Skip to content
This repository has been archived by the owner on Nov 10, 2022. It is now read-only.

Update dependency got to 11.8.5 [SECURITY] #364

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 23, 2022

Mend Renovate

This PR contains the following updates:

Package Change
got 11.8.2 -> 11.8.5
got 9.6.0 -> 11.8.5

GitHub Vulnerability Alerts

CVE-2022-33987

The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

@renovate
Copy link
Contributor Author

renovate bot commented Jun 23, 2022

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: frontend/package-lock.json
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: frontend@undefined
npm ERR! Found: [email protected]
npm ERR! node_modules/eslint
npm ERR!   dev eslint@"7.32.0" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer eslint@">= 1.6.0 < 7.0.0" from @vue/[email protected]
npm ERR! node_modules/@vue/cli-plugin-eslint
npm ERR!   dev @vue/cli-plugin-eslint@"4.5.18" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate-cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2022-09-25T22_48_37_966Z-debug-0.log

@renovate renovate bot force-pushed the renovate/npm-got-vulnerability branch 6 times, most recently from 04f6eb7 to 906245f Compare June 30, 2022 20:25
@renovate renovate bot force-pushed the renovate/npm-got-vulnerability branch 2 times, most recently from 2854c38 to 21627e1 Compare July 4, 2022 15:59
@renovate renovate bot force-pushed the renovate/npm-got-vulnerability branch 6 times, most recently from 0222248 to 6e6b0e8 Compare July 24, 2022 16:41
@renovate renovate bot force-pushed the renovate/npm-got-vulnerability branch 2 times, most recently from 4852f3c to 1a8e840 Compare July 30, 2022 13:26
@renovate renovate bot force-pushed the renovate/npm-got-vulnerability branch 2 times, most recently from 28f639b to 87a0315 Compare August 6, 2022 12:26
@renovate renovate bot force-pushed the renovate/npm-got-vulnerability branch 5 times, most recently from 6a2376d to 655889a Compare August 22, 2022 22:41
@renovate renovate bot force-pushed the renovate/npm-got-vulnerability branch from 655889a to 8cef414 Compare September 25, 2022 22:49
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants