Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure Renovate #61

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Configure Renovate #61

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Aug 23, 2022
edited
Loading

Mend Renovate

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

Detected Package Files

  • package.json (npm)

Configuration Summary

Based on the default config's presets, Renovate will:

  • Start dependency updates only once this onboarding PR is merged
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.

🔡 Would you like to change the way Renovate is upgrading your dependencies? Simply edit the renovate.json in this branch with your custom config and the list of Pull Requests in the "What to Expect" section below will be updated the next time Renovate runs.

What to Expect

With your current configuration, Renovate will create 24 Pull Requests:

fix(deps): update dependency bl to v4.0.3 [security]
  • Branch name: renovate/npm-bl-vulnerability
  • Merge into: master
  • Upgrade bl to 4.0.3
fix(deps): update dependency async to v3.2.2 [security]
  • Branch name: renovate/npm-async-vulnerability
  • Merge into: master
  • Upgrade async to 3.2.2
fix(deps): update dependency aws-sdk to v2.814.0 [security]
  • Branch name: renovate/npm-aws-sdk-vulnerability
  • Merge into: master
  • Upgrade aws-sdk to 2.814.0
fix(deps): update dependency nconf to ^0.11.0 [security]
  • Branch name: renovate/npm-nconf-vulnerability
  • Merge into: master
  • Upgrade nconf to ^0.11.0
chore(deps): update dependency eslint-config-godaddy to v4.0.1
  • Schedule: ["at any time"]
  • Branch name: renovate/eslint-config-godaddy-4.x-lockfile
  • Merge into: master
  • Upgrade eslint-config-godaddy to 4.0.1
chore(deps): update dependency mocha to v6.2.3
  • Schedule: ["at any time"]
  • Branch name: renovate/mocha-6.x-lockfile
  • Merge into: master
  • Upgrade mocha to 6.2.3
fix(deps): update dependency aws-liveness to v1.1.1
  • Schedule: ["at any time"]
  • Branch name: renovate/aws-liveness-1.x-lockfile
  • Merge into: master
  • Upgrade aws-liveness to 1.1.1
chore(deps): update dependency assume to v2.3.0
  • Schedule: ["at any time"]
  • Branch name: renovate/assume-2.x-lockfile
  • Merge into: master
  • Upgrade assume to 2.3.0
chore(deps): update dependency assume-sinon to v1.1.0
  • Schedule: ["at any time"]
  • Branch name: renovate/assume-sinon-1.x-lockfile
  • Merge into: master
  • Upgrade assume-sinon to 1.1.0
chore(deps): update dependency eslint to v6.8.0
  • Schedule: ["at any time"]
  • Branch name: renovate/eslint-6.x-lockfile
  • Merge into: master
  • Upgrade eslint to 6.8.0
chore(deps): update dependency eslint-plugin-json to v2.1.2
  • Schedule: ["at any time"]
  • Branch name: renovate/eslint-plugin-json-2.x-lockfile
  • Merge into: master
  • Upgrade eslint-plugin-json to 2.1.2
chore(deps): update dependency eslint-plugin-mocha to v6.3.0
  • Schedule: ["at any time"]
  • Branch name: renovate/eslint-plugin-mocha-6.x-lockfile
  • Merge into: master
  • Upgrade eslint-plugin-mocha to 6.3.0
fix(deps): update dependency bffs to v7.1.0
  • Schedule: ["at any time"]
  • Branch name: renovate/bffs-7.x-lockfile
  • Merge into: master
  • Upgrade bffs to 7.1.0
fix(deps): update dependency uuid to v3.4.0
  • Schedule: ["at any time"]
  • Branch name: renovate/uuid-3.x-lockfile
  • Merge into: master
  • Upgrade uuid to 3.4.0
fix(deps): update dependency winston to v3.8.2
  • Schedule: ["at any time"]
  • Branch name: renovate/winston-3.x-lockfile
  • Merge into: master
  • Upgrade winston to 3.8.2
chore(deps): update dependency eslint to v8
  • Schedule: ["at any time"]
  • Branch name: renovate/eslint-8.x
  • Merge into: master
  • Upgrade eslint to ^8.0.0
chore(deps): update dependency eslint-config-godaddy to v7
  • Schedule: ["at any time"]
  • Branch name: renovate/eslint-config-godaddy-7.x
  • Merge into: master
  • Upgrade eslint-config-godaddy to ^7.0.0
chore(deps): update dependency eslint-plugin-json to v3
  • Schedule: ["at any time"]
  • Branch name: renovate/eslint-plugin-json-3.x
  • Merge into: master
  • Upgrade eslint-plugin-json to ^3.0.0
chore(deps): update dependency eslint-plugin-mocha to v10
  • Schedule: ["at any time"]
  • Branch name: renovate/eslint-plugin-mocha-10.x
  • Merge into: master
  • Upgrade eslint-plugin-mocha to ^10.0.0
chore(deps): update dependency mocha to v10
  • Schedule: ["at any time"]
  • Branch name: renovate/mocha-10.x
  • Merge into: master
  • Upgrade mocha to ^10.0.0
chore(deps): update dependency nyc to v15
  • Schedule: ["at any time"]
  • Branch name: renovate/nyc-15.x
  • Merge into: master
  • Upgrade nyc to ^15.0.0
chore(deps): update dependency sinon to v15
  • Schedule: ["at any time"]
  • Branch name: renovate/sinon-15.x
  • Merge into: master
  • Upgrade sinon to ^15.0.0
fix(deps): update dependency dynamodb-x to v2
  • Schedule: ["at any time"]
  • Branch name: renovate/dynamodb-x-2.x
  • Merge into: master
  • Upgrade dynamodb-x to ^2.0.0
fix(deps): update dependency uuid to v9
  • Schedule: ["at any time"]
  • Branch name: renovate/uuid-9.x
  • Merge into: master
  • Upgrade uuid to ^9.0.0

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/configure branch from d2d7082 to c6801a8 Compare March 24, 2023 22:31
@rmarkins-godaddy
Copy link

Logo
Checkmarx One – Scan Summary & Details39145475-ffbb-4983-a81b-aa2df827fd32

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2022-25881 Npm-http-cache-semantics-3.8.1 Vulnerable Package
HIGH CVE-2022-25901 Npm-cookiejar-2.1.2 Vulnerable Package
HIGH CVE-2023-28155 Npm-request-2.88.0 Vulnerable Package
MEDIUM Cx366abb53-9fde Npm-es5-ext-0.10.62 Vulnerable Package
LOW Potentially_Vulnerable_To_CSRF /preboot/http.js: 13 Attack Vector
LOW Use_Of_HTTP_Sensitive_Data_Exposure /preboot/http.js: 13 Attack Vector

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rmarkins-godaddy