Chores

datasource/crate: Extract getIndexSuffix() function and add tests (#7263) (7ab9b6b)

`v23.25.0`

Compare Source

Features

datasource/crate: Assign dependencyUrl property (#7261) (1ed10fb)
pr/body: Fall back to dependencyUrl property (#7262) (171b65e)

Miscellaneous Chores

datasource/metadata: Move massageGithub|GitLabUrl() functions out of addMetaData() (#7264) (9c4203c)

`v23.24.0`

Compare Source

Features

Add ember-template-lint to packages:linters preset (#7259) (e872011)

`v23.23.0`

Compare Source

Features

Add [@embroider](https://togithub.com/embroider) monorepo (#7256) (b0cfbba)
Add ember-exam|qunit|mocha to packages:jsUnitTest preset (#7260) (c474d71)
Add group:glimmer (#7257) (02936d4)

`v23.22.3`

Compare Source

23.22.3 (2020-09-12)

Bug Fixes

Fix semanticCommits migration code (#7258) (2663dc5)

`v23.22.2`

Compare Source

23.22.2 (2020-09-12)

Bug Fixes

treat config validation errors as enabled (#7255) (facf46c)

`v23.22.1`

Compare Source

23.22.1 (2020-09-11)

Bug Fixes

dependency-dashboard: Force checked PRs creation (#7253) (ec21549)

`v23.22.0`

Compare Source

Features

gradle: Add more variable patterns for Kotlin files (#7250) (1f4bda7)

`v23.21.4`

Compare Source

23.21.4 (2020-09-11)

Bug Fixes

config: Migrate semantic commit option to enum type (#7170) (243728f)

`v23.21.3`

Compare Source

23.21.3 (2020-09-11)

Bug Fixes

Revert "fix(config): Migrate semantic commit option to enum type (#7170)" (d1d7901)

`v23.21.2`

Compare Source

23.21.2 (2020-09-11)

Bug Fixes

config: Migrate semantic commit option to enum type (#7170) (d2a5b71)

`v23.21.1`

Compare Source

23.21.1 (2020-09-11)

Bug Fixes

git: clone default branch to depth 10 (#7249) (42e223d)

`v23.21.0`

Compare Source

Features

preset: add reg-suit monorepo (#7248) (487753a)

`v23.20.7`

Compare Source

23.20.7 (2020-09-10)

Bug Fixes

sanitize github vulnerability alert bodies (#7246) (b7ac19d)

Miscellaneous Chores

deps: update dependency husky to v4.3.0 (#7242) (95c0a78)

`v23.20.6`

Compare Source

23.20.6 (2020-09-10)

Bug Fixes

git: fetch long sha for branchCommits (#7240) (5ba2704)

`v23.20.5`

Compare Source

23.20.5 (2020-09-10)

Bug Fixes

npm: fix lockfileUpdate commands for Yarn 2 (#7230) (fd1b046)
utils: change default maxBuffer limit to 10MB (#7209) (5475f42)

`v23.20.4`

Compare Source

23.20.4 (2020-09-09)

Bug Fixes

gitea: Return only PRs created by Renovate (#7229) (79596e4)

Miscellaneous Chores

restore windows tests (#7228) (aa2d375)

Code Refactoring

platform: Introduce optional getJsonFile function (#7174) (6ac3797)
handle undefined platformOptions (#7227) (9896f5e)

`v23.20.3`

Compare Source

23.20.3 (2020-09-09)

Bug Fixes

npm: lockfileUpdate for Yarn 2 (#7222) (df2b2b3)
npm: set CI=true in Yarn generateLockFile (#7223) (fcd9bdc)

Miscellaneous Chores

fix tests (6a98ab1)
deps: update dependency @types/node to v12.12.56 (#7226) (19689b8)

`v23.20.2`

Compare Source

23.20.2 (2020-09-09)

Bug Fixes

npm: correct Yarn lockedVersion for scoped package (#7219) (c65d400)

Miscellaneous Chores

drop windows test (#7225) (2de2378)
deps: update mcr.microsoft.com/vscode/devcontainers/typescript-node docker tag to v0.140.1 (#7215) (6e572d3)

`v23.20.1`

Compare Source

23.20.1 (2020-09-09)

Bug Fixes

azure: Fix "branchName" field for azure-helper.ts (#7211) (cb24014)
npm: yarnDedupeHighest for Yarn 2 (#7200) (fbd0fdd)
changelog: Fix files.length conditions (#7210) (c0026ff)

Miscellaneous Chores

deps: lock file maintenance (#7224) (d16895b)

`v23.20.0`

Compare Source

Features

add docker image prefix (#7164) (0503ad7)

Documentation

fix wrong config sample (#7208) (2081ea4)

Miscellaneous Chores

deps: update dependency typescript to v4 (#7092) (2d2e95c)

`v23.19.4`

Compare Source

23.19.4 (2020-09-08)

Bug Fixes

helm-values: update digest if available (#7202) (6fefb26)

`v23.19.3`

Compare Source

23.19.3 (2020-09-08)

Bug Fixes

npm: more granular Yarn 2 version detection (#7204) (605346f)
preset: add istanbuljs monorepo (#7201) (efafeea)

`v23.19.2`

Compare Source

23.19.2 (2020-09-07)

Build System

deps: update dependency aws-sdk to v2.747.0 (#7203) (9573c15)

`v23.19.1`

Compare Source

23.19.1 (2020-09-07)

Bug Fixes

pr: move ADO and BB pr config to repo configuration (#7176) (f3a3db4), closes #7150

Miscellaneous Chores

deps: update linters (major) (#7185) (907b2b0)

`v23.19.0`

Compare Source

Features

add privateKeyPath to support reading PK from file (#7158) (ee5e0ad)
logger: serialize got request error (#7181) (462351f)

Bug Fixes

don't try to install yarn 2 from npm (#7183) (ef3a79b)
dry-run: don't check non existing branch in dry-run (#7171) (5f28442)

`v23.18.2`

Compare Source

23.18.2 (2020-09-07)

Bug Fixes

nuget: Parse nested Version XML elements (#7190) (ab84285)

Miscellaneous Chores

deps: update babel monorepo (#7195) (73a6e23)
deps: update dependency @types/jest to v26.0.13 (#7193) (d858e64)
deps: update dependency @types/node to v12.12.55 (#7194) (d5604ee)

`v23.18.1`

Compare Source

23.18.1 (2020-09-05)

Miscellaneous Chores

deps: update mcr.microsoft.com/vscode/devcontainers/typescript-node docker tag to v0.139.1 (#7178) (544a928)
deps: update mcr.microsoft.com/vscode/devcontainers/typescript-node docker tag to v0.140.0 (#7186) (ca73ba2)

Build System

deps: update dependency eslint to v7.8.1 (#7189) (65017d8)
deps: update dependency got to v11.6.0 (#7192) (07fbceb)

`v23.18.0`

Compare Source

Features

preset: add fullcalendar monorepo (#7182) (b21530b)

Code Refactoring

log setBranchStatus url if failing (73f11c0)

`v23.17.1`

Compare Source

23.17.1 (2020-09-03)

Build System

deps: update dependency @yarnpkg/core to v2.2.2 (#7175) (a76f3e8)

`v23.17.0`

Compare Source

Features

preset: add lrnwebcomponents monorepo (#7172) (63b487a)

`v23.16.4`

Compare Source

23.16.4 (2020-09-03)

Bug Fixes

nuget: Fix cache key and URL construction (#7169) (d2ec7cc)

`v23.16.3`

Compare Source

23.16.3 (2020-09-02)

Bug Fixes

git: wrong config argument passing (#7166) (63cc26e)

`v23.16.2`

Compare Source

23.16.2 (2020-09-02)

Bug Fixes

azure: use repo remoteUrl if available (#7165) (83e5406)

`v23.16.1`

Compare Source

23.16.1 (2020-09-02)

Bug Fixes

github: massage url and message in errors (#7160) (1d83cbb)

Code Refactoring

better init config names (5393126)
drop defaultBranchSha from platform/github (6a0fade)
remove defaultBranchSha from repo init (bb70826)
remove unused branchList in updateRepo (2c9b1de)
simplify baseBranchSha, reduce checkouts (#7159) (1627db8)

`v23.16.0`

Compare Source

Features

npm: Update Yarn install arguments (#7156) (6fb3643)

Bug Fixes

changelog: harden check for fromVersion and toVersion (4a0605a)

Tests

remove noisy snapshot (2d344b1)

