fix(deps): update dependency probot to v12 [security] #62

renovate · 2023-12-16T05:47:04Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
probot (source)	`^6.0.0` -> `^12.3.3`

GitHub Vulnerability Alerts

CVE-2023-50728

Impact

Versions v9.26.0, v10.9.x), v11.1.x, v12.0.x all contained the code that would throw the error.

Specifically, during a pentest we encountered a bug in the octokit/webhooks library (a dependency of Probot, a framework for building Github Apps). The resulting request was found to cause an uncaught exception that ends the nodejs process.

The problem is caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases.

Credit goes to @pb82 (for the early analysis) and @rh-tguittet (for discovery).

Patches

Maintenance releases for the Error being thrown by the verify method in octokit/webhooks.js

v12 - v12.0.4
v11 - v11.1.2
v10 -v10.9.2
v9 - v9.26.3

Maintenance release for the reference for octokit/webhooks.js in app.js

v14.0.2

Maintenance release for the reference for octokit/webhooks.js in octokit.js

v3.1.2

Maintenance release for the reference for octokit/webhooks.js in Protobot

v12.3.3

Workarounds

It is recommend that all users upgrade to the latest version of octokit/webhooks.js or use one of the updated back ported versions.

Release Notes

probot/probot (probot)

`v12.3.3`

Compare Source

Bug Fixes

deps: @octokit/webhooks security update (#1911) (02d81f8)

`v12.3.2`

Compare Source

Bug Fixes

Fix async main function type (#1672) (fc6886d)

`v12.3.1`

Compare Source

Bug Fixes

typescript: simplify ProbotWebhooks object (#1833) (7b09369)

`v12.3.0`

Compare Source

Features

server: add logging options (#1645) (6c5840d)

`v12.2.9`

Compare Source

Bug Fixes

typescript: add missing import (#1783) (229a01c)

`v12.2.8`

Compare Source

Bug Fixes

Make probot receive support complex Probot apps (#1714) (eff5553)

`v12.2.7`

Compare Source

Bug Fixes

receive: --base-url option and GHE_HOST (#1719) (68c9b91)

`v12.2.6`

Compare Source

Bug Fixes

deps: upgrade octokit/types to v7.1.1 (#1724) (be45120)

Bug Fixes

logging of first octokit instance is not set (#1676) - thanks @kammerjaeger @markjm (646b6a9)

`v12.2.3`

Compare Source

Bug Fixes

deps: bump eventsource from 1.1.0 to 2.0.2 (7fd06d6)

`v12.2.2`

Compare Source

Bug Fixes

Replaced hbs with express-handlebars (#1659) (420f886)

`v12.2.1`

Compare Source

Bug Fixes

security: bump minimal version of hbs (#1638) (dd9f5ae)

`v12.2.0`

Compare Source

Features

customize account name for manifest creation flow using GH_ORG environment variable (#1606) (992b480)

`v12.1.4`

Compare Source

Bug Fixes

types: export ApplicationFunction (#1631) (073f087)

`v12.1.3`

Compare Source

Bug Fixes

log json in production (#1598) (bb068d9)

`v12.1.2`

Compare Source

Bug Fixes

typescript: add types for context.{repo,issue,pullRequest} (#1622) (638a3b2)

`v12.1.1`

Compare Source

Bug Fixes

update ioredis to non-vulnerable version (#1589) (f02c549)

`v12.1.0`

Compare Source

Features

website: 11ty 🚀 (#1516) (7a43e9e)

`v12.0.0`

Compare Source

Features

update @octokit/webhooks to v9 (#1559) (4b3ae0e)

BREAKING CHANGES

remove '*' event
app.webhooks.middleware has been removed in @octokit/webhooks v9
removes the webhookPath option on new Probot({}) for the webhooks middleware

Co-authored-by: wolfy1339 webmaster@wolfy1339.com

`v11.4.1`

Compare Source

Bug Fixes

support setting baseUrl on Octokit constructor instead of Probot constructor (#1552) (453ddd2)

`v11.4.0`

Compare Source

Features

logger: custom message key (#1546) (01c2006)

`v11.3.2`

Compare Source

Bug Fixes

skip smee setup by setting NO_SMEE_SETUP to "true" (#1544) (acd47a6)

