privateKey decryption broken since 37.191.1 due to Node.js change #27375

rarkins · 2024-02-17T08:53:54Z

Discussed in #27355

^{Originally posted by basz February 16, 2024}

How are you running Renovate?

Self-hosted Renovate

If you're self-hosting Renovate, tell us what version of Renovate you run.

37.191.1-full

If you're self-hosting Renovate, select which platform you are using.

github.com

Was this something which used to work for you, and then stopped?

It used to work, and then stopped

Describe the problem

I'm seeing the following errors

Failed to decrypt field token. Please re-encrypt and try again.

I've pinned this down to being introduced as an issue in version 37.191.1 that seems to update node versions. Version 37.190.0 still works with the encrypted token fields.

Relevant debug logs

Logs


2024-02-16 11:25:26 DEBUG: Using RE2 regex engine
2024-02-16 11:25:26 DEBUG: Parsing configs
2024-02-16 11:25:26 DEBUG: Checking for config file in config.js
2024-02-16 11:25:26 DEBUG: Converting GITHUB_COM_TOKEN into a global host rule
2024-02-16 11:25:26 DEBUG: File config
2024-02-16 11:25:26        "config": {
2024-02-16 11:25:26          "branchPrefix": "renovate/",
2024-02-16 11:25:26          "onboarding": true,
2024-02-16 11:25:26          "gitAuthor": "Renovate Bot <[email protected]>",
2024-02-16 11:25:26          "onboardingConfig": {
2024-02-16 11:25:26            "$schema": "https://docs.renovatebot.com/renovate-schema.json",
2024-02-16 11:25:26            "extends": ["config:recommended"],
2024-02-16 11:25:26            "rebaseWhen": "conflicted",
2024-02-16 11:25:26            "packageRules": [
2024-02-16 11:25:26              {
2024-02-16 11:25:26                "description": "Automerge non-major updates",
2024-02-16 11:25:26                "matchUpdateTypes": ["minor", "patch"],
2024-02-16 11:25:26                "matchCurrentVersion": "!/^0/",
2024-02-16 11:25:26                "automerge": true
2024-02-16 11:25:26              }
2024-02-16 11:25:26            ]
2024-02-16 11:25:26          },
2024-02-16 11:25:26          "repositories": [
2024-02-16 11:25:26            "iSole-3D/3DLayerMaker-Dashboard",
2024-02-16 11:25:26            "iSole-3D/3DLayerMaker-DeviceController",
2024-02-16 11:25:26            "iSole-3D/3DLayerMaker-Forms",
2024-02-16 11:25:26            "iSole-3D/3DLayerMaker-Notifications",
2024-02-16 11:25:26            "iSole-3D/3DLayerMaker-BeltSlicer",
2024-02-16 11:25:26            "plhw/hf-cs-fixer-config",
2024-02-16 11:25:26            "plhw/lab-api-model-valueobject",
2024-02-16 11:25:26            "plhw/lab-client",
2024-02-16 11:25:26            "plhw/lab-api",
2024-02-16 11:25:26            "plhw/lab-sandalinos-image-compositor"
2024-02-16 11:25:26          ],
2024-02-16 11:25:26          "hostRules": [],
2024-02-16 11:25:26          "packageRules": [
2024-02-16 11:25:26            {
2024-02-16 11:25:26              "groupName": "laminas packages",
2024-02-16 11:25:26              "groupSlug": "laminas",
2024-02-16 11:25:26              "matchPackagePrefixes": ["laminas/"]
2024-02-16 11:25:26            },
2024-02-16 11:25:26            {
2024-02-16 11:25:26              "groupName": "mezzio packages",
2024-02-16 11:25:26              "groupSlug": "mezzio",
2024-02-16 11:25:26              "matchPackagePrefixes": ["mezzio/"]
2024-02-16 11:25:26            },
2024-02-16 11:25:26            {
2024-02-16 11:25:26              "groupName": "doctrine packages",
2024-02-16 11:25:26              "groupSlug": "doctrine",
2024-02-16 11:25:26              "matchPackagePrefixes": ["doctrine/"]
2024-02-16 11:25:26            },
2024-02-16 11:25:26            {
2024-02-16 11:25:26              "groupName": "ember data types",
2024-02-16 11:25:26              "groupSlug": "ember data types",
2024-02-16 11:25:26              "matchPackagePrefixes": ["@types/ember-data__"]
2024-02-16 11:25:26            },
2024-02-16 11:25:26            {
2024-02-16 11:25:26              "groupName": "ember types",
2024-02-16 11:25:26              "groupSlug": "ember types",
2024-02-16 11:25:26              "matchPackagePrefixes": ["@types/ember__"]
2024-02-16 11:25:26            },
2024-02-16 11:25:26            {
2024-02-16 11:25:26              "groupName": "electron-forge",
2024-02-16 11:25:26              "groupSlug": "electron-forge",
2024-02-16 11:25:26              "matchPackagePrefixes": ["@electron-forge/"]
2024-02-16 11:25:26            }
2024-02-16 11:25:26          ]
2024-02-16 11:25:26        }
2024-02-16 11:25:26 DEBUG: CLI config
2024-02-16 11:25:26        "config": {"persistRepoData": true, "token": "***********", "recreateWhen": "always"}
2024-02-16 11:25:26 DEBUG: Env config
2024-02-16 11:25:26        "config": {
2024-02-16 11:25:26          "hostRules": [
2024-02-16 11:25:26            {"hostType": "github", "matchHost": "github.com", "token": "***********"}
2024-02-16 11:25:26          ],
2024-02-16 11:25:26          "privateKey": "***********"
2024-02-16 11:25:26        }
2024-02-16 11:25:26 DEBUG: Combined config
2024-02-16 11:25:26        "config": {
2024-02-16 11:25:26          "branchPrefix": "renovate/",
2024-02-16 11:25:26          "onboarding": true,
2024-02-16 11:25:26          "gitAuthor": "Renovate Bot <[email protected]>",
2024-02-16 11:25:26          "onboardingConfig": {
2024-02-16 11:25:26            "$schema": "https://docs.renovatebot.com/renovate-schema.json",
2024-02-16 11:25:26            "extends": ["config:recommended"],
2024-02-16 11:25:26            "rebaseWhen": "conflicted",
2024-02-16 11:25:26            "packageRules": [
2024-02-16 11:25:26              {
2024-02-16 11:25:26                "description": "Automerge non-major updates",
2024-02-16 11:25:26                "matchUpdateTypes": ["minor", "patch"],
2024-02-16 11:25:26                "matchCurrentVersion": "!/^0/",
2024-02-16 11:25:26                "automerge": true
2024-02-16 11:25:26              }
2024-02-16 11:25:26            ]
2024-02-16 11:25:26          },
2024-02-16 11:25:26          "repositories": [
2024-02-16 11:25:26            "iSole-3D/3DLayerMaker-Dashboard",
2024-02-16 11:25:26            "iSole-3D/3DLayerMaker-DeviceController",
2024-02-16 11:25:26            "iSole-3D/3DLayerMaker-Forms",
2024-02-16 11:25:26            "iSole-3D/3DLayerMaker-Notifications",
2024-02-16 11:25:26            "iSole-3D/3DLayerMaker-BeltSlicer",
2024-02-16 11:25:26            "plhw/hf-cs-fixer-config",
2024-02-16 11:25:26            "plhw/lab-api-model-valueobject",
2024-02-16 11:25:26            "plhw/lab-client",
2024-02-16 11:25:26            "plhw/lab-api",
2024-02-16 11:25:26            "plhw/lab-sandalinos-image-compositor"
2024-02-16 11:25:26          ],
2024-02-16 11:25:26          "hostRules": [
2024-02-16 11:25:26            {"hostType": "github", "matchHost": "github.com", "token": "***********"}
2024-02-16 11:25:26          ],
2024-02-16 11:25:26          "packageRules": [
2024-02-16 11:25:26            {
2024-02-16 11:25:26              "groupName": "laminas packages",
2024-02-16 11:25:26              "groupSlug": "laminas",
2024-02-16 11:25:26              "matchPackagePrefixes": ["laminas/"]
2024-02-16 11:25:26            },
2024-02-16 11:25:26            {
2024-02-16 11:25:26              "groupName": "mezzio packages",
2024-02-16 11:25:26              "groupSlug": "mezzio",
2024-02-16 11:25:26              "matchPackagePrefixes": ["mezzio/"]
2024-02-16 11:25:26            },
2024-02-16 11:25:26            {
2024-02-16 11:25:26              "groupName": "doctrine packages",
2024-02-16 11:25:26              "groupSlug": "doctrine",
2024-02-16 11:25:26              "matchPackagePrefixes": ["doctrine/"]
2024-02-16 11:25:26            },
2024-02-16 11:25:26            {
2024-02-16 11:25:26              "groupName": "ember data types",
2024-02-16 11:25:26              "groupSlug": "ember data types",
2024-02-16 11:25:26              "matchPackagePrefixes": ["@types/ember-data__"]
2024-02-16 11:25:26            },
2024-02-16 11:25:26            {
2024-02-16 11:25:26              "groupName": "ember types",
2024-02-16 11:25:26              "groupSlug": "ember types",
2024-02-16 11:25:26              "matchPackagePrefixes": ["@types/ember__"]
2024-02-16 11:25:26            },
2024-02-16 11:25:26            {
2024-02-16 11:25:26              "groupName": "electron-forge",
2024-02-16 11:25:26              "groupSlug": "electron-forge",
2024-02-16 11:25:26              "matchPackagePrefixes": ["@electron-forge/"]
2024-02-16 11:25:26            }
2024-02-16 11:25:26          ],
2024-02-16 11:25:26          "privateKey": "***********",
2024-02-16 11:25:26          "persistRepoData": true,
2024-02-16 11:25:26          "token": "***********",
2024-02-16 11:25:26          "recreateWhen": "always"
2024-02-16 11:25:26        }
2024-02-16 11:25:26 DEBUG: Enabling forkProcessing while in non-autodiscover mode
2024-02-16 11:25:26 DEBUG: Found valid git version: 2.43.0
2024-02-16 11:25:26 DEBUG: Setting global hostRules
2024-02-16 11:25:26 DEBUG: Adding token authentication for github.com (hostType=github) to hostRules
2024-02-16 11:25:26 DEBUG: Using default github endpoint: https://api.github.com/
2024-02-16 11:25:26 DEBUG: hostRules: authentication already set for api.github.com
2024-02-16 11:25:26 DEBUG: Platform config
2024-02-16 11:25:26        "platformConfig": {
2024-02-16 11:25:26          "hostType": "github",
2024-02-16 11:25:26          "endpoint": "https://api.github.com/",
2024-02-16 11:25:26          "isGHApp": false,
2024-02-16 11:25:26          "isGhe": false,
2024-02-16 11:25:26          "userDetails": {
2024-02-16 11:25:26            "username": "renovate-github-action",
2024-02-16 11:25:26            "name": "Renovate Bot",
2024-02-16 11:25:26            "id": 115780347
2024-02-16 11:25:26          }
2024-02-16 11:25:26        },
2024-02-16 11:25:26        "renovateUsername": "renovate-github-action"
2024-02-16 11:25:26 DEBUG: Using configured gitAuthor (Renovate Bot <[email protected]>)
2024-02-16 11:25:26 DEBUG: Adding token authentication for api.github.com (hostType=github) to hostRules
2024-02-16 11:25:26 DEBUG: Using baseDir: /tmp/renovate
2024-02-16 11:25:26 DEBUG: Using cacheDir: /tmp/renovate/cache
2024-02-16 11:25:26 DEBUG: Using containerbaseDir: /tmp/renovate/cache/containerbase
2024-02-16 11:25:26 DEBUG: Initializing Renovate internal cache into /tmp/renovate/cache/renovate/renovate-cache-v1
2024-02-16 11:25:26 DEBUG: Commits limit = null
2024-02-16 11:25:26 DEBUG: Setting global hostRules
2024-02-16 11:25:26 DEBUG: Adding token authentication for github.com (hostType=github) to hostRules
2024-02-16 11:25:26 DEBUG: Adding token authentication for api.github.com (hostType=github) to hostRules
2024-02-16 11:25:26 DEBUG: validatePresets()
2024-02-16 11:25:26 DEBUG: Reinitializing hostRules for repo
2024-02-16 11:25:26 DEBUG: Clearing hostRules
2024-02-16 11:25:26 DEBUG: Adding token authentication for github.com (hostType=github) to hostRules
2024-02-16 11:25:26 DEBUG: Adding token authentication for api.github.com (hostType=github) to hostRules
2024-02-16 11:25:26  INFO: Repository started (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:26        "renovateVersion": "37.191.1"
2024-02-16 11:25:26 DEBUG: Using localDir: /tmp/renovate/repos/github/iSole-3D/3DLayerMaker-Dashboard (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:26 DEBUG: PackageFiles.clear() - Package files deleted (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:26 DEBUG: initRepo("iSole-3D/3DLayerMaker-Dashboard") (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:26 DEBUG: hostRules: authentication already set for api.github.com (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:27 DEBUG: iSole-3D/3DLayerMaker-Dashboard default branch = main (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:27 DEBUG: Using personal access token for git init (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:27 DEBUG: Resetting npmrc (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:27 DEBUG: Resetting npmrc (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:27 DEBUG: checkOnboarding() (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:27 DEBUG: isOnboarded() (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:27 DEBUG: findPr(renovate/configure, Configure Renovate, !open) (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:28 DEBUG: Saving response to cache: https://api.github.com/repos/iSole-3D/3DLayerMaker-Dashboard/pulls?per_page=100&state=all&sort=updated&direction=desc&page=1 with etag W/"666d093c9d9a1a6790e13600b6c17c0d196f452453f86baae375188210222a15" (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:29 DEBUG: getPrList success (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:29        "pullsTotal": 244,
2024-02-16 11:25:29        "requestsTotal": 1,
2024-02-16 11:25:29        "apiQuotaAffected": true
2024-02-16 11:25:29 DEBUG: findPr(renovate/configure, chore: Configure Renovate, !open) (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:29 DEBUG: findFile(renovate.json) (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:29 DEBUG: Initializing git repository into /tmp/renovate/repos/github/iSole-3D/3DLayerMaker-Dashboard (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:29 DEBUG: resetToBranch(main) (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:31 DEBUG: resetToBranch(main) (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:31 DEBUG:  (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:31        "existingBranches": []
2024-02-16 11:25:32  INFO: git fetch completed (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32        "durationMs": 2135
2024-02-16 11:25:32 DEBUG: latest repository commit (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32        "latestCommit": {
2024-02-16 11:25:32          "hash": "b7d976a5774ecad20882298c2f48c5a62b2e935b",
2024-02-16 11:25:32          "date": "2024-02-16T10:50:04+01:00",
2024-02-16 11:25:32          "message": "renew renovate token",
2024-02-16 11:25:32          "refs": "HEAD -> main, origin/main, origin/HEAD",
2024-02-16 11:25:32          "body": "",
2024-02-16 11:25:32          "author_name": "Bas Kamer",
2024-02-16 11:25:32          "author_email": "[email protected]"