`v23.15.0`

Compare Source

Features

config: templated branchPrefix migration (ed1f650)
additionalBranchPrefix (7651d2e)

Code Refactoring

limits: Concise implementation for workers/global/limits.ts (#7140) (831c453)

`v23.14.5`

Compare Source

23.14.5 (2020-09-01)

Bug Fixes

revert config cache (cda4e7c)

`v23.14.4`

Compare Source

23.14.4 (2020-09-01)

Bug Fixes

gitlab: Restore auth for versions older than 12.2 (#7155) (a2b2671)

Code Refactoring

detectSemanticCommits (#7151) (c75d2c6)

Miscellaneous Chores

deps: update mcr.microsoft.com/vscode/devcontainers/typescript-node docker tag to v0.138.0 (#7152) (228839d)

`v23.14.3`

Compare Source

23.14.3 (2020-09-01)

Bug Fixes

azure: pass extra clone options when fetching branch commits (#7149) (6d24e9d), closes #7148

`v23.14.2`

Compare Source

23.14.2 (2020-09-01)

Bug Fixes

azure: repository is empty if no defaultBranch (1aa5ffc)

Code Refactoring

initRepo cache (#7146) (4b2eaf5)

Tests

refactor init tests (1ddbce2)

Miscellaneous Chores

fix lint (540d47b)
move cache type to init/common (92c5f2a)
remove unused defaultBranch cache (750cd30)
rename RepoConfig -> RepoFileConfig (8a286a4)
type -> interface (0bd7d27)

`v23.14.1`

Compare Source

23.14.1 (2020-08-31)

Bug Fixes

git: add dashes after git log (#7144) (b7f215b)

Code Refactoring

workers: Enum type for ProcessBranchResult (#7132) (bffebcc)

Build System

deps: update dependency @yarnpkg/parsers to v2.2.0 (#7145) (2b6abfc)

`v23.14.0`

Compare Source

Features

gitlab: Allow using an OAuth2 token for authentication (#7131) (499c838)

`v23.13.3`

Compare Source

23.13.3 (2020-08-31)

Bug Fixes

circleci: leading dash is optional (#7143) (addfd4e)

`v23.13.2`

Compare Source

23.13.2 (2020-08-31)

Bug Fixes

eslint: Restrict the rules and fix errors (#7117) (ad52ac9)

Miscellaneous Chores

getRepoConfig -> detectRepoFileConfig (0a60516)

Code Refactoring

get defaultBranchSha from git (6dbb1c7)
split getRepoConfig from mergeRenovateConfig (#7142) (8c5e6f3)
split out repo config error throwing (b88b1c9)
write repoConfig to cache (40d3316)

`v23.13.1`

Compare Source

23.13.1 (2020-08-31)

Build System

deps: update dependency commander to v6.1.0 (#7141) (76aa0f3)

Code Refactoring

remove null file check (81a75dd)

Miscellaneous Chores

fix lint (01659f2)

`v23.13.0`

Compare Source

Features

config: templated branchPrefix migration (7235c14)

Bug Fixes

Revert "feat: additionalBranchPrefix" (0ce9837)
Revert "feat(config): templated branchPrefix migration" (655bdc1)

`v23.12.0`

Compare Source

Features

additionalBranchPrefix (9385fb5)

Bug Fixes

git: syncBranch to ensure it has been fetched (c797865)
git: try/catch fetchBranchList (611bee9)

Miscellaneous Chores

deps: update dependency @types/eslint to v7.2.2 (#7138) (cb85090)

`v23.11.0`

Compare Source

Features

git: get branch commit without cloning (#7130) (012561f)

Tests

refactor getBranchCommit test (4b0eb18)

Miscellaneous Chores

simplify git tests (869806d)

Code Refactoring

externalize syncBranch from branchExists (6fdffed)
remove platform.setBaseBranch (#7137) (80b691c)
remove unused createBranch function (c9932d5)

`v23.10.2`

Compare Source

23.10.2 (2020-08-30)

Bug Fixes

git: don’t error for git fetch failure (083f30f)

Miscellaneous Chores

deps: update dependency @types/luxon to v1.24.4 (#7134) (56aba0a)

Code Refactoring

git: use gitInitialized (aeef5e7)

`v23.10.1`

Compare Source

23.10.1 (2020-08-29)

Code Refactoring

types: git return CommitSha instead of string (e50c7a7)

Miscellaneous Chores

rename commitHash -> commitSha (937a2e4)

Build System

deps: update dependency @actions/core to v1.2.5 (#7133) (35677b1)

`v23.10.0`

Compare Source

Features

preset: add date-io monorepo (#7127) (aeb3b1d)

`v23.9.0`

Compare Source

Features

worker: Enforce limits at PR creation time (#7099) (21e1f1f)

`v23.8.0`

Compare Source

Features

internal: lazy git initialization (#7006) (c1245b2)

Documentation

remove static list of enabledManagers and replace with docs link (63938f4)

`v23.7.0`

Compare Source

Features

config: Add support for prBodyTemplate (#7122) (d78dc8f)

`v23.6.1`

Compare Source

23.6.1 (2020-08-27)

Bug Fixes

npm: add npmrc trailing newline (#7124) (06d80c2)

`v23.6.0`

Compare Source

Features

config: Make baseBranches configurable via env var (#7123) (9be76ac)

`v23.5.1`

Compare Source

23.5.1 (2020-08-27)

Bug Fixes

datasource: add manual metadata (#7118) (8a4da9a)

`v23.5.0`

Compare Source

Features

maven: Support 'releaseTimestamp' for Maven Central (#7061) (6c08524)

Code Refactoring

datasource: Fix lint warnings (#7115) (0ae8cc2)
logger: Fix lint warnings (#7109) (f411dde)
manager: Fix lint warnings (#7116) (60b101d)
platform: Fix lint warnings (#7113) (28d16d1)
util: Fix lint warnings (#7114) (095f2f8)

`v23.4.0`

Compare Source

Features

Support for Python 'setup.cfg' files (#7058) (d5d9687)

`v23.3.1`

Compare Source

23.3.1 (2020-08-26)

Bug Fixes

compile lock file maintenance branch name (d4c466a), closes #7110

`v23.3.0`

Compare Source

Features

jenkins: Support skip comments (#6980) (37c9b6a)

`v23.2.0`

Compare Source

Features

config: Added option "onboardingCommitMessage" (#6997) (67a8fe5)

Code Refactoring

config: Fix lint warnings (#7108) (95f9af2)

`v23.1.1`

Compare Source

23.1.1 (2020-08-26)

Bug Fixes

multiple major branch name separation (7bb198f)

`v23.1.0`

Compare Source

Features

internal: write branchName to each update (#7107) (d21e50d)

Code Refactoring

move parentDir/baseDir generation to flattenUpdates (#7104) (5f94ec5)

Miscellaneous Chores

deps: update dependency prettier to v2.1.1 (#7101) (61087c1)
deps: update linters to v3.10.1 (#7102) (b3ef8d7)

`v23.0.3`

Compare Source

23.0.3 (2020-08-26)

Miscellaneous Chores

deps: update dependency pretty-quick to v3 (#7098) (0953ca2)
deps: update jest monorepo (#7097) (9412afd)

Build System

deps: update dependency luxon to v1.25.0 (#7100) (9ffca47)

`v23.0.2`

Compare Source

23.0.2 (2020-08-25)

Build System

deps: update dependency find-up to v5 (#7095) (2ebcd23)

`v23.0.1`

Compare Source

23.0.1 (2020-08-25)

Bug Fixes

cargo: Bump complex ranges (#6682) (5cc7d9f)

Code Refactoring

maven: Simplify maven datasource for single registryUrl usage (#7081) (5e978e1)

`v23.0.0`

Compare Source

⚠ BREAKING CHANGES

statusCheckVerify config option is no longer supported and will be ignored
lazyGrouping is no longer supported

Features

remove lazyGrouping feature (#7093) (838996d), closes #7056

Bug Fixes

remove statusCheckVerify option (#7094) (0701419), closes #7057

`v22.25.6`

Compare Source

22.25.6 (2020-08-25)

Bug Fixes

try/catch localDir deletion (#7090) (6a0f9a9)

`v22.25.5`

Compare Source

22.25.5 (2020-08-25)

Bug Fixes

composer: strip app x-access-token prefix from token (32181ae)
more flexible check for dashboard approval (c234428)

`v22.25.4`

Compare Source

22.25.4 (2020-08-25)

Bug Fixes

deleteLocalFile only if localDir is defined (2dc0fd6)

`v22.25.3`

Compare Source

22.25.3 (2020-08-25)

Bug Fixes

add zone.js changelog (#7089) (123a0f3)

`v22.25.2`

Compare Source

22.25.2 (2020-08-25)

Bug Fixes

bitbucket-server: rethrow empty (#7088) (09df036)

Build System

deps: update dependency @sindresorhus/is to v3.1.2 (#7086) (67f87ca)

Miscellaneous Chores

deps: upd

Renovate configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

renovate bot added the renovate label Sep 14, 2020

renovate bot force-pushed the renovate/npm-renovate-vulnerability branch 4 times, most recently from 4f60e3e to b3737b6 Compare September 17, 2020 20:14

renovate bot force-pushed the renovate/npm-renovate-vulnerability branch 2 times, most recently from 38a8443 to 45a5f62 Compare September 28, 2020 02:29

renovate bot force-pushed the renovate/npm-renovate-vulnerability branch 6 times, most recently from d59ba76 to f9736c7 Compare October 11, 2020 06:19

renovate bot force-pushed the renovate/npm-renovate-vulnerability branch 8 times, most recently from 9047e9f to 343ab49 Compare October 22, 2020 21:24

renovate bot force-pushed the renovate/npm-renovate-vulnerability branch 9 times, most recently from efe71c9 to 91732c7 Compare October 29, 2020 18:16

renovate bot force-pushed the renovate/npm-renovate-vulnerability branch 25 times, most recently from f635efa to 5ce2148 Compare November 9, 2020 22:38

chore(deps): update dependency renovate to v23 [security]

a61527b

renovate bot force-pushed the renovate/npm-renovate-vulnerability branch from 5ce2148 to a61527b Compare November 10, 2020 06:44

renovate bot changed the title ~~chore(deps): update dependency renovate to v23 [security]~~ chore(deps): update dependency renovate to v23 [security]- autoclosed Nov 16, 2020

renovate bot closed this Nov 16, 2020

renovate bot deleted the renovate/npm-renovate-vulnerability branch November 16, 2020 17:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency renovate to v23 [security]- autoclosed #34

chore(deps): update dependency renovate to v23 [security]- autoclosed #34

renovate bot commented Sep 14, 2020

chore(deps): update dependency renovate to v23 [security]- autoclosed #34

chore(deps): update dependency renovate to v23 [security]- autoclosed #34

Conversation

renovate bot commented Sep 14, 2020

GitHub Vulnerability Alerts

Impact

Patches

Workarounds

For more information

Release Notes

23.25.1 (2020-09-12)

Bug Fixes

Miscellaneous Chores

Features

Miscellaneous Chores

Features

Features

23.22.3 (2020-09-12)

Bug Fixes

23.22.2 (2020-09-12)

Bug Fixes

23.22.1 (2020-09-11)

Bug Fixes

Features

23.21.4 (2020-09-11)

Bug Fixes

23.21.3 (2020-09-11)

Bug Fixes

23.21.2 (2020-09-11)

Bug Fixes

23.21.1 (2020-09-11)

Bug Fixes

Features

23.20.7 (2020-09-10)

Bug Fixes

Miscellaneous Chores

23.20.6 (2020-09-10)

Bug Fixes

23.20.5 (2020-09-10)

Bug Fixes

23.20.4 (2020-09-09)

Bug Fixes

Miscellaneous Chores

Code Refactoring

23.20.3 (2020-09-09)

Bug Fixes

Miscellaneous Chores

23.20.2 (2020-09-09)

Bug Fixes

Miscellaneous Chores

23.20.1 (2020-09-09)

Bug Fixes

Miscellaneous Chores

Features

Documentation

Miscellaneous Chores

23.19.4 (2020-09-08)

Bug Fixes

23.19.3 (2020-09-08)

Bug Fixes

23.19.2 (2020-09-07)

Build System

23.19.1 (2020-09-07)

Bug Fixes

Miscellaneous Chores

Features

Bug Fixes

23.18.2 (2020-09-07)

Bug Fixes

Miscellaneous Chores

23.18.1 (2020-09-05)

Miscellaneous Chores

Build System

Features

Code Refactoring

23.17.1 (2020-09-03)

Build System

Features

23.16.4 (2020-09-03)

Bug Fixes