Here's the Weekly Digest for njzjz/chemicaltools-js:

ISSUES

NOISY ISSUE

The issue most discussed this week has been:
🔈 #225 Action Required: Fix Renovate Configuration, by njzjz
It received 1 comments.

PULL REQUESTS

This week, 5 pull requests were proposed. Of these, 0 pull requests have been merged and 0 are still open.

CONTRIBUTORS

This week, njzjz has contributed in the repository.

STARGAZERS

This week, no user has starred this repository.

COMMITS

This week, there have been 3 commits in the repository.
These are:
🛠️ chore(deps): update dependency webpack to v4.38.0 by renovate-bot
🛠️ chore(deps): update dependency webpack to v4.37.0 by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot

RELEASES

This week, no releases were published.

That's all for this week, please watch 👀 and star ⭐ njzjz/chemicaltools-js to receive next weekly updates. 😃

Here's the Weekly Digest for njzjz/chemicaltools-js:

ISSUES

Last week 7 issues were created.
Of these, 7 issues have been closed and 0 issues are still open.

CLOSED ISSUES

❤️ #300 Update webpack to the latest version 🚀, by greenkeeper[bot]
❤️ #299 chore(deps): update dependency webpack to v4.41.1, by renovate[bot]
❤️ #298 chore(deps): update dependency @babel/core to v7.6.4, by renovate[bot]
❤️ #297 chore(deps): update babel monorepo to v7.6.3, by renovate[bot]
❤️ #296 chore(deps): lock file maintenance, by renovate[bot]
❤️ #295 chore(deps): lock file maintenance, by renovate[bot]
❤️ #294 chore(deps): lock file maintenance, by renovate[bot]

NOISY ISSUE

🔈 #294 chore(deps): lock file maintenance, by renovate[bot]
It received 1 comments.

PULL REQUESTS

Last week, 6 pull requests were created, updated or merged.

MERGED PULL REQUEST

Last week, 6 pull requests were merged.
💜 #299 chore(deps): update dependency webpack to v4.41.1, by renovate[bot]
💜 #298 chore(deps): update dependency @babel/core to v7.6.4, by renovate[bot]
💜 #297 chore(deps): update babel monorepo to v7.6.3, by renovate[bot]
💜 #296 chore(deps): lock file maintenance, by renovate[bot]
💜 #295 chore(deps): lock file maintenance, by renovate[bot]
💜 #294 chore(deps): lock file maintenance, by renovate[bot]

COMMITS

Last week there were 6 commits.
🛠️ chore(deps): update dependency webpack to v4.41.1 by renovate-bot
🛠️ chore(deps): update dependency @babel/core to v7.6.4 by renovate-bot
🛠️ chore(deps): update babel monorepo to v7.6.3 by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot

CONTRIBUTORS

Last week there was 1 contributor.
👤 renovate-bot

STARGAZERS

Last week there were no stargazers.

RELEASES

Last week there were no releases.

That's all for last week, please 👀 Watch and ⭐ Star the repository njzjz/chemicaltools-js to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

Vulnerabilities

DepShield reports that this application's usage of lodash._createcache:3.1.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._createcache:3.1.2 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash._createcache:3.1.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._root:3.0.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._root:3.0.1 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash._baseuniq:4.6.0
                          └─ lodash._root:3.0.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

Vulnerabilities

DepShield reports that this application's usage of lodash.clonedeep:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.clonedeep:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash.clonedeep:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.flattendeep:4.4.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.flattendeep:4.4.0 is a transitive dependency introduced by the following direct dependency(s):

• nyc:13.2.0
        └─ caching-transform:3.0.1
              └─ package-hash:3.0.0
                    └─ lodash.flattendeep:4.4.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

Invalid npm token.

The npm token configured in the NPM_TOKEN environment variable must be a valid token allowing to publish to the registry https://registry.npmjs.org/.

If you are using Two-Factor Authentication, make configure the auth-only level is supported. semantic-release cannot publish with the default auth-and-writes level.

Please make sure to set the NPM_TOKEN environment variable in your CI with the exact value of the npm token.