`v11.3.1`

Compare Source

Bug Fixes

setup: do not enter setup mode if HOST environment variable is set (#1538) (4d70d69)

`v11.3.0`

Compare Source

Features

deprecate usage of the "*" event name (#1518) (474b773)

`v11.2.4`

Compare Source

Bug Fixes

run: await server.load() (#1517) (8cc1590)

`v11.2.3`

Compare Source

Bug Fixes

Update to Contributor Covenant v2 (#1515) (72b0531)

`v11.2.2`

Compare Source

Bug Fixes

add workaround for "appId option is required" when in setup mode (#1513) (e11b91e)

`v11.2.1`

Compare Source

Bug Fixes

bump @octokit/plugin-rest-endpoint-methods to v5 (#1511) (9342caf)

`v11.2.0`

Compare Source

Features

Add dark mode to builtin pages (#1509) (ce96884)

`v11.1.1`

Compare Source

Bug Fixes

update design of probot landing page (#1508) (0e37427)

`v11.1.0`

Compare Source

Features

add onAny and onError methods from @octokit/webhooks (#1480) (9a24f9d)

`v11.0.6`

Compare Source

Bug Fixes

deps: pin version of @octokit/webhooks (#1472) (cd14dd4)

`v11.0.5`

Compare Source

Bug Fixes

clarify error message in case of invalid app authentication (#1465) thanks @eXpire163 (5f1831b)

`v11.0.4`

Compare Source

Bug Fixes

TypeScript: fix description of context.pullRequest method (#1461) (a5779ff)

`v11.0.3`

Compare Source

Bug Fixes

correctly import (transpiled) app function for run and receive (#1457) thanks @ZauberNerd (2275698)

`v11.0.2`

Compare Source

Bug Fixes

typescript: remove options.webhookProxy from Probot constructor (#1459) (01bb678)

`v11.0.1`

Compare Source

Bug Fixes

import app functions transpiled from TypeScript (#1448) (3356845)

`v11.0.0`

Compare Source

BREAKING CHANGES

For a smooth upgrade, make sure to update to the latest Probot v10 version first (npm install probot@10), run your tests, and address all deprecation messages. Nearly all removed APIs have previously been deprecated.

deprecated context.octokit.* have been removed via @octokit/plugin-rest-endpoint-methods v4
probot.server property removed. Build your own server instead using import { Server } from "probot"
probot.load() is now asynchronous and no longer returns the instance
express-async-errors is no longer used.
Probot constructor parameter no longer supported in createNodeMiddleware(app, { Probot }). Pass a probot instance instead: createNodeMiddleware(app, { probot })
getOptions() has been removed. Use { probot: createProbot() } instead
probot.load(appFn) no longer accepts appFn to be a path string. Pass the actual function instead.

probot.setup() removed. Use the new Server class instead:

const { Server, Probot } = require("probot")
const server = new Server({
  // optional:
  host,
  port,
  webhookPath,
  webhookProxy,
  Probot: Probot.defaults({ id, privateKey, ... })
})

// load probot app function
await server.load((app) => {})

// start listening to requests
await server.start()
// stop server with: await server.stop()

If you have more than one app function, combine them in a function instead

const app1 = require("./app1")
const app2 = require("./app2")

module.exports = function app ({ probot, getRouter }) {
  await app1({ probot, getRouter })
  await app2({ probot, getRouter })
}

probot.start() / probot.stop() removed. Use the new Server class instead:

const { Server, Probot } = require("probot")
const server = new Server({
  Probot: Probot.defaults({ id, privateKey, ... })
  // optional:
  host,
  port,
  webhookPath,
  webhookProxy,
})

// load probot app function
await server.load((app) => {})

// start listening to requests
await server.start()
// stop server with: await server.stop()

REDIS_URL is ignored when using Probot constructor. Use new Probot({ redisConfig: redis://... }) instead
Probot constructor no longer reads environment variables. Pass options instead, or import { createProbot } from "probot" instead
Probot.run() has been removed. Use import { run} from "probot" instead
context.github has been removed. Use context.octokit instead
context.event has been removed. Use context.name instead
app.route() has been removed. Use the getRouter() argument from the app function instead: (app, { getRouter }) => { ... }
app.router has been removed. Use getRouter() from the app function instead: (app, { getRouter }) => { ... }
probot.logger has been removed. Use probot.log instead
new Probot({ id }) has been removed. Use new Probot({ appId }) instead
new Probot({ cert }) has been removed. Use new Probot({ privateKey }) instead
probot.webhook has been removed. Use probot.webhooks instead
createProbot(options) no longer supports any keys besides overrides, defaults, or env
options.throttleOptions has been removed. Set options.Octokit to ProbotOctokit.defaults({ throttle }) instead
import { Application } from probot has been removed. Use import { Probot } from probot instead, the APIs are the same

