search

apollographql / apollo-tooling

✏️ Apollo CLI for client tooling (Mostly replaced by Rover)
https://apollographql.com
MIT License
3.04k stars 467 forks source link

chore(deps): update dependency git-url-parse to v12 (version-3) - autoclosed #2643

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
git-url-parse 11.6.0 -> 12.0.0 age adoption passing confidence

Release Notes

IonicaBizau/git-url-parse ### [`v12.0.0`](https://togithub.com/IonicaBizau/git-url-parse/releases/tag/12.0.0) [Compare Source](https://togithub.com/IonicaBizau/git-url-parse/compare/11.6.0...12.0.0) ##### `git-url-parse` 12.0.0 This is a major release fixing several issues and improving the security of the project. ##### Breaking changes - VSTS SSH URLs may give unexpected results — I left a TODO in the tests to remind us to fix it. - For shorthand urls use the `href` property instead of `pathname`. - The `user` and `password` properties are now parsed separately. For other potential breaking changes, you may want to check out the release of `git-up`. ##### Issues Fixed - Fixes [#​102](https://togithub.com/IonicaBizau/git-url-parse/issues/102) — Support GitHub usernames with numbers (only numbers). - Fixes [#​130](https://togithub.com/IonicaBizau/git-url-parse/issues/130) — Update git-up - Fixes [#​135](https://togithub.com/IonicaBizau/git-url-parse/issues/135) If you have any suggestions and questions let me know. :blush:

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 2 years ago

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

The artifact failure details are included below:

File name: package-lock.json
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: apollo-link@1.2.11
npm ERR! Found: graphql@15.2.0
npm ERR! node_modules/graphql
npm ERR!   dev graphql@"15.2.0" from the root project
npm ERR!   peer graphql@"^14.5.0 || ^15.0.0" from @apollo/federation@0.27.0
npm ERR!   node_modules/@apollo/federation
npm ERR!     @apollo/federation@"0.27.0" from apollo-language-server@1.26.9
npm ERR!     packages/apollo-language-server
npm ERR!       apollo-language-server@1.26.9
npm ERR!       node_modules/apollo-language-server
npm ERR!         workspace packages/apollo-language-server from the root project
npm ERR!         2 more (apollo, apollo-codegen-core)
npm ERR!   5 more (graphql-tag, @apollographql/apollo-tools, apollo, ...)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer graphql@"^0.11.3 || ^0.12.3 || ^0.13.0 || ^14.0.0" from apollo-link@1.2.11
npm ERR! node_modules/apollo-link
npm ERR!   apollo-link@"^1.2.11" from apollo-link-context@1.0.17
npm ERR!   node_modules/apollo-link-context
npm ERR!     apollo-link-context@"^1.0.9" from apollo-language-server@1.26.9
npm ERR!     packages/apollo-language-server
npm ERR!       apollo-language-server@1.26.9
npm ERR!       node_modules/apollo-language-server
npm ERR!   apollo-link@"^1.2.11" from apollo-link-error@1.1.10
npm ERR!   node_modules/apollo-link-error
npm ERR!     apollo-link-error@"^1.1.1" from apollo-language-server@1.26.9
npm ERR!     packages/apollo-language-server
npm ERR!       apollo-language-server@1.26.9
npm ERR!       node_modules/apollo-language-server
npm ERR!   3 more (apollo-link-http, apollo-link-http-common, apollo-language-server)
npm ERR! 
npm ERR! Conflicting peer dependency: graphql@14.7.0
npm ERR! node_modules/graphql
npm ERR!   peer graphql@"^0.11.3 || ^0.12.3 || ^0.13.0 || ^14.0.0" from apollo-link@1.2.11
npm ERR!   node_modules/apollo-link
npm ERR!     apollo-link@"^1.2.11" from apollo-link-context@1.0.17
npm ERR!     node_modules/apollo-link-context
npm ERR!       apollo-link-context@"^1.0.9" from apollo-language-server@1.26.9
npm ERR!       packages/apollo-language-server
npm ERR!         apollo-language-server@1.26.9
npm ERR!         node_modules/apollo-language-server
npm ERR!     apollo-link@"^1.2.11" from apollo-link-error@1.1.10
npm ERR!     node_modules/apollo-link-error
npm ERR!       apollo-link-error@"^1.1.1" from apollo-language-server@1.26.9
npm ERR!       packages/apollo-language-server
npm ERR!         apollo-language-server@1.26.9
npm ERR!         node_modules/apollo-language-server
npm ERR!     3 more (apollo-link-http, apollo-link-http-common, apollo-language-server)
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate-cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2022-06-27T17_07_29_109Z-debug-0.log
changeset-bot[bot] commented 2 years ago

⚠️ No Changeset found

Latest commit: f6eb7836d46656b71659fd06dec159a8f8cf9f26

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

codesandbox-ci[bot] commented 2 years ago

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

danascheider commented 1 year ago

Hello lovely maintainers! I'm trying to upgrade the parse-url package, which is a transitive dependency (apollo -> git-url-parse -> git-up -> parse-url) to patch a security vulnerability that's been designated as "critical" by Dependabot. To do this, git-url-parse needs to be updated to v12 for Apollo. I see there are some failing builds here - is this being worked on, or is there anything I can do to move this PR forward?