build: update webpack-subresource-integrity to version 1.5.1 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
webpack-subresource-integrity	1.4.0 -> 1.5.1

GitHub Vulnerability Alerts

CVE-2020-15262

Impact

All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected.

Patches

This issue is patched in version 1.5.1.

Workarounds

N/A

References

waysact/webpack-subresource-integrity#131

For more information

If you have any questions or comments about this advisory:

• Comment on webpack-subresource-integrity issue #​131
• Or email us at security@waysact.com

---

Release Notes

waysact/webpack-subresource-integrity

v1.5.1

Compare Source

• Fix a security issue where dynamically loaded chunks were not protected from tampering. This issue was introduced in v1.5.0. (#​131)

v1.5.0

Compare Source

• Compatibility with Webpack 5

v1.4.1

Compare Source

• Ignore tags with null attributes (#​122)

---

Renovate configuration

📅 Schedule: "" in timezone America/Tijuana.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻️ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you check the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm WARN deprecated popper.js@1.16.1: You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1
npm WARN deprecated tslint@6.1.3: TSLint has been deprecated in favor of ESLint. Please see https://github.com/palantir/tslint/issues/4534 for more information.
npm WARN deprecated tslint-sonarts@1.9.0: Package no longer supported. Consider using eslint-plugin-sonarjs.
npm WARN deprecated v8-coverage@1.0.9: This tool was built when [c8](https://togithub.com/bcoe/c8) package wasn't ready to be used, c8 has now more functionality and works better that this module. So you should really use c8.
npm WARN deprecated @hapi/joi@16.1.8: Switch to 'npm install joi'
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated fsevents@2.1.3: "Please update to latest v2.3 or v2.2"
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated request@2.87.0: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address'
npm WARN deprecated @hapi/formula@1.2.0: Moved to 'npm install @sideway/formula'
npm WARN deprecated @hapi/pinpoint@1.0.2: Moved to 'npm install @sideway/pinpoint'
npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated har-validator@5.0.3: this library is no longer supported
npm WARN deprecated request@2.88.0: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN notsup Unsupported engine for jest-worker@26.2.1: wanted: {"node":">= 10.14.2"} (current: {"node":"10.13.0","npm":"6.14.10"})
npm WARN notsup Not compatible with your version of node/npm: jest-worker@26.2.1
npm WARN notsup Unsupported engine for puppeteer@5.2.1: wanted: {"node":">=10.18.1"} (current: {"node":"10.13.0","npm":"6.14.10"})
npm WARN notsup Not compatible with your version of node/npm: puppeteer@5.2.1

npm ERR! code ENOPACKAGEJSON
npm ERR! package.json Non-registry package missing package.json: sauce-connect-proxy@https://saucelabs.com/downloads/sc-4.5.4-linux.tar.gz.
npm ERR! package.json npm can't find a package.json file in your current directory.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2021-01-05T23_44_02_399Z-debug.log