`v10.19.0`

Compare Source

Features

un-deprecate (app) => {}. Deprecate ({ app, getRouter }) => {} in favor of (app, { getRouter }) => {} (#1441) (42b043e), closes /github.com/probot/probot/issues/1286#issuecomment-744094299

`v10.18.0`

Compare Source

Features

createProbot() (#1431) (d315f0c)
new Probot({ appId }) (a94fdca)
Probot.version, Probot.defaults() (2ff5d21)
run(appFn, { env }) (3d90806)
createNodeMiddleware (bdbe94e)
use new Server class when using probot run binary (8a3599d)

Deprecations

probot.load() (3d4b363)
probot.start() / probot.stop() / probot.setup() (7a8f268)
Deprecates new Probot({ id }) (a94fdca)

Bug Fixes

`createProbot() without options (8c01e90)
load app function only once when using createNodeMiddleware (#1432) (60b702b)
server: log error requests as [METHOD] /[PATH] [STATUS] - [NUM]ms, e.g POST / 500 - 123ms (9d767e1)

`v10.17.3`

Compare Source

Bug Fixes

app.route() with (app) => {} app function (#1430) (d203219)

`v10.17.2`

Compare Source

Bug Fixes

remove GHE_HOST deprecation message when using probot run cli (#1423) (0ec5f23), closes #1422

`v10.17.1`

Compare Source

Bug Fixes

set default log level correctly to "info" (49153b8)

`v10.17.0`

Compare Source

Features

import { run } from "probot". Deprecates Probot.run() (f35b58a)
new Probot({ baseUrl }). Deprecates GHE_HOST / GHE_PROTOCOL when using with the Probot constructor (7abbef7)
new Probot({ logLevel }). Deprecates LOG_LEVEL when using Probot constructor (7c46218)
deprecate INSTALLATION_TOKEN_TTL (dfc59fc)
deprecate LOG_FORMAT, LOG_LEVEL_IN_STRING, SENTRY_DSN environment variables when using Probot constructor. Pass a custom log instance instead: (514c764)
deprecate REDIS_URL environment variable when using with the Probot constructor. Use new Probot({ redisConfig: "redis://..." }) instead (1dbd999)

`v10.16.0`

Compare Source

Features

use @probot/get-private-key (#1414) (47d9f3a), closes #1309

`v10.15.0`

Compare Source

Features

context.octokit. Deprecates context.github (#1413) (0527b98)

`v10.14.1`

Compare Source

Bug Fixes

deps: update @octokit/core to latest (#1412) (9351df4)

`v10.14.0`

Compare Source

Features

deprecate { Application } export. Use { Probot } instead, it has the same APIs now. (#1408) (0e52e05)

`v10.13.0`

Compare Source

Features

probot.on() / probot.receive() / probot.auth() (#1407) (1812cfe)

`v10.12.0`

Compare Source

Features

getRouter argument for app function (({ app, getRouter }) => {}) (#1406) (de3adc1)

`v10.11.0`

Compare Source

Features

(app) => {} is now ({ app }) => {} (#1405) (4bfae5a)

`v10.10.2`

Compare Source

Bug Fixes

stop using .webhooks.on("*", handler) in favor of `.webhooks.onAny(handler) (ab6fcb1)

`v10.10.1`

Compare Source

Bug Fixes

correct payload type by omitting context keys (#1389) (2b30518)

`v10.10.0`

Compare Source

Features

use octokit-auth-probot (#1392) (8ba3a8e)

`v10.9.5`

Compare Source

Bug Fixes

use webhooks.onError() instead of deprecated webhooks.on("error", ...) (#1390) (a5b36b3)

`v10.9.4`

Compare Source

Bug Fixes

typescript: TypeScript issues TS2305,TS2707,TS7006 (41ee70c), closes #1387

`v10.9.3`

Compare Source

Bug Fixes

types: set correct type for context passed to event handler (#1378) (05abeef), closes #r501871740

`v10.9.2`

Compare Source

Bug Fixes

typescript: adapt for latest @octokit/webhooks (#1374) (630d78e)

`v10.9.1`

Compare Source

Bug Fixes

do not overwrite options.throttle passed to {Octokit: ProbotOctokit.defaults(options)} (#1373) (9483546)

`v10.9.0`

Compare Source

Features

deprecate new Application({ throttleOptions }) (#1365) (f537204)

`v10.8.1`

Compare Source

Bug Fixes

use @probot/octokit-plugin-config for context.config (#1362) (a235671)

If you mocked http requests for configuration files, you will have to adapt them. Instead of returning a JSON response with a { content } object, where content is a base64 encoded version of your raw configuration, you can now return the content without encoding directly. Example

Before
```
nock("https://api.github.com")
  .get("/repos/wip/app/contents/.github%2Fwip.yml")
  .reply(200, {
    content: Buffer.from("terms: 🚧").toString("base64"),
  });
```
After
```
nock("https://api.github.com")
  .get("/repos/wip/app/contents/.github%2Fwip.yml")
  .reply(200, "terms: 🚧");
```

`v10.8.0`

Compare Source

Features

add restart message (#1353) (a03c610)

`v10.7.1`

Compare Source

Bug Fixes

remove redundant v from Node.js version log string (#1352) (dc4cd53)

`v10.7.0`

Compare Source

Features

setup: support registration using an existing GitHub app (#1345) (d907bbd)

`v10.6.0`

Compare Source

Features

export WebhookPayloadWithRepository (#1348) (31fdd61)

`v10.5.0`

Compare Source

Features

log Node.js version at startup (#1346) (86b0408)

`v10.4.1`

Compare Source

Bug Fixes

use custom host in new welcome message (#1347) (235e308)

`v10.4.0`

Compare Source

Features

add HOST/--host option (#1335) (ed7a513)

`v10.3.0`

Compare Source

Features

increase readability of welcome message at setup (#1343) (240e77c)

`v10.2.0`

Compare Source

Features

sentry: set user ID to installation.id and username to repository owner login (when present) (#1337) (4cf7de9)

`v10.1.5`

Compare Source

Bug Fixes

remove redundant string in deprecation warning (#1336) (e0760b0)

`v10.1.4`

Compare Source

Bug Fixes

prevent double new lines when using LOG_FORMAT=json (86c1973)

`v10.1.3`

Compare Source

Bug Fixes

"Cannot find module ../lib/private-key" error when running probot receive (#1332) (d671d82)

`v10.1.2`

Compare Source

Bug Fixes

trigger release to update docs on probot.github.com (4c88da9)

`v10.1.1`

Compare Source

v10 release notes

This is the first stable release for v10. See all breaking changes and new features at
https://github.com/probot/probot/releases/tag/v10.0.0

Bug Fixes

app.auth(installationId) returns octokit instance with all required installation authentication settings (#1326) (410302f)

`v10.1.0`

Compare Source

Features

log Probot version at startup (#1321) (c59fbcc)

`v10.0.1`

Compare Source

Bug Fixes

throttleOption defaults and REDIS_URL configuration (#1313) (84d4371)

`v10.0.0`

Compare Source

Breaking changes

@octokit/rest has been updated from v16 to v17. See release notes. Important: If you currently mocked context.github.* methods in your test, replace these with http mocks using nock instead, otherwise your tests will create methods that no longer exist and you will see errors in production although your tests passed. See https://github.com/wip/app/pull/238 for an example
URL parameters are now always encoded when using context.github.* methods. For example, if you use context.github.repos.getContent( owner, repo, path ) make sure to not encode the value for path. Also if you were mocking http requests in your tests, replace e.g. repos/octocat/hello-world/contents/.github/config.yml with repos/octocat/hello-world/contents/.github%2Fconfig.yml
require Node 10.21+
Logging: an object with extra information must be passed as first argument. Passing it as last argument is no longer supported.

before
```
context.log.info('something happened', {extra: 'info'})
```
after
```
context.log.info({extra: 'info'}, 'something happened')
```
The logging output changed. Before, probot used bunyan with all kind of hacks and customizations for its log output. Now we use pino. We still do the formatting and sending errors to Sentry in the same process, but the logic is now encapsulated in @probot/pino. We might decouple it in future as part of making Probot more suitable for serverless/function environments
context.issue() now returns .issue_number instead of .number. Use context.pullRequest() for octokit.pulls.* method calls.
registry_package event was renamed to package

The probot package no longer exports Octokit. Use ProbotOctokit instead.

const { ProbotOctokit, ProbotOctokitCore } = require('probot')

Probot no longer accepts options.throttlingOptions. In order to disable throttling for testing, set options.Octokit to ProbotOctokit.defaults({ retry: { enabled: false }, throttle: { enabled: false } }):

const { Probot, ProbotOctokit } = require('probot')

const probot = new Probot({
  Octokit: ProbotOctokit.defaults({ retry: { enabled: false }, throttle: { enabled: false } })
})

Undocumented & untested APIs removed
- probot.errorHandler
- probot.httpServer
- app.log.target has been removed.
- router option for Application contructor: new Application({ router })

Features

Significant lower memory usage
update to @octokit/rest to v17
update to @octokit/webhooks to v7
context.pullRequest()
probot.log (probot.logger is now deprecated)
probot.stop() (Replaces undocumented probot.httpServer)
replace bunyan with pino for logging
use a single Octokit instance with JWT auth

Bug Fixes

use JWT auth for marketplace endpoints

`v9.15.1`

Compare Source

Bug Fixes

revert bad v9.15.0 release (d3a8594)

`v9.15.0`

Compare Source

bad release, sorry

`v9.14.2`

Compare Source

Bug Fixes

Do not crash when suspended in v9 (#1571) (b2694d5)

`v9.14.1`

Compare Source

Bug Fixes

revert "v9.14.0" (#1314) (e3f6cf5)

`v9.14.0`

Compare Source

Features

v10 (#1310) (ee65669)

`v9.13.2`

Compare Source

Bug Fixes

revert v9.13.1 (83b625b)

`v9.13.1`

Compare Source

`v9.13.0`

Compare Source

Features

throttleOptions for Probot constructor (#1272) (ac86ffb)

`v9.12.0`

Compare Source

Features

GET /probot/stats is deprecated and will be removed in v10 (#1268) (1c31415)

`v9.11.7`

Compare Source

Bug Fixes

handle "port in use" (#1260) (1445abe)

`v9.11.6`

Compare Source

Bug Fixes

TypeScript: context.config() type (#1252) (8f62659)

`v9.11.5`

Compare Source

Bug Fixes

add runtime types as dependencies (#1241) (48a5b08), closes #759

`v9.11.4`

Compare Source

Bug Fixes

package: npm audit (e2a87f8)

`v9.11.3`

Compare Source

Bug Fixes

quotation marks in setup description (#1175) (2fdb253)

`v9.11.2`

Compare Source

Bug Fixes

github: Octokit is optional (6aeeabc)

`v9.11.1`

Compare Source

Bug Fixes

github: provide default ProbotOctokit (#1169) (0bb1d19)

`v9.11.0`

Compare Source

Features

const { GitHubAPI } = require('probot') (#1165) (982e411)

`v9.10.2`

Compare Source

Bug Fixes

package: update commander to version 5.0.0 (694f4fd)

`v9.10.1`

Compare Source

Bug Fixes

Revert "feat: mention that app must be activated after install (#1155)" (45a21fc)

`v9.10.0`

Compare Source

Features

mention that app must be activated after install (#1155) (05c9240)

`v9.9.8`

Compare Source

Bug Fixes

remove unused dependencies (#1151) (a3fc918)

`v9.9.7`

Compare Source

Bug Fixes

package: update is-base64 to version 1.1.0 (#1148) (787932b)

`v9.9.6`

Compare Source

Bug Fixes

package: update uuid to version 7.0.0 (#1146) (c6551d0)

`v9.9.5`

Compare Source

Bug Fixes

package: update cache-manager to version 3.0.0 (fbf6031)

`v9.9.4`

Compare Source

Bug Fixes

trigger release to publish latest version to npm (c5c8158)

