Closed renovate[bot] closed 1 month ago
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: @nestjs/sequelize@10.0.0
npm ERR! Found: reflect-metadata@0.2.1
npm ERR! node_modules/reflect-metadata
npm ERR! dev reflect-metadata@"0.2.1" from the root project
npm ERR! peer reflect-metadata@"^0.1.12 || ^0.2.0" from @nestjs/common@10.3.2
npm ERR! node_modules/@nestjs/common
npm ERR! dev @nestjs/common@"10.3.2" from the root project
npm ERR! peer @nestjs/common@"^8.0.0 || ^9.0.0 || ^10.0.0" from @mikