Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update react monorepo #322

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update react monorepo #322

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 14, 2020
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
eslint-plugin-react-hooks (source) 4.6.0 -> 4.6.2 age adoption passing confidence
react (source) 16.13.1 -> 16.14.0 age adoption passing confidence
react-dom (source) 16.13.1 -> 16.14.0 age adoption passing confidence
react-test-renderer (source) 16.13.1 -> 16.14.0 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

facebook/react (eslint-plugin-react-hooks)

v4.6.2

Compare Source

v4.6.1

Compare Source

facebook/react (react)

v16.14.0

Compare Source

React

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from moul as a code owner October 14, 2020 20:33
@auto-add-label auto-add-label bot added the bug Something isn't working label Oct 14, 2020
@trafico-bot trafico-bot bot added the 🔍 Ready for Review Pull Request is not reviewed yet label Oct 14, 2020
@codecov
Copy link

codecov bot commented Oct 14, 2020
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 28.81%. Comparing base (9b77084) to head (2703613).
Report is 19 commits behind head on master.

❗ Current head 2703613 differs from pull request most recent head 08cf5f8. Consider uploading reports for the commit 08cf5f8 to get more accurate results

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #322      +/-   ##
==========================================
+ Coverage   27.95%   28.81%   +0.86%     
==========================================
  Files           6        6              
  Lines         440      288     -152     
==========================================
- Hits          123       83      -40     
+ Misses        315      203     -112     
  Partials        2        2
Flag Coverage Δ
unittests ?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate renovate bot changed the title fix(deps): update react monorepo to v16.14.0 chore(deps): update react monorepo Oct 20, 2020
@auto-add-label auto-add-label bot added dependencies and removed bug Something isn't working labels Oct 20, 2020
@renovate
Copy link
Contributor Author

renovate bot commented Nov 7, 2020

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻️ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you check the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: web/package-lock.json
npm ERR! code ERESOLVE
npm ERR! Cannot read property 'length' of undefined

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2020-11-07T15_56_51_431Z-debug.log

@renovate renovate bot force-pushed the renovate/react-monorepo branch from 180fdac to 7cdf49b Compare April 24, 2022 19:27
@renovate renovate bot force-pushed the renovate/react-monorepo branch from 7cdf49b to 0b2f693 Compare May 15, 2022 23:00
@renovate renovate bot force-pushed the renovate/react-monorepo branch from 0b2f693 to 34b9d3a Compare June 18, 2022 22:31
@renovate renovate bot force-pushed the renovate/react-monorepo branch from 34b9d3a to 6e3a549 Compare July 23, 2022 21:49
@renovate renovate bot changed the title chore(deps): update react monorepo fix(deps): update react monorepo to v16.14.0 Jul 23, 2022
@auto-add-label auto-add-label bot added bug Something isn't working and removed dependencies labels Jul 23, 2022
@renovate renovate bot force-pushed the renovate/react-monorepo branch 2 times, most recently from 0044fbb to 8bc5380 Compare August 4, 2022 21:00
@renovate
Copy link
Contributor Author

renovate bot commented Aug 29, 2022
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: web/package-lock.json
npm warn ERESOLVE overriding peer dependency
npm warn While resolving: @jimp/[email protected]
npm warn Found: @jimp/[email protected]
npm warn node_modules/@jimp/plugin-color
npm warn   @jimp/plugin-color@"^0.6.8" from @jimp/[email protected]
npm warn   node_modules/@jimp/plugins
npm warn     @jimp/plugins@"^0.6.8" from [email protected]
npm warn     node_modules/jimp
npm warn
npm warn Could not resolve dependency:
npm warn peer @jimp/plugin-color@">=0.8.0" from @jimp/[email protected]
npm warn node_modules/@jimp/plugin-threshold
npm warn   @jimp/plugin-threshold@"^0.10.3" from @jimp/[email protected]
npm warn   node_modules/potrace/node_modules/@jimp/plugins
npm warn
npm warn Conflicting peer dependency: @jimp/[email protected]
npm warn node_modules/@jimp/plugin-color
npm warn   peer @jimp/plugin-color@">=0.8.0" from @jimp/[email protected]
npm warn   node_modules/@jimp/plugin-threshold
npm warn     @jimp/plugin-threshold@"^0.10.3" from @jimp/[email protected]
npm warn     node_modules/potrace/node_modules/@jimp/plugins
npm warn ERESOLVE overriding peer dependency
npm warn While resolving: @jimp/[email protected]
npm warn Found: @jimp/[email protected]
npm warn node_modules/@jimp/plugin-resize
npm warn   peer @jimp/plugin-resize@">=0.3.5" from @jimp/[email protected]
npm warn   node_modules/@jimp/plugin-contain
npm warn     @jimp/plugin-contain@"^0.6.8" from @jimp/[email protected]
npm warn     node_modules/@jimp/plugins
npm warn   5 more (@jimp/plugin-cover, @jimp/plugin-rotate, ...)
npm warn
npm warn Could not resolve dependency:
npm warn peer @jimp/plugin-resize@">=0.8.0" from @jimp/[email protected]
npm warn node_modules/@jimp/plugin-threshold
npm warn   @jimp/plugin-threshold@"^0.10.3" from @jimp/[email protected]
npm warn   node_modules/potrace/node_modules/@jimp/plugins
npm warn
npm warn Conflicting peer dependency: @jimp/[email protected]
npm warn node_modules/@jimp/plugin-resize
npm warn   peer @jimp/plugin-resize@">=0.8.0" from @jimp/[email protected]
npm warn   node_modules/@jimp/plugin-threshold
npm warn     @jimp/plugin-threshold@"^0.10.3" from @jimp/[email protected]
npm warn     node_modules/potrace/node_modules/@jimp/plugins
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/eslint
npm error   dev eslint@"8.2.0" from the root project
npm error   peer eslint@">= 4.12.1" from [email protected]
npm error   node_modules/babel-eslint
npm error     dev babel-eslint@"10.1.0" from the root project
npm error   10 more (eslint-config-airbnb, eslint-config-airbnb-base, ...)
npm error
npm error Could not resolve dependency:
npm error peer eslint@">=7 <8.0.0" from [email protected]
npm error node_modules/eslint-watch
npm error   dev eslint-watch@"7.0.0" from the root project
npm error
npm error Conflicting peer dependency: [email protected]
npm error node_modules/eslint
npm error   peer eslint@">=7 <8.0.0" from [email protected]
npm error   node_modules/eslint-watch
npm error     dev eslint-watch@"7.0.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /tmp/renovate/cache/others/npm/_logs/2024-04-26T16_52_08_877Z-eresolve-report.txt

npm error A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2024-04-26T16_52_08_877Z-debug-0.log

@socket-security
Copy link

socket-security bot commented Aug 29, 2022
edited
Loading

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/[email protected]
  • Install script: postinstall
  • Source: node -e "try{require('./postinstall')}catch(e){}"
Install scripts npm/[email protected]
  • Install script: postinstall
  • Source: node ./postinstall.js

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@renovate renovate bot force-pushed the renovate/react-monorepo branch 2 times, most recently from 1de93e1 to 202e24c Compare September 27, 2022 20:59
@renovate renovate bot force-pushed the renovate/react-monorepo branch from 63c73b7 to 8d98473 Compare April 25, 2024 18:26
@renovate renovate bot changed the title fix(deps): update react monorepo to v16.14.0 chore(deps): update react monorepo Apr 25, 2024
@socket-security Socket Security
Copy link

socket-security bot commented Apr 25, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/[email protected] None +2 44.7 kB sindresorhus
npm/[email protected] None 0 11.5 kB bripkens
npm/[email protected] environment, eval, filesystem 0 1.01 MB zloirock
npm/[email protected] environment, filesystem, shell 0 31.6 kB nickmerwin
npm/[email protected] environment Transitive: filesystem, shell +5 68.5 kB kentcdodds
npm/[email protected] None +2 116 kB evilebottnawi
npm/[email protected] Transitive: filesystem +6 138 kB evilebottnawi
npm/[email protected] None 0 81.5 kB maxkfranz
npm/[email protected] None +1 7.76 MB maxkfranz
npm/[email protected] None 0 402 kB josejulio
npm/[email protected] None +1 4.24 MB maxkfranz
npm/[email protected] environment, filesystem +2 41.2 kB mrsteele
npm/[email protected] Transitive: environment, eval +17 3.13 MB ljharb
npm/[email protected] Transitive: eval, network +30 4.84 MB ljharb
npm/[email protected] None +2 180 kB ljharb
npm/[email protected] None +1 65 kB lydell
npm/[email protected] filesystem, unsafe Transitive: environment, eval +25 2.98 MB ljharb
npm/[email protected] Transitive: environment, eval, filesystem +22 6.02 MB ljharb
npm/[email protected] filesystem +3 793 kB mysticatea
npm/[email protected] None 0 38.3 kB xjamundx
npm/[email protected] environment 0 118 kB gnoff
npm/[email protected] filesystem Transitive: environment, eval +18 2.56 MB ljharb
npm/[email protected] environment Transitive: shell +5 194 kB rizowski
npm/[email protected] filesystem Transitive: environment, eval, unsafe +35 7.99 MB eslintbot
npm/[email protected] None +3 189 kB evilebottnawi
npm/[email protected] environment +1 259 kB mjackson
npm/[email protected] filesystem, unsafe Transitive: environment, eval, network +24 3.13 MB jantimon
npm/[email protected] None +2 4.51 MB niklasvh

🚮 Removed packages: npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

@renovate renovate bot force-pushed the renovate/react-monorepo branch from 8d98473 to 08cf5f8 Compare April 26, 2024 16:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moul moul Awaiting requested review from moul moul is a code owner

Assignees
No one assigned
Labels
bug Something isn't working 🔍 Ready for Review Pull Request is not reviewed yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants