-
-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Action "Auto-Update Linters" is failing #3619
Comments
@nvuillam Can you check that the tokens aren't expired? I see the last three runs failing for the same error, and I don't see a reason why. |
PAT regenerated and env vars updated :) |
Thank you very much! #3606 was just updated. 😻 |
If you want to help out to get that PR unblocked, you may want to investigate the trivy vulnerabilities that came out this week, if there's something in our control to do |
I'd be happy to! I already took a look at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29415 and the corresponding issue indutny/node-ip#150. But that seems to be a dead end cause the project is unmaintained. Gonna take a deeper look at it tomorrow. |
Just saw, @nvuillam already took care of that one. Thanks! 💗 |
:) |
Saw it just after finishing writing. But it was the blocker for the week. |
[email protected] is transitively pulled in by
The newest version of |
So does it mean something else needs to be done, or it's ok now? |
As there's nothing that can be done from our side, we can just go ahead. 👍 |
But your wish would be what package(s) at which versions? |
Are the packages solved differently in a flavor that has less installed packages? |
That's not a question that is easy to answer. As we're using Seems like we have to wait for TooTallNate/proxy-agents#297 and dependent PRs in I'm sorry that I can't be any more helpful cause I'm quite new to the node ecosystem and to Megalinter. |
Maybe we can override to use |
Is ip-address really better since it doesn't have CVEs found yet, or ip has real problems? Also, yes, it's possible to apply some overrides in dependency resolution for cases like this, where some fixes are available but not applied in the dependent package yet. The thing here is to know when to remove it. We would be trying to be smarter than the resolver. |
|
If you could find how to add an override, while we don't really have a package.json when creating the image, we could include it in main (and the release if it stays there until then) until needed. I have not problems with that. |
I created #3623 to handle this. Imho we should move on with the release. |
Describe the bug
Action "Auto-Update Linters" is failing with error
https://github.com/oxsecurity/megalinter/actions/runs/9391727233/job/25864531487#step:11:37
I'm desperately waiting for a new release of Megalinter to include version 3.1.0 of
v8r
which includes proxy support. See: chris48s/v8r#442Maybe the used token is expired? peter-evans/create-pull-request#2863
The text was updated successfully, but these errors were encountered: