chore(deps): update dependency lerna to v5 - autoclosed #726

mend-for-github-com · 2022-07-25T13:44:31Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
lerna (source)	`^3.6.0` -> `^5.0.0`

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	9.1	CVE-2019-10744	#98
High	8.6	CVE-2021-37701	#289
High	8.6	CVE-2021-37712	#290
High	8.6	CVE-2021-37713	#291
High	8.6	WS-2019-0338	#151
High	8.1	CVE-2021-32803	#241
High	8.1	CVE-2021-32804	#240
High	7.5	CVE-2019-20149	#7
High	7.5	CVE-2020-28469	#28
High	7.5	CVE-2021-33623	#125
High	7.5	CVE-2021-35065	#430
High	7.5	WS-2019-0339	#152
Medium	5.3	WS-2020-0127	#193

Release Notes

lerna/lerna

`v5.1.8`

Compare Source

Note: Version bump only for package lerna

`v5.1.7`

Compare Source

Note: Version bump only for package lerna

`v5.1.6`

Compare Source

Note: Version bump only for package lerna

`v5.1.5`

Compare Source

Note: Version bump only for package lerna

`v5.1.4`

Compare Source

Note: Version bump only for package lerna

`v5.1.3`

Compare Source

Note: Version bump only for package lerna

`v5.1.2`

Compare Source

Bug Fixes

update all transitive inclusions of ansi-regex (#3166) (56eaa15)

`v5.1.1`

Compare Source

Bug Fixes

allow maintenance LTS node 14 engines starting at 14.15.0 (#3161) (72305e4)

`v5.1.0`

Compare Source

Note: Version bump only for package lerna

`v5.0.0`

Compare Source

Note: Version bump only for package lerna

`v4.0.0`

Compare Source

Features

Consume named exports of sibling modules (63499e3)
deps: import-local@^3.0.2 (e0e74d4)
Drop support for Node v6.x & v8.x (ff4bb4d)

BREAKING CHANGES

Node v6.x & v8.x are no longer supported. Please upgrade to the latest LTS release.

Here's the gnarly one-liner I used to make these changes:

npx lerna exec --concurrency 1 --stream -- 'json -I -f package.json -e '"'"'this.engines=this.engines||{};this.engines.node=">= 10.18.0"'"'"

(requires npm i -g json beforehand)

3.22.1 (2020-06-09)

Note: Version bump only for package lerna

`v3.22.1`

Compare Source

Note: Version bump only for package lerna

`v3.22.0`

Compare Source

Note: Version bump only for package lerna

`v3.21.0`

Compare Source

Note: Version bump only for package lerna

3.20.2 (2020-01-02)

Note: Version bump only for package lerna

3.20.1 (2019-12-29)

Note: Version bump only for package lerna

`v3.20.2`

Compare Source

Note: Version bump only for package lerna

`v3.20.1`

Compare Source

Note: Version bump only for package lerna

`v3.20.0`

Compare Source

Features

cli: Add new info command to output information about local environment (#2106) (7abfe43)

`v3.19.0`

Compare Source

Note: Version bump only for package lerna

3.18.5 (2019-11-20)

Note: Version bump only for package lerna

3.18.4 (2019-11-08)

Note: Version bump only for package lerna

3.18.3 (2019-10-22)

Note: Version bump only for package lerna

3.18.2 (2019-10-21)

Note: Version bump only for package lerna

3.18.1 (2019-10-15)

Note: Version bump only for package lerna

`v3.18.5`

Compare Source

Note: Version bump only for package lerna

`v3.18.4`

Compare Source

Note: Version bump only for package lerna

`v3.18.3`

Compare Source

Note: Version bump only for package lerna

`v3.18.2`

Compare Source

Note: Version bump only for package lerna

`v3.18.1`

Compare Source

Note: Version bump only for package lerna

`v3.18.0`

Compare Source

Features

Upgrade to yargs@14 (5e60213)

`v3.17.0`

Compare Source

Note: Version bump only for package lerna

3.16.5 (2019-10-07)

Note: Version bump only for package lerna

3.16.4 (2019-07-24)

Note: Version bump only for package lerna

3.16.3 (2019-07-23)

Note: Version bump only for package lerna

3.16.2 (2019-07-22)

Note: Version bump only for package lerna

3.16.1 (2019-07-19)

Note: Version bump only for package lerna

`v3.16.5`

Compare Source

Note: Version bump only for package lerna

`v3.16.4`

Compare Source

Note: Version bump only for package lerna

`v3.16.3`

Compare Source

Note: Version bump only for package lerna

`v3.16.2`

Compare Source

Note: Version bump only for package lerna

`v3.16.1`

Compare Source

Note: Version bump only for package lerna

`v3.16.0`

Compare Source

Features

deps: import-local@^2.0.0 (14d2c66)

`v3.15.0`

Compare Source

Note: Version bump only for package lerna

3.14.2 (2019-06-09)

Note: Version bump only for package lerna

3.14.1 (2019-05-15)

Note: Version bump only for package lerna

`v3.14.2`

Compare Source

Note: Version bump only for package lerna

`v3.14.1`

Compare Source

Note: Version bump only for package lerna

`v3.14.0`

Compare Source

Note: Version bump only for package lerna

3.13.4 (2019-04-24)

Note: Version bump only for package lerna

3.13.3 (2019-04-17)

Note: Version bump only for package lerna

3.13.2 (2019-04-08)

Note: Version bump only for package lerna

3.13.1 (2019-02-26)

Note: Version bump only for package lerna

`v3.13.4`

Compare Source

Note: Version bump only for package lerna

`v3.13.3`

Compare Source

Note: Version bump only for package lerna

`v3.13.2`

Compare Source

Note: Version bump only for package lerna

`v3.13.1`

Compare Source

Note: Version bump only for package lerna

`v3.13.0`

Compare Source

Features

meta: Add repository.directory field to package.json (aec5023)
meta: Normalize package.json homepage field (abeb4dc)

3.12.1 (2019-02-14)

Note: Version bump only for package lerna

`v3.12.1`

Compare Source

Note: Version bump only for package lerna

`v3.12.0`

Compare Source

Note: Version bump only for package lerna

3.11.1 (2019-02-11)

Note: Version bump only for package lerna

`v3.11.1`

Compare Source

Note: Version bump only for package lerna

`v3.11.0`

Compare Source

Bug Fixes

deps: Explicit npmlog ^4.1.2 (571c2e2)
deps: Remove unused libnpm (replaced by direct sub-packages) (1caeb28)

3.10.8 (2019-02-01)

Note: Version bump only for package lerna

3.10.7 (2019-01-22)

Note: Version bump only for package lerna

3.10.6 (2019-01-19)

Note: Version bump only for package lerna

3.10.5 (2019-01-11)

Note: Version bump only for package lerna

3.10.4 (2019-01-10)

Note: Version bump only for package lerna

3.10.3 (2019-01-10)

Note: Version bump only for package lerna

3.10.2 (2019-01-09)

Note: Version bump only for package lerna

3.10.1 (2019-01-09)

Note: Version bump only for package lerna

`v3.10.8`

Compare Source

Note: Version bump only for package lerna

`v3.10.7`

Compare Source

Note: Version bump only for package lerna

`v3.10.6`

Compare Source

Note: Version bump only for package lerna

`v3.10.5`

Compare Source

Note: Version bump only for package lerna

`v3.10.4`

Compare Source

Note: Version bump only for package lerna

`v3.10.3`

Compare Source

Note: Version bump only for package lerna

`v3.10.2`

Compare Source

Note: Version bump only for package lerna

`v3.10.1`

Compare Source

Note: Version bump only for package lerna

`v3.10.0`

Compare Source

Note: Version bump only for package lerna

3.9.1 (2019-01-08)

Note: Version bump only for package lerna

`v3.9.1`

Compare Source

Note: Version bump only for package lerna

`v3.9.0`

Compare Source

Note: Version bump only for package lerna

3.8.5 (2019-01-05)

Note: Version bump only for package lerna

3.8.4 (2019-01-03)

Note: Version bump only for package lerna

3.8.3 (2019-01-03)

Note: Version bump only for package lerna

3.8.2 (2019-01-03)

Note: Version bump only for package lerna

3.8.1 (2018-12-31)

Note: Version bump only for package lerna

`v3.8.5`

Compare Source

Note: Version bump only for package lerna

`v3.8.4`

Compare Source

Note: Version bump only for package lerna

`v3.8.2`

Compare Source

Note: Version bump only for package lerna

`v3.8.1`

Compare Source

Note: Version bump only for package lerna

`v3.8.0`

Compare Source

Note: Version bump only for package lerna

3.7.2 (2018-12-21)

Note: Version bump only for package lerna

3.7.1 (2018-12-20)

Note: Version bump only for package lerna

`v3.7.2`

Compare Source

Note: Version bump only for package lerna

`v3.7.1`

Compare Source

Note: Version bump only for package lerna

`v3.7.0`

Compare Source

Note: Version bump only for package lerna

If you want to rebase/retry this PR, click this checkbox.

mend-for-github-com · 2022-07-25T13:44:34Z

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: npm_and_yarn/spec/fixtures/projects/npm6_and_yarn/lerna/yarn.lock

lerna notice cli v5.1.4
lerna ERR! Error: Invalid package name "{{ name }}": name can only contain URL-friendly characters
lerna ERR!     at invalidPackageName (/usr/local/lerna/5.1.4/lib/node_modules/lerna/node_modules/npm-package-arg/npa.js:84:15)
lerna ERR!     at Result.setName (/usr/local/lerna/5.1.4/lib/node_modules/lerna/node_modules/npm-package-arg/npa.js:119:11)
lerna ERR!     at new Result (/usr/local/lerna/5.1.4/lib/node_modules/lerna/node_modules/npm-package-arg/npa.js:110:10)
lerna ERR!     at Function.resolve (/usr/local/lerna/5.1.4/lib/node_modules/lerna/node_modules/npm-package-arg/npa.js:54:15)
lerna ERR!     at new Package (/usr/local/lerna/5.1.4/lib/node_modules/lerna/node_modules/@lerna/package/index.js:95:26)
lerna ERR!     at /usr/local/lerna/5.1.4/lib/node_modules/lerna/node_modules/@lerna/project/index.js:207:26
lerna ERR! lerna Invalid package name "{{ name }}": name can only contain URL-friendly characters

chore(deps): update dependency lerna to v5

6e13b0f

mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Jul 25, 2022

mend-for-github-com bot changed the title ~~chore(deps): update dependency lerna to v5~~ chore(deps): update dependency lerna to v5 - autoclosed Jul 28, 2022

mend-for-github-com bot closed this Jul 28, 2022

mend-for-github-com bot deleted the whitesource-remediate/lerna-5.x branch July 28, 2022 04:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency lerna to v5 - autoclosed #726

chore(deps): update dependency lerna to v5 - autoclosed #726

mend-for-github-com bot commented Jul 25, 2022

mend-for-github-com bot commented Jul 25, 2022

chore(deps): update dependency lerna to v5 - autoclosed #726

chore(deps): update dependency lerna to v5 - autoclosed #726

Conversation

mend-for-github-com bot commented Jul 25, 2022

Release Notes

Bug Fixes

Bug Fixes

Features

BREAKING CHANGES

3.22.1 (2020-06-09)

3.20.2 (2020-01-02)

3.20.1 (2019-12-29)

Features

3.18.5 (2019-11-20)

3.18.4 (2019-11-08)

3.18.3 (2019-10-22)

3.18.2 (2019-10-21)

3.18.1 (2019-10-15)

Features

3.16.5 (2019-10-07)

3.16.4 (2019-07-24)

3.16.3 (2019-07-23)

3.16.2 (2019-07-22)

3.16.1 (2019-07-19)

Features

3.14.2 (2019-06-09)

3.14.1 (2019-05-15)

3.13.4 (2019-04-24)

3.13.3 (2019-04-17)

3.13.2 (2019-04-08)

3.13.1 (2019-02-26)

Features

3.12.1 (2019-02-14)

3.11.1 (2019-02-11)

Bug Fixes

3.10.8 (2019-02-01)

3.10.7 (2019-01-22)

3.10.6 (2019-01-19)

3.10.5 (2019-01-11)

3.10.4 (2019-01-10)

3.10.3 (2019-01-10)

3.10.2 (2019-01-09)

3.10.1 (2019-01-09)

3.9.1 (2019-01-08)

3.8.5 (2019-01-05)

3.8.4 (2019-01-03)

3.8.3 (2019-01-03)

3.8.2 (2019-01-03)

3.8.1 (2018-12-31)

3.7.2 (2018-12-21)

3.7.1 (2018-12-20)

mend-for-github-com bot commented Jul 25, 2022

⚠ Artifact update problem

File name: npm_and_yarn/spec/fixtures/projects/npm6_and_yarn/lerna/yarn.lock