2024-02-16 11:25:32        }
2024-02-16 11:25:32 DEBUG: Config file exists, fileName: renovate.json (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32 DEBUG: Retrieving issueList (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32 DEBUG: Retrieved 2 issues (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32 DEBUG: Repo is onboarded (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32 DEBUG: Found renovate.json config file (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32 DEBUG: Repository config (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32        "fileName": "renovate.json",
2024-02-16 11:25:32        "config": {
2024-02-16 11:25:32          "$schema": "https://docs.renovatebot.com/renovate-schema.json",
2024-02-16 11:25:32          "extends": [
2024-02-16 11:25:32            "config:base",
2024-02-16 11:25:32            ":pinAllExceptPeerDependencies",
2024-02-16 11:25:32            ":disableDigestUpdates"
2024-02-16 11:25:32          ],
2024-02-16 11:25:32          "rebaseWhen": "conflicted",
2024-02-16 11:25:32          "hostRules": [
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "git-tags",
2024-02-16 11:25:32              "matchHost": "https://github.com/iSole-3D",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "docker-compose",
2024-02-16 11:25:32              "matchHost": "https://ghcr.io/iSole-3D",
2024-02-16 11:25:32              "username": "basz",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "docker",
2024-02-16 11:25:32              "matchHost": "https://ghcr.io/iSole-3D",
2024-02-16 11:25:32              "username": "basz",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "dockerfile",
2024-02-16 11:25:32              "matchHost": "https://ghcr.io/iSole-3D",
2024-02-16 11:25:32              "username": "basz",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            }
2024-02-16 11:25:32          ],
2024-02-16 11:25:32          "packageRules": [
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "description": "Automerge non-major updates",
2024-02-16 11:25:32              "matchUpdateTypes": ["minor", "patch"],
2024-02-16 11:25:32              "matchCurrentVersion": "!/^0/",
2024-02-16 11:25:32              "automerge": true
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {"matchPackageNames": ["node"], "automerge": false}
2024-02-16 11:25:32          ]
2024-02-16 11:25:32        }
2024-02-16 11:25:32 DEBUG: migrateAndValidate() (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32 DEBUG: Config migration necessary (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32        "oldConfig": {
2024-02-16 11:25:32          "$schema": "https://docs.renovatebot.com/renovate-schema.json",
2024-02-16 11:25:32          "extends": [
2024-02-16 11:25:32            "config:base",
2024-02-16 11:25:32            ":pinAllExceptPeerDependencies",
2024-02-16 11:25:32            ":disableDigestUpdates"
2024-02-16 11:25:32          ],
2024-02-16 11:25:32          "rebaseWhen": "conflicted",
2024-02-16 11:25:32          "hostRules": [
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "git-tags",
2024-02-16 11:25:32              "matchHost": "https://github.com/iSole-3D",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "docker-compose",
2024-02-16 11:25:32              "matchHost": "https://ghcr.io/iSole-3D",
2024-02-16 11:25:32              "username": "basz",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "docker",
2024-02-16 11:25:32              "matchHost": "https://ghcr.io/iSole-3D",
2024-02-16 11:25:32              "username": "basz",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "dockerfile",
2024-02-16 11:25:32              "matchHost": "https://ghcr.io/iSole-3D",
2024-02-16 11:25:32              "username": "basz",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            }
2024-02-16 11:25:32          ],
2024-02-16 11:25:32          "packageRules": [
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "description": "Automerge non-major updates",
2024-02-16 11:25:32              "matchUpdateTypes": ["minor", "patch"],
2024-02-16 11:25:32              "matchCurrentVersion": "!/^0/",
2024-02-16 11:25:32              "automerge": true
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {"matchPackageNames": ["node"], "automerge": false}
2024-02-16 11:25:32          ]
2024-02-16 11:25:32        },
2024-02-16 11:25:32        "newConfig": {
2024-02-16 11:25:32          "$schema": "https://docs.renovatebot.com/renovate-schema.json",
2024-02-16 11:25:32          "extends": [
2024-02-16 11:25:32            "config:recommended",
2024-02-16 11:25:32            ":pinAllExceptPeerDependencies",
2024-02-16 11:25:32            ":disableDigestUpdates"
2024-02-16 11:25:32          ],
2024-02-16 11:25:32          "rebaseWhen": "conflicted",
2024-02-16 11:25:32          "hostRules": [
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "git-tags",
2024-02-16 11:25:32              "matchHost": "https://github.com/iSole-3D",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "docker-compose",
2024-02-16 11:25:32              "matchHost": "https://ghcr.io/iSole-3D",
2024-02-16 11:25:32              "username": "basz",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "docker",
2024-02-16 11:25:32              "matchHost": "https://ghcr.io/iSole-3D",
2024-02-16 11:25:32              "username": "basz",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "dockerfile",
2024-02-16 11:25:32              "matchHost": "https://ghcr.io/iSole-3D",
2024-02-16 11:25:32              "username": "basz",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            }
2024-02-16 11:25:32          ],
2024-02-16 11:25:32          "packageRules": [
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "description": "Automerge non-major updates",
2024-02-16 11:25:32              "matchUpdateTypes": ["minor", "patch"],
2024-02-16 11:25:32              "matchCurrentVersion": "!/^0/",
2024-02-16 11:25:32              "automerge": true
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {"matchPackageNames": ["node"], "automerge": false}
2024-02-16 11:25:32          ]
2024-02-16 11:25:32        }
2024-02-16 11:25:32 DEBUG: Post-massage config (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32        "config": {
2024-02-16 11:25:32          "$schema": "https://docs.renovatebot.com/renovate-schema.json",
2024-02-16 11:25:32          "extends": [
2024-02-16 11:25:32            "config:recommended",
2024-02-16 11:25:32            ":pinAllExceptPeerDependencies",
2024-02-16 11:25:32            ":disableDigestUpdates"
2024-02-16 11:25:32          ],
2024-02-16 11:25:32          "rebaseWhen": "conflicted",
2024-02-16 11:25:32          "hostRules": [
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "git-tags",
2024-02-16 11:25:32              "matchHost": "https://github.com/iSole-3D",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "docker-compose",
2024-02-16 11:25:32              "matchHost": "https://ghcr.io/iSole-3D",
2024-02-16 11:25:32              "username": "basz",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "docker",
2024-02-16 11:25:32              "matchHost": "https://ghcr.io/iSole-3D",
2024-02-16 11:25:32              "username": "basz",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "hostType": "dockerfile",
2024-02-16 11:25:32              "matchHost": "https://ghcr.io/iSole-3D",
2024-02-16 11:25:32              "username": "basz",
2024-02-16 11:25:32              "encrypted": {"token": "***********"}
2024-02-16 11:25:32            }
2024-02-16 11:25:32          ],
2024-02-16 11:25:32          "packageRules": [
2024-02-16 11:25:32            {
2024-02-16 11:25:32              "description": ["Automerge non-major updates"],
2024-02-16 11:25:32              "matchUpdateTypes": ["minor", "patch"],
2024-02-16 11:25:32              "matchCurrentVersion": "!/^0/",
2024-02-16 11:25:32              "automerge": true
2024-02-16 11:25:32            },
2024-02-16 11:25:32            {"matchPackageNames": ["node"], "automerge": false}
2024-02-16 11:25:32          ]
2024-02-16 11:25:32        }
2024-02-16 11:25:32 DEBUG: Found encrypted config (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32        "config": {"token": "***********"}
2024-02-16 11:25:32 DEBUG: Trying to decrypt token (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32 DEBUG: Could not decrypt using openpgp (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32        "err": {
2024-02-16 11:25:32          "message": "Error decrypting message: Decryption error",
2024-02-16 11:25:32          "stack": "Error: Error decrypting message: Decryption error\n    at decryptedData (/usr/local/renovate/node_modules/.pnpm/[email protected]/node_modules/openpgp/src/crypto/public_key/rsa.js:483:15)\n    at ju.decrypt (/usr/local/renovate/node_modules/.pnpm/[email protected]/node_modules/openpgp/src/packet/public_key_encrypted_session_key.js:129:11)\n    at keyPacket (/usr/local/renovate/node_modules/.pnpm/[email protected]/node_modules/openpgp/src/message.js:259:17)\n    at async Promise.all (index 0)\n    at pkeskPacket (/usr/local/renovate/node_modules/.pnpm/[email protected]/node_modules/openpgp/src/message.js:210:145)\n    at async Promise.all (index 0)\n    at /usr/local/renovate/node_modules/.pnpm/[email protected]/node_modules/openpgp/src/message.js:194:57\n    at async Promise.all (index 0)\n    at Bh.sessionKeys [as decryptSessionKeys] (/usr/local/renovate/node_modules/.pnpm/[email protected]/node_modules/openpgp/src/message.js:192:25)\n    at Bh.decrypted [as decrypt] (/usr/local/renovate/node_modules/.pnpm/[email protected]/node_modules/openpgp/src/message.js:110:31)\n    at Object.exports.decrypt (/usr/local/renovate/node_modules/.pnpm/[email protected]/node_modules/openpgp/src/openpgp.js:342:11)\n    at tryDecryptPgp (/usr/local/renovate/lib/config/decrypt.ts:38:22)\n    at tryDecrypt (/usr/local/renovate/lib/config/decrypt.ts:94:29)\n    at decryptConfig (/usr/local/renovate/lib/config/decrypt.ts:186:30)\n    at decryptConfig (/usr/local/renovate/lib/config/decrypt.ts:238:13)\n    at mergeRenovateConfig (/usr/local/renovate/lib/workers/repository/init/merge.ts:260:27)\n    at getRepoConfig (/usr/local/renovate/lib/workers/repository/init/config.ts:12:12)\n    at initRepo (/usr/local/renovate/lib/workers/repository/init/index.ts:52:12)\n    at Object.renovateRepository (/usr/local/renovate/lib/workers/repository/index.ts:55:14)\n    at attributes.repository (/usr/local/renovate/lib/workers/global/index.ts:197:11)"
2024-02-16 11:25:32        }
2024-02-16 11:25:32  INFO: Repository has invalid config (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32        "error": {
2024-02-16 11:25:32          "validationError": "Failed to decrypt field token. Please re-encrypt and try again.",
2024-02-16 11:25:32          "message": "config-validation",
2024-02-16 11:25:32          "stack": "Error: config-validation\n    at decryptConfig (/usr/local/renovate/lib/config/decrypt.ts:192:27)\n    at decryptConfig (/usr/local/renovate/lib/config/decrypt.ts:238:13)\n    at mergeRenovateConfig (/usr/local/renovate/lib/workers/repository/init/merge.ts:260:27)\n    at getRepoConfig (/usr/local/renovate/lib/workers/repository/init/config.ts:12:12)\n    at initRepo (/usr/local/renovate/lib/workers/repository/init/index.ts:52:12)\n    at Object.renovateRepository (/usr/local/renovate/lib/workers/repository/index.ts:55:14)\n    at attributes.repository (/usr/local/renovate/lib/workers/global/index.ts:197:11)\n    at start (/usr/local/renovate/lib/workers/global/index.ts:182:7)\n    at /usr/local/renovate/lib/renovate.ts:18:22"
2024-02-16 11:25:32        }
2024-02-16 11:25:32 DEBUG: raiseConfigWarningIssue() (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32 DEBUG: getBranchPr(renovate/configure) (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32 DEBUG: findPr(renovate/configure, undefined, open) (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32 DEBUG: findPr(renovate/configure, undefined, closed) (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:32 DEBUG: ensureIssue(Action Required: Fix Renovate Configuration) (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:33 DEBUG: Saving response to cache: https://api.github.com/repos/iSole-3D/3DLayerMaker-Dashboard/issues/1 with etag W/"b68e5ec3b650fa3d31841459822639d6860b1e5d886ec477add784d24a22bd8d" (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:33 DEBUG: Issue is open and up to date - nothing to do (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:33 DEBUG: Repository result: config-validation, status: onboarded, enabled: true, onboarded: true (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:33 DEBUG: Repository timing splits (milliseconds) (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:33        "splits": {},
2024-02-16 11:25:33        "total": 6456
2024-02-16 11:25:33 DEBUG: Package cache statistics (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:33        "get": {"count": 0},
2024-02-16 11:25:33        "set": {"count": 0}
2024-02-16 11:25:33 DEBUG: http statistics (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:33        "urls": {
2024-02-16 11:25:33          "https://api.github.com/graphql (POST,200)": 1,
2024-02-16 11:25:33          "https://api.github.com/repos/iSole-3D/3DLayerMaker-Dashboard/issues/1 (GET,200)": 1,
2024-02-16 11:25:33          "https://api.github.com/repos/iSole-3D/3DLayerMaker-Dashboard/pulls (GET,200)": 1,
2024-02-16 11:25:33          "https://api.github.com/repositories/718160966/pulls (GET,200)": 2
2024-02-16 11:25:33        },
2024-02-16 11:25:33        "hostStats": {"api.github.com": {"requestCount": 5, "requestAvgMs": 505, "queueAvgMs": 0}},
2024-02-16 11:25:33        "totalRequests": 5
2024-02-16 11:25:33 DEBUG: Package lookup durations (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:33 DEBUG: dns cache (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:33        "hosts": []
2024-02-16 11:25:33  INFO: Repository finished (repository=iSole-3D/3DLayerMaker-Dashboard)
2024-02-16 11:25:33        "cloned": true,
2024-02-16 11:25:33        "durationMs": 6456

Have you created a minimal reproduction repository?

Placeholder value, please select the correct response from the dropdown

The text was updated successfully, but these errors were encountered:

rarkins · 2024-02-17T08:54:58Z

I've confirmed that decryption works in 39.191.0 but fails in 39.191.1. There's a different node version:

❯ docker run --rm -it renovate/renovate:37.191.0 /bin/bash         
ubuntu@3326b8d971f9:/usr/src/app$ node --version
v18.19.0

❯ docker run --rm -it renovate/renovate:37.191.1 /bin/bash
ubuntu@dfbfdd6360dc:/usr/src/app$ node --version
v18.19.1

rarkins · 2024-02-17T08:56:49Z

Root cause: openpgpjs/openpgpjs#1727

rarkins · 2024-02-17T09:04:39Z

There appears to be a --security-revert=CVE-2023-46809 option referred to in https://github.com/orgs/nodejs/discussions/51784#discussioncomment-8494516 but I'm unable to find further details.

rarkins · 2024-02-17T09:26:01Z

Changing the /usr/local/bin/renovate file to this:

#!/bin/bash

if [[ -f "/usr/local/etc/env" && -z "${CONTAINERBASE_ENV+x}" ]]; then
    # shellcheck source=/dev/null
  . /usr/local/etc/env
fi

node --security-revert=CVE-2023-46809 /usr/local/renovate/dist/renovate.js "$@"

(note: only last line changed)

Works around the problem.

It does though result in this warning at startup:

SECURITY WARNING: Reverting CVE-2023-46809: Marvin attack on PKCS#1 padding
DEBUG: Using RE2 regex engine
DEBUG: Parsing configs

viceice · 2024-02-17T09:51:22Z

If we add the workaround, then we should make it optional. so that only users enable it when using openpgp encryption.

rarkins · 2024-02-17T09:54:37Z

Maybe via our own env?

rarkins · 2024-02-17T09:55:33Z

Problem is people may be broken but not realize it

h-no · 2024-02-20T13:23:59Z

The affected version should be 37.191.1 and working version is 37.191.0, correct? The title and some comment refers to 39.191.*

rarkins · 2024-02-20T13:27:17Z

I don't see any errors or ambiguities in the title or description of this issue

h-no · 2024-02-20T13:41:30Z

I don't see any errors or ambiguities in the title or description of this issue

Your latest release is "37.202.2". The title says "39.191.1". Surely this is incorrect?

I've confirmed that decryption works in 39.191.0 but fails in 39.191.1. There's a different node version:

❯ docker run --rm -it renovate/renovate:37.191.0 /bin/bash         
ubuntu@3326b8d971f9:/usr/src/app$ node --version
v18.19.0

❯ docker run --rm -it renovate/renovate:37.191.1 /bin/bash
ubuntu@dfbfdd6360dc:/usr/src/app$ node --version
v18.19.1

Here the docker image tag is 37.* , you mention 39.* directly above it.

rarkins · 2024-02-20T13:43:56Z

Thank you! I overlooked the 39 part. Corrected to 37.x, does it make sense now?

Also you can use latest versions of Renovate already but you need to supply a node environment variable to revert their decryption padding change

h-no · 2024-02-20T13:45:29Z

Thanks, was just confused as I was pinning our version to the working one. And I went with the title rather than the text :)
Ok, thanks for the info! I gonna look into using env instead of pinning then.

astellingwerf · 2024-02-26T08:52:00Z

If we're focusing on the issue title: It is not encryption that's failing, but decryption.

9numbernine9 · 2024-02-27T16:12:38Z

For anyone following this issue, this seems to be fixed as of 37.214.1 which included an upgrade of the openpgpjs dependency to 5.11.1.

viceice · 2024-02-27T19:37:56Z

For anyone following this issue, this seems to be fixed as of 37.214.1 which included an upgrade of the openpgpjs dependency to 5.11.1.

yes, for openpgp. the old RSA decryption is still broken, but hopefully it's not used.

rarkins added type:bug Bug fix of existing functionality priority-1-critical A bad bug or work that is holding up a lot of other important features or fixes labels Feb 17, 2024

rarkins assigned viceice and rarkins Feb 17, 2024

rarkins added the core:config Related to config capabilities and presets label Feb 17, 2024

This was referenced Feb 17, 2024

fix: allow optional node args when calling renovate wrapper #27376

Merged

Switch from openpgp to node crypto #27377

Open

rarkins pinned this issue Feb 18, 2024

viceice mentioned this issue Feb 19, 2024

test(jest): revert CVE-2023-46809 to allow openpgp tests to pass #27409

Merged

6 tasks

rarkins changed the title ~~privateKey encryption broken since 39.191.1~~ privateKey encryption broken since 37.191.1 Feb 20, 2024

rarkins changed the title ~~privateKey encryption broken since 37.191.1~~ privateKey decryption broken since 37.191.1 due to Node.js change Feb 26, 2024

rarkins unpinned this issue Feb 27, 2024

denis-rossati mentioned this issue Mar 11, 2024

Label check action #27828

Closed

rarkins closed this as completed Mar 18, 2024

github-actions bot locked as resolved and limited conversation to collaborators Apr 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

privateKey decryption broken since 37.191.1 due to Node.js change #27375

privateKey decryption broken since 37.191.1 due to Node.js change #27375

rarkins commented Feb 17, 2024

How are you running Renovate?

If you're self-hosting Renovate, tell us what version of Renovate you run.

If you're self-hosting Renovate, select which platform you are using.

Was this something which used to work for you, and then stopped?

Describe the problem

Relevant debug logs

Have you created a minimal reproduction repository?

rarkins commented Feb 17, 2024

rarkins commented Feb 17, 2024

rarkins commented Feb 17, 2024

rarkins commented Feb 17, 2024

viceice commented Feb 17, 2024

rarkins commented Feb 17, 2024

rarkins commented Feb 17, 2024

h-no commented Feb 20, 2024

rarkins commented Feb 20, 2024

h-no commented Feb 20, 2024 •

edited

Loading

rarkins commented Feb 20, 2024

h-no commented Feb 20, 2024

astellingwerf commented Feb 26, 2024

9numbernine9 commented Feb 27, 2024

viceice commented Feb 27, 2024

privateKey decryption broken since 37.191.1 due to Node.js change #27375

privateKey decryption broken since 37.191.1 due to Node.js change #27375

Comments

rarkins commented Feb 17, 2024

Discussed in #27355

How are you running Renovate?

If you're self-hosting Renovate, tell us what version of Renovate you run.

If you're self-hosting Renovate, select which platform you are using.

Was this something which used to work for you, and then stopped?

Describe the problem

Relevant debug logs

Have you created a minimal reproduction repository?

rarkins commented Feb 17, 2024

rarkins commented Feb 17, 2024

rarkins commented Feb 17, 2024

rarkins commented Feb 17, 2024

viceice commented Feb 17, 2024

rarkins commented Feb 17, 2024

rarkins commented Feb 17, 2024

h-no commented Feb 20, 2024

rarkins commented Feb 20, 2024

h-no commented Feb 20, 2024 • edited Loading

rarkins commented Feb 20, 2024

h-no commented Feb 20, 2024

astellingwerf commented Feb 26, 2024

9numbernine9 commented Feb 27, 2024

viceice commented Feb 27, 2024

h-no commented Feb 20, 2024 •

edited

Loading