`v9.9.1`

Compare Source

Bug Fixes

package: update @octokit/plugin-retry to version 3.0.1 (0b53898), closes #1110
package: update @octokit/plugin-throttling to version 3.0.0 (de0aa01)

`v9.9.0`

Compare Source

Features

configure update-notifier (804f62b)

`v9.8.1`

Compare Source

Bug Fixes

cli: fixup invalid args validation (#1099) (e0d3072)
Add publish-docs stage to Travis build (#1100) (f90057e)

`v9.8.0`

Compare Source

Bug Fixes

Limit webhook-event-check to known events in /app response (#1092) (28a4d43)

Features

warn on passing in unknown commands (f368013)

`v9.7.0`

Compare Source

Features

Initial webhook-event-check feature (#1078) (d8aa4e0)

`v9.6.6`

Compare Source

Bug Fixes

update bunyan-format and remove earlier type assertion patch (61c05ea)

`v9.6.5`

Compare Source

Bug Fixes

assert stream type (d35e3b7)

`v9.6.4`

Compare Source

Bug Fixes

adapt for @octokit/plugin-enterprise-compatibility@^1.2.1 (af2be40)

`v9.6.3`

Compare Source

Bug Fixes

Use return value of this instead of a class (#1060) (9cf0f98)

`v9.6.2`

Compare Source

Bug Fixes

package: update commander to version 4.0.0 (15e28d5)

`v9.6.1`

Compare Source

Bug Fixes

Correctly retry requests after hitting rate or abuse limits (b9bb412)
typescript: add done callback to Paginate interface (3053278)

`v9.6.0`

Compare Source

Features

throw errors during startup if NODE_ENV is production and the application is not in a usable state (#1046) (ca3d2f8)

`v9.5.3`

Compare Source

Bug Fixes

update insecure dependencies (ed1cdf7)

`v9.5.2`

Compare Source

Bug Fixes

read environment variables before initiating logging (#1036) (c5f7a32)

`v9.5.1`

Compare Source

Bug Fixes

package: update deepmerge to version 4.1.0 (422f7da)

`v9.5.0`

[Compare Sour

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate bot added the Type: Maintenance label Dec 16, 2023

renovate bot force-pushed the renovate/npm-probot-vulnerability branch 4 times, most recently from f268052 to 8d99104 Compare January 11, 2024 05:18

renovate bot force-pushed the renovate/npm-probot-vulnerability branch 2 times, most recently from 88941df to 5a5a025 Compare January 18, 2024 02:58

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 5a5a025 to b5ae208 Compare January 30, 2024 23:29

renovate bot changed the title ~~fix(deps): update dependency probot to v12 [security]~~ fix(deps): update dependency probot to v13 [security] Jan 30, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from b5ae208 to d5c3a4f Compare January 31, 2024 05:52

renovate bot changed the title ~~fix(deps): update dependency probot to v13 [security]~~ fix(deps): update dependency probot to v12 [security] Jan 31, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from d5c3a4f to 0ca18a8 Compare February 5, 2024 02:40

renovate bot changed the title ~~fix(deps): update dependency probot to v12 [security]~~ fix(deps): update dependency probot to v13 [security] Feb 5, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 0ca18a8 to af592ba Compare February 6, 2024 02:24

renovate bot changed the title ~~fix(deps): update dependency probot to v13 [security]~~ fix(deps): update dependency probot to v12 [security] Feb 6, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from af592ba to 7d80904 Compare February 26, 2024 05:25

renovate bot changed the title ~~fix(deps): update dependency probot to v12 [security]~~ fix(deps): update dependency probot to v13 [security] Feb 26, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 7d80904 to 42685cd Compare February 27, 2024 11:49

renovate bot changed the title ~~fix(deps): update dependency probot to v13 [security]~~ fix(deps): update dependency probot to v12 [security] Feb 27, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 42685cd to 41e3cf5 Compare March 1, 2024 23:13

renovate bot changed the title ~~fix(deps): update dependency probot to v12 [security]~~ fix(deps): update dependency probot to v13 [security] Mar 1, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 41e3cf5 to ad60ae4 Compare March 2, 2024 08:31

renovate bot changed the title ~~fix(deps): update dependency probot to v13 [security]~~ fix(deps): update dependency probot to v12 [security] Mar 2, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from ad60ae4 to acdc682 Compare March 13, 2024 20:52

renovate bot changed the title ~~fix(deps): update dependency probot to v12 [security]~~ fix(deps): update dependency probot to v13 [security] Mar 13, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from acdc682 to a1fcd85 Compare March 14, 2024 05:56

renovate bot changed the title ~~fix(deps): update dependency probot to v13 [security]~~ fix(deps): update dependency probot to v12 [security] Mar 14, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from a1fcd85 to 57a20b9 Compare March 21, 2024 23:52

renovate bot changed the title ~~fix(deps): update dependency probot to v12 [security]~~ fix(deps): update dependency probot to v13 [security] Mar 21, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 57a20b9 to 02faac0 Compare March 23, 2024 11:59

renovate bot changed the title ~~fix(deps): update dependency probot to v13 [security]~~ fix(deps): update dependency probot to v12 [security] Mar 23, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 02faac0 to 9849dfb Compare March 25, 2024 05:29

renovate bot changed the title ~~fix(deps): update dependency probot to v12 [security]~~ fix(deps): update dependency probot to v13 [security] Mar 25, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 9849dfb to 99003ce Compare March 27, 2024 23:51

renovate bot changed the title ~~fix(deps): update dependency probot to v13 [security]~~ fix(deps): update dependency probot to v12 [security] Mar 27, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 99003ce to 7866805 Compare April 14, 2024 20:19

renovate bot changed the title ~~fix(deps): update dependency probot to v12 [security]~~ fix(deps): update dependency probot to v13 [security] Apr 14, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 7866805 to 4c845e9 Compare April 16, 2024 05:42

renovate bot changed the title ~~fix(deps): update dependency probot to v13 [security]~~ fix(deps): update dependency probot to v12 [security] Apr 16, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 4c845e9 to 1585304 Compare April 22, 2024 23:40

renovate bot changed the title ~~fix(deps): update dependency probot to v12 [security]~~ fix(deps): update dependency probot to v13 [security] Apr 22, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 1585304 to 17113fb Compare April 23, 2024 06:00

renovate bot changed the title ~~fix(deps): update dependency probot to v13 [security]~~ fix(deps): update dependency probot to v12 [security] Apr 23, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 17113fb to da68dc9 Compare April 25, 2024 17:56

renovate bot changed the title ~~fix(deps): update dependency probot to v12 [security]~~ fix(deps): update dependency probot to v13 [security] Apr 25, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from da68dc9 to 876b987 Compare April 26, 2024 23:47

renovate bot changed the title ~~fix(deps): update dependency probot to v13 [security]~~ fix(deps): update dependency probot to v12 [security] Apr 26, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 876b987 to eca84d6 Compare May 2, 2024 11:49

renovate bot changed the title ~~fix(deps): update dependency probot to v12 [security]~~ fix(deps): update dependency probot to v13 [security] May 2, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from eca84d6 to 95090cd Compare May 3, 2024 02:10

renovate bot changed the title ~~fix(deps): update dependency probot to v13 [security]~~ fix(deps): update dependency probot to v12 [security] May 3, 2024

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from 95090cd to ab1c850 Compare May 9, 2024 17:52

renovate bot changed the title ~~fix(deps): update dependency probot to v12 [security]~~ fix(deps): update dependency probot to v13 [security] May 9, 2024

fix(deps): update dependency probot to v12 [security]

477010f

renovate bot force-pushed the renovate/npm-probot-vulnerability branch from ab1c850 to 477010f Compare May 10, 2024 23:41

renovate bot changed the title ~~fix(deps): update dependency probot to v13 [security]~~ fix(deps): update dependency probot to v12 [security] May 10, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency probot to v12 [security] #62

fix(deps): update dependency probot to v12 [security] #62

renovate bot commented Dec 16, 2023 •

edited

fix(deps): update dependency probot to v12 [security] #62

Are you sure you want to change the base?

fix(deps): update dependency probot to v12 [security] #62

Conversation

renovate bot commented Dec 16, 2023 • edited

GitHub Vulnerability Alerts

Impact

Patches

Workarounds

Release Notes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Features

BREAKING CHANGES

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

BREAKING CHANGES

Features

Features

Deprecations

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Features

Features

Bug Fixes

Features

Features

Features

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Features

renovate bot commented Dec 16, 2023 •

edited