chore(deps): update dependency log4js to 6.4.0 [security] - abandoned

[renovate]

This PR contains the following updates:

Package	Change
log4js	6.2.1 -> 6.4.0

GitHub Vulnerability Alerts

CVE-2022-21704

Impact

Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config.

Patches

Fixed by:

• https://github.com/log4js-node/log4js-node/pull/1141
• https://github.com/log4js-node/streamroller/pull/87

Released to NPM in log4js@6.4.0

Workarounds

Every version of log4js published allows passing the mode parameter to the configuration of file appenders, see the documentation for details.

References

Thanks to ranjit-git for raising the issue, and to @​lamweili for fixing the problem.

For more information

If you have any questions or comments about this advisory:

• Open an issue in logj4s-node
• Ask a question in the slack channel
• Email us at gareth.nomiddlename@gmail.com

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[netlify]

❌ Deploy preview failed at Netlify. @jimmyandrade take a look please

Name	Link
🔨 Latest commit	e9c1582
🔍 Latest deploy log	https://app.netlify.com/sites/multei/deploys/62464501eb349f0008fce41f

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm notice 
npm notice New minor version of npm available! 8.5.0 -> 8.6.0
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.6.0>
npm notice Run `npm install -g npm@8.6.0` to update!
npm notice 
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @multei/web@0.1.0
npm WARN Found: @stryker-mutator/core@4.0.0
npm WARN node_modules/@stryker-mutator/core
npm WARN   dev @stryker-mutator/core@"5.6.1" from the root project
npm WARN   1 more (@stryker-mutator/jest-runner)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer @stryker-mutator/core@"~4.0.0" from @stryker-mutator/jest-runner@4.0.0
npm WARN node_modules/@stryker-mutator/jest-runner
npm WARN   dev @stryker-mutator/jest-runner@"4.0.0" from the root project
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @hot-loader/react-dom@17.0.0
npm ERR! Found: react@17.0.1
npm ERR! node_modules/react
npm ERR!   react@"17.0.1" from the root project
npm ERR!   peer react@">=16.3.0" from @emotion/core@10.0.35
npm ERR!   node_modules/@emotion/core
npm ERR!     peer @emotion/core@"^10.0.27" from @emotion/styled@10.0.27
npm ERR!     node_modules/@emotion/styled
npm ERR!       peer @emotion/styled@"^10.0.14" from gatsby-interface@0.0.193
npm ERR!       node_modules/gatsby-interface
npm ERR!         gatsby-interface@"^0.0.193" from gatsby-recipes@0.2.33
npm ERR!         node_modules/gatsby-recipes
npm ERR!       1 more (gatsby-recipes)
npm ERR!     peer @emotion/core@"^10.0.28" from @emotion/styled-base@10.0.31
npm ERR!     node_modules/@emotion/styled-base
npm ERR!       @emotion/styled-base@"^10.0.27" from @emotion/styled@10.0.27
npm ERR!       node_modules/@emotion/styled
npm ERR!         peer @emotion/styled@"^10.0.14" from gatsby-interface@0.0.193
npm ERR!         node_modules/gatsby-interface
npm ERR!         1 more (gatsby-recipes)
npm ERR!     3 more (gatsby-interface, gatsby-recipes, theme-ui)
npm ERR!   14 more (@emotion/styled, @emotion/styled-base, ...)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react@"17.0.0" from @hot-loader/react-dom@17.0.0
npm ERR! node_modules/@hot-loader/react-dom
npm ERR!   dev @hot-loader/react-dom@"17.0.0" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: react@17.0.0
npm ERR! node_modules/react
npm ERR!   peer react@"17.0.0" from @hot-loader/react-dom@17.0.0
npm ERR!   node_modules/@hot-loader/react-dom
npm ERR!     dev @hot-loader/react-dom@"17.0.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate-cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2022-04-01T00_18_55_373Z-debug-0.log

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.