Good luck with your project ✨

Your semantic-release bot 📦🚀

Vulnerabilities

DepShield reports that this application's usage of lodash.isstring:4.0.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.isstring:4.0.1 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ issue-parser:3.0.1
                    └─ lodash.isstring:4.0.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of tar:2.2.1 results in the following vulnerability(s):

• (CVSS 7.5) [CVE-2018-20834] Improper Link Resolution Before File Access ("Link Following")

Occurrences

tar:2.2.1 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.12
        └─ @semantic-release/npm:5.1.7
              └─ npm:6.9.0
                    └─ node-gyp:3.8.0
                          └─ tar:2.2.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Here's the Weekly Digest for njzjz/chemicaltools-js:

ISSUES

Last week 3 issues were created.
Of these, 3 issues have been closed and 0 issues are still open.

CLOSED ISSUES

❤️ #177 Update webpack to the latest version 🚀, by greenkeeper[bot]
❤️ #176 chore(deps): update dependency webpack to v4.35.0, by renovate[bot]
❤️ #175 chore(deps): lock file maintenance, by renovate[bot]

NOISY ISSUE

🔈 #176 chore(deps): update dependency webpack to v4.35.0, by renovate[bot]
It received 3 comments.

PULL REQUESTS

Last week, 2 pull requests were created, updated or merged.

MERGED PULL REQUEST

Last week, 2 pull requests were merged.
💜 #176 chore(deps): update dependency webpack to v4.35.0, by renovate[bot]
💜 #175 chore(deps): lock file maintenance, by renovate[bot]

COMMITS

Last week there were 2 commits.
🛠️ chore(deps): update dependency webpack to v4.35.0 by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot

CONTRIBUTORS

Last week there was 1 contributor.
👤 renovate-bot

STARGAZERS

Last week there were no stargazers.

RELEASES

Last week there were no releases.

That's all for last week, please 👀 Watch and ⭐ Star the repository njzjz/chemicaltools-js to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

Vulnerabilities

DepShield reports that this application's usage of handlebars:4.1.2 results in the following vulnerability(s):

• (CVSS 8.2) CWE-20: Improper Input Validation

Occurrences

handlebars:4.1.2 is a transitive dependency introduced by the following direct dependency(s):

• nyc:14.1.1
        └─ istanbul-reports:2.2.6
              └─ handlebars:4.1.2

• semantic-release:15.13.24
        └─ @semantic-release/release-notes-generator:7.3.0
              └─ conventional-changelog-writer:4.0.7
                    └─ handlebars:4.1.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Here's the Weekly Digest for njzjz/chemicaltools-js:

ISSUES

Last week 2 issues were created.
Of these, 2 issues have been closed and 0 issues are still open.

CLOSED ISSUES

❤️ #147 chore(deps): lock file maintenance, by renovate[bot]
❤️ #146 chore(deps): lock file maintenance, by renovate[bot]

NOISY ISSUE

🔈 #146 chore(deps): lock file maintenance, by renovate[bot]
It received 1 comments.

PULL REQUESTS

Last week, 2 pull requests were created, updated or merged.

MERGED PULL REQUEST

Last week, 2 pull requests were merged.
💜 #147 chore(deps): lock file maintenance, by renovate[bot]
💜 #146 chore(deps): lock file maintenance, by renovate[bot]

COMMITS

Last week there were 2 commits.
🛠️ chore(deps): lock file maintenance by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot

CONTRIBUTORS

Last week there was 1 contributor.
👤 renovate-bot

STARGAZERS

Last week there were no stargazers.

RELEASES

Last week there were no releases.

That's all for last week, please 👀 Watch and ⭐ Star the repository njzjz/chemicaltools-js to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

Vulnerabilities

DepShield reports that this application's usage of lodash._getnative:3.9.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._getnative:3.9.1 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash._createcache:3.1.2
                          └─ lodash._getnative:3.9.1
                    └─ lodash._getnative:3.9.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Here's the Weekly Digest for njzjz/chemicaltools-js:

ISSUES

Last week 4 issues were created.
Of these, 4 issues have been closed and 0 issues are still open.

CLOSED ISSUES

❤️ #292 chore(deps): lock file maintenance, by renovate[bot]
❤️ #291 chore(deps): lock file maintenance, by renovate[bot]
❤️ #290 Update mocha to the latest version 🚀, by greenkeeper[bot]
❤️ #289 chore(deps): update dependency mocha to v6.2.1, by renovate[bot]

NOISY ISSUE

🔈 #289 chore(deps): update dependency mocha to v6.2.1, by renovate[bot]
It received 1 comments.

PULL REQUESTS

Last week, 3 pull requests were created, updated or merged.

MERGED PULL REQUEST

Last week, 3 pull requests were merged.
💜 #292 chore(deps): lock file maintenance, by renovate[bot]
💜 #291 chore(deps): lock file maintenance, by renovate[bot]
💜 #289 chore(deps): update dependency mocha to v6.2.1, by renovate[bot]

COMMITS

Last week there were 3 commits.
🛠️ chore(deps): lock file maintenance by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot
🛠️ chore(deps): update dependency mocha to v6.2.1 by renovate-bot

CONTRIBUTORS

Last week there was 1 contributor.
👤 renovate-bot

STARGAZERS

Last week there were no stargazers.

RELEASES

Last week there were no releases.

That's all for last week, please 👀 Watch and ⭐ Star the repository njzjz/chemicaltools-js to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

Here's the Weekly Digest for njzjz/chemicaltools-js:

ISSUES

Last week 5 issues were created.
Of these, 5 issues have been closed and 0 issues are still open.

CLOSED ISSUES

❤️ #248 Update semantic-release to the latest version 🚀, by greenkeeper[bot]
❤️ #247 chore(deps): update dependency semantic-release to v15.13.21, by renovate[bot]
❤️ #246 Update webpack to the latest version 🚀, by greenkeeper[bot]
❤️ #245 chore(deps): update dependency webpack to v4.39.2, by renovate[bot]
❤️ #244 chore(deps): lock file maintenance, by renovate[bot]

NOISY ISSUE

🔈 #245 chore(deps): update dependency webpack to v4.39.2, by renovate[bot]
It received 3 comments.

PULL REQUESTS

Last week, 3 pull requests were created, updated or merged.

MERGED PULL REQUEST

Last week, 3 pull requests were merged.
💜 #247 chore(deps): update dependency semantic-release to v15.13.21, by renovate[bot]
💜 #245 chore(deps): update dependency webpack to v4.39.2, by renovate[bot]
💜 #244 chore(deps): lock file maintenance, by renovate[bot]

COMMITS

Last week there were 3 commits.
🛠️ chore(deps): update dependency semantic-release to v15.13.21 by renovate-bot
🛠️ chore(deps): update dependency webpack to v4.39.2 by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot

CONTRIBUTORS

Last week there was 1 contributor.
👤 renovate-bot

STARGAZERS

Last week there were no stargazers.

RELEASES

Last week there were no releases.

That's all for last week, please 👀 Watch and ⭐ Star the repository njzjz/chemicaltools-js to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

Vulnerabilities

DepShield reports that this application's usage of acorn:5.7.4 results in the following vulnerability(s):

• (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

acorn:5.7.4 is a transitive dependency introduced by the following direct dependency(s):

• @webpack-cli/init:0.3.0
        └─ @webpack-cli/utils:0.2.3
              └─ jest:24.9.0
                    └─ jest-cli:24.9.0
                          └─ jest-config:24.9.0
                                └─ jest-environment-jsdom:24.9.0
                                      └─ jsdom:11.12.0
                                            └─ acorn:5.7.4

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.set:4.3.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.set:4.3.2 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ @octokit/rest:16.18.1
                    └─ lodash.set:4.3.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of lodash.uniqby:4.7.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.uniqby:4.7.0 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ issue-parser:3.0.1
                    └─ lodash.uniqby:4.7.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of fstream:1.0.11 results in the following vulnerability(s):

• (CVSS 7.5) CWE-62: UNIX Hard Link

Occurrences

fstream:1.0.11 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.18
        └─ @semantic-release/npm:5.1.13
              └─ npm:6.9.2
                    └─ node-gyp:3.8.0
                          └─ fstream:1.0.11
                          └─ tar:2.2.1
                                └─ fstream:1.0.11

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.isplainobject:4.0.6 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.isplainobject:4.0.6 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ issue-parser:3.0.1
                    └─ lodash.isplainobject:4.0.6

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Cannot find preset's package (github>njzjz/renovate-config)

Vulnerabilities

DepShield reports that this application's usage of lodash.restparam:3.6.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.restparam:3.6.1 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash.restparam:3.6.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.sortby:4.7.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.sortby:4.7.0 is a transitive dependency introduced by the following direct dependency(s):

• @webpack-cli/init:0.1.3
        └─ @webpack-cli/utils:0.1.5
              └─ jest:23.6.0
                    └─ jest-cli:23.6.0
                          └─ jest-environment-jsdom:23.4.0
                                └─ jsdom:11.12.0
                                      └─ data-urls:1.1.0
                                            └─ whatwg-url:7.0.0
                                                  └─ lodash.sortby:4.7.0
                                      └─ whatwg-url:6.5.0
                                            └─ lodash.sortby:4.7.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of q:1.5.1 results in the following vulnerability(s):

• (CVSS 7.5) CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Occurrences

q:1.5.1 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.12
        └─ @semantic-release/commit-analyzer:6.1.0
              └─ conventional-changelog-angular:5.0.3
                    └─ q:1.5.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of axios:0.15.3 results in the following vulnerability(s):

• (CVSS 7.5) [CVE-2019-10742] Improper Input Validation

Occurrences

axios:0.15.3 is a transitive dependency introduced by the following direct dependency(s):

• bundlesize:0.17.2
        └─ github-build:1.2.0
              └─ axios:0.15.3

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Here's the Weekly Digest for njzjz/chemicaltools-js:

ISSUES

Last week 12 issues were created.
Of these, 8 issues have been closed and 4 issues are still open.

OPEN ISSUES

💚 #156 [DepShield] (CVSS 7.5) Vulnerability due to usage of express:4.17.1, by sonatype-depshield[bot]
💚 #155 [DepShield] (CVSS 7.5) Vulnerability due to usage of q:1.5.1, by sonatype-depshield[bot]
💚 #154 [DepShield] (CVSS 7.5) Vulnerability due to usage of axios:0.15.3, by sonatype-depshield[bot]
💚 #153 [DepShield] (CVSS 7.5) Vulnerability due to usage of tar:2.2.1, by sonatype-depshield[bot]

CLOSED ISSUES

❤️ #160 Update webpack-cli to the latest version 🚀, by greenkeeper[bot]
❤️ #159 chore(deps): update dependency webpack-cli to v3.3.3, by renovate[bot]
❤️ #158 chore(deps): update dependency @webpack-cli/init to v0.2.2, by renovate[bot]
❤️ #157 Update @webpack-cli/init to the latest version 🚀, by greenkeeper[bot]
❤️ #152 Update webpack to the latest version 🚀, by greenkeeper[bot]
❤️ #151 chore(deps): update dependency webpack to v4.33.0, by renovate[bot]
❤️ #150 chore(deps): lock file maintenance, by renovate[bot]
❤️ #149 chore(deps): lock file maintenance, by renovate[bot]

NOISY ISSUE

🔈 #151 chore(deps): update dependency webpack to v4.33.0, by renovate[bot]
It received 3 comments.

PULL REQUESTS

Last week, 5 pull requests were created, updated or merged.

MERGED PULL REQUEST

Last week, 5 pull requests were merged.
💜 #159 chore(deps): update dependency webpack-cli to v3.3.3, by renovate[bot]
💜 #158 chore(deps): update dependency @webpack-cli/init to v0.2.2, by renovate[bot]
💜 #151 chore(deps): update dependency webpack to v4.33.0, by renovate[bot]
💜 #150 chore(deps): lock file maintenance, by renovate[bot]
💜 #149 chore(deps): lock file maintenance, by renovate[bot]

COMMITS

Last week there were 5 commits.
🛠️ chore(deps): update dependency webpack-cli to v3.3.3 by renovate-bot
🛠️ chore(deps): update dependency @webpack-cli/init to v0.2.2 by renovate-bot
🛠️ chore(deps): update dependency webpack to v4.33.0 by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot

CONTRIBUTORS

Last week there was 1 contributor.
👤 renovate-bot

STARGAZERS

Last week there were no stargazers.

RELEASES

Last week there were no releases.

That's all for last week, please 👀 Watch and ⭐ Star the repository njzjz/chemicaltools-js to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

_{Sent from PPHub For GitHub}

Vulnerabilities

DepShield reports that this application's usage of yargs-parser:11.1.1 results in the following vulnerability(s):

• (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
• (CVSS 7.5) [CVE-2020-7608] yargs-parser could be tricked into adding or modifying properties of Object.prot...

Occurrences

yargs-parser:11.1.1 is a transitive dependency introduced by the following direct dependency(s):

• @webpack-cli/init:0.3.0
        └─ @webpack-cli/generators:0.1.9
              └─ webpack-dev-server:3.8.0
                    └─ yargs:12.0.5
                          └─ yargs-parser:11.1.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

_{Sent from PPHub For GitHub}

Vulnerabilities

DepShield reports that this application's usage of lodash._baseindexof:3.1.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._baseindexof:3.1.0 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash._baseindexof:3.1.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):

• (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):

• @semantic-release/git:7.0.8
        └─ micromatch:3.1.10
              └─ extglob:2.0.4
                    └─ expand-brackets:2.1.4
                          └─ debug:2.6.9
              └─ snapdragon:0.8.2
                    └─ debug:2.6.9

• @webpack-cli/init:0.1.5
        └─ @webpack-cli/generators:0.1.5
              └─ webpack-dev-server:3.4.1
                    └─ compression:1.7.4
                          └─ debug:2.6.9
                    └─ express:4.17.0
                          └─ body-parser:1.19.0
                                └─ debug:2.6.9
                          └─ debug:2.6.9
                          └─ finalhandler:1.1.2
                                └─ debug:2.6.9
                          └─ send:0.17.1
                                └─ debug:2.6.9
                    └─ portfinder:1.0.20
                          └─ debug:2.6.9
                    └─ serve-index:1.9.1
                          └─ debug:2.6.9
        └─ jscodeshift:0.5.1
              └─ babel-preset-es2015:6.24.1
                    └─ babel-plugin-transform-es2015-block-scoping:6.26.0
                          └─ babel-traverse:6.26.0
                                └─ debug:2.6.9
              └─ babel-register:6.26.0
                    └─ babel-core:6.26.3
                          └─ debug:2.6.9

• bundlesize:0.17.1
        └─ github-build:1.2.0
              └─ axios:0.15.3
                    └─ follow-redirects:1.0.0
                          └─ debug:2.6.9

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Here's the Weekly Digest for njzjz/chemicaltools-js:

ISSUES

NOISY ISSUE

The issue most discussed this week has been:
🔈 #328 chore(deps): use nodejs 13 for test and remove full-icu, by njzjz
It received 2 comments.

PULL REQUESTS

This week, 9 pull requests were proposed. Of these, 0 pull requests have been merged and 0 are still open.

CONTRIBUTORS

This week, njzjz has contributed in the repository.

STARGAZERS

This week, no user has starred this repository.

COMMITS

This week, there have been 6 commits in the repository.
These are:
🛠️ chore(deps): use nodejs 13 for test and remove full-icu (#328) by njzjz
🛠️ chore(deps): update dependency @babel/core to v7.7.2 by renovate-bot
🛠️ chore(deps): update dependency @babel/preset-env to v7.7.1 by renovate-bot
🛠️ chore(deps): update babel monorepo to v7.7.0 by renovate-bot
🛠️ chore(deps): update dependency @semantic-release/git to v7.0.18 by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot

RELEASES

This week, no releases were published.

That's all for this week, please watch 👀 and star ⭐ njzjz/chemicaltools-js to receive next weekly updates. 😃

Here's the Weekly Digest for njzjz/chemicaltools-js:

ISSUES

Last week 7 issues were created.
Of these, 7 issues have been closed and 0 issues are still open.

CLOSED ISSUES

❤️ #287 Update webpack to the latest version 🚀, by greenkeeper[bot]
❤️ #286 chore(deps): update dependency webpack to v4.41.0, by renovate[bot]
❤️ #285 Update babel7 to the latest version 🚀, by greenkeeper[bot]
❤️ #284 chore(deps-dev): bump @babel/preset-env from 7.6.0 to 7.6.2, by dependabot-preview[bot]
❤️ #283 chore(deps-dev): bump @babel/core from 7.6.0 to 7.6.2, by dependabot-preview[bot]
❤️ #282 chore(deps): update babel monorepo to v7.6.2, by renovate[bot]
❤️ #281 chore(deps): lock file maintenance, by renovate[bot]

NOISY ISSUE

🔈 #283 chore(deps-dev): bump @babel/core from 7.6.0 to 7.6.2, by dependabot-preview[bot]
It received 2 comments.

PULL REQUESTS

Last week, 3 pull requests were created, updated or merged.

MERGED PULL REQUEST

Last week, 3 pull requests were merged.
💜 #286 chore(deps): update dependency webpack to v4.41.0, by renovate[bot]
💜 #282 chore(deps): update babel monorepo to v7.6.2, by renovate[bot]
💜 #281 chore(deps): lock file maintenance, by renovate[bot]

COMMITS

Last week there were 3 commits.
🛠️ chore(deps): update babel monorepo to v7.6.2 by renovate-bot
🛠️ chore(deps): update dependency webpack to v4.41.0 by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot

CONTRIBUTORS

Last week there was 1 contributor.
👤 renovate-bot

STARGAZERS

Last week there were no stargazers.

RELEASES

Last week there were no releases.

That's all for last week, please 👀 Watch and ⭐ Star the repository njzjz/chemicaltools-js to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

Vulnerabilities

DepShield reports that this application's usage of lodash._bindcallback:3.0.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._bindcallback:3.0.1 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash._bindcallback:3.0.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

The project could not be analyzed because of build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of lodash.get:4.4.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.get:4.4.2 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ @octokit/rest:16.18.1
                    └─ lodash.get:4.4.2
        └─ cosmiconfig:5.1.0
              └─ lodash.get:4.4.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

113 U+9FED “鿭”，117 U+9FEC “鿬”，118 U+9FEB “鿫”。思源黑体、更纱黑体都有。
若拆字表示，应该用113“⿰⻐尔”(或“⿰钅尔”)，117“⿰石田”，118“⿹气奥”
The Unicode® Standard Version 12.0 – Core Specification Chapter 18.2 Ideographic Description Characters

Vulnerabilities

DepShield reports that this application's usage of express:4.17.1 results in the following vulnerability(s):

• (CVSS 7.5) CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Occurrences

express:4.17.1 is a transitive dependency introduced by the following direct dependency(s):

• @webpack-cli/init:0.1.5
        └─ @webpack-cli/generators:0.1.5
              └─ webpack-dev-server:3.5.1
                    └─ express:4.17.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.uniq:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.uniq:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ @octokit/rest:16.18.1
                    └─ lodash.uniq:4.5.0
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash.uniq:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Here's the Weekly Digest for njzjz/chemicaltools-js:

ISSUES

Last week 7 issues were created.
Of these, 7 issues have been closed and 0 issues are still open.

CLOSED ISSUES

❤️ #308 Update semantic-release to the latest version 🚀, by greenkeeper[bot]
❤️ #307 chore(deps): update dependency semantic-release to v15.13.27, by renovate[bot]
❤️ #306 chore(deps): update dependency mocha to v6.2.2, by renovate[bot]
❤️ #305 Update webpack to the latest version 🚀, by greenkeeper[bot]
❤️ #304 chore(deps): update dependency webpack to v4.41.2, by renovate[bot]
❤️ #303 chore(deps): lock file maintenance, by renovate[bot]
❤️ #302 chore(deps): lock file maintenance, by renovate[bot]

NOISY ISSUE

🔈 #302 chore(deps): lock file maintenance, by renovate[bot]
It received 1 comments.

PULL REQUESTS

Last week, 5 pull requests were created, updated or merged.

MERGED PULL REQUEST

Last week, 5 pull requests were merged.
💜 #307 chore(deps): update dependency semantic-release to v15.13.27, by renovate[bot]
💜 #306 chore(deps): update dependency mocha to v6.2.2, by renovate[bot]
💜 #304 chore(deps): update dependency webpack to v4.41.2, by renovate[bot]
💜 #303 chore(deps): lock file maintenance, by renovate[bot]
💜 #302 chore(deps): lock file maintenance, by renovate[bot]

COMMITS

Last week there were 5 commits.
🛠️ chore(deps): update dependency semantic-release to v15.13.27 by renovate-bot
🛠️ chore(deps): update dependency mocha to v6.2.2 by renovate-bot
🛠️ chore(deps): update dependency webpack to v4.41.2 by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot

CONTRIBUTORS

Last week there was 1 contributor.
👤 renovate-bot

STARGAZERS

Last week there were no stargazers.

RELEASES

Last week there were no releases.

That's all for last week, please 👀 Watch and ⭐ Star the repository njzjz/chemicaltools-js to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

Vulnerabilities

DepShield reports that this application's usage of lodash.escaperegexp:4.1.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.escaperegexp:4.1.2 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ issue-parser:3.0.1
                    └─ lodash.escaperegexp:4.1.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._cacheindexof:3.0.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._cacheindexof:3.0.2 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash._cacheindexof:3.0.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.union:4.6.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.union:4.6.0 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/npm:5.1.4
              └─ npm:6.5.0
                    └─ lodash.union:4.6.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Here's the Weekly Digest for njzjz/chemicaltools-js:

ISSUES

Last week, no issues were created.

PULL REQUESTS

Last week, no pull requests were created, updated or merged.

COMMITS

Last week there were no commits.

CONTRIBUTORS

Last week there were no contributors.

STARGAZERS

Last week there were no stargazers.

RELEASES

Last week there were no releases.

That's all for last week, please 👀 Watch and ⭐ Star the repository njzjz/chemicaltools-js to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆

Vulnerabilities

DepShield reports that this application's usage of lodash.toarray:4.4.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.toarray:4.4.0 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ marked-terminal:3.2.0
              └─ node-emoji:1.10.0
                    └─ lodash.toarray:4.4.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Here's the Weekly Digest for njzjz/chemicaltools-js:

ISSUES

Last week 12 issues were created.
Of these, 12 issues have been closed and 0 issues are still open.

CLOSED ISSUES

❤️ #173 Update webpack to the latest version 🚀, by greenkeeper[bot]
❤️ #172 chore(deps): update dependency webpack to v4.34.0, by renovate[bot]
❤️ #171 Update semantic-release to the latest version 🚀, by greenkeeper[bot]
❤️ #170 chore(deps-dev): bump @semantic-release/git from 7.0.8 to 7.0.12, by dependabot-preview[bot]
❤️ #169 chore(deps-dev): bump semantic-release from 15.13.12 to 15.13.16, by dependabot-preview[bot]
❤️ #168 Update @semantic-release/git to the latest version 🚀, by greenkeeper[bot]
❤️ #167 chore(deps): update semantic-release monorepo, by renovate[bot]
❤️ #166 Update webpack-cli to the latest version 🚀, by greenkeeper[bot]
❤️ #165 chore(deps): update dependency webpack-cli to v3.3.4, by renovate[bot]
❤️ #164 chore(deps): lock file maintenance, by renovate[bot]
❤️ #163 chore(deps): lock file maintenance, by renovate[bot]
❤️ #162 chore(deps): lock file maintenance, by renovate[bot]

NOISY ISSUE

🔈 #165 chore(deps): update dependency webpack-cli to v3.3.4, by renovate[bot]
It received 3 comments.

PULL REQUESTS

Last week, 6 pull requests were created, updated or merged.

MERGED PULL REQUEST

Last week, 6 pull requests were merged.
💜 #172 chore(deps): update dependency webpack to v4.34.0, by renovate[bot]
💜 #167 chore(deps): update semantic-release monorepo, by renovate[bot]
💜 #165 chore(deps): update dependency webpack-cli to v3.3.4, by renovate[bot]
💜 #164 chore(deps): lock file maintenance, by renovate[bot]
💜 #163 chore(deps): lock file maintenance, by renovate[bot]
💜 #162 chore(deps): lock file maintenance, by renovate[bot]

COMMITS

Last week there were 6 commits.
🛠️ chore(deps): update semantic-release monorepo by renovate-bot
🛠️ chore(deps): update dependency webpack to v4.34.0 by renovate-bot
🛠️ chore(deps): update dependency webpack-cli to v3.3.4 by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot
🛠️ chore(deps): lock file maintenance by renovate-bot

CONTRIBUTORS

Last week there was 1 contributor.
👤 renovate-bot

STARGAZERS

Last week there were no stargazers.

RELEASES

Last week there were no releases.

That's all for last week, please 👀 Watch and ⭐ Star the repository njzjz/chemicaltools-js to receive next weekly updates. 😃

You can also view all Weekly Digests by clicking here.

Your Weekly Digest bot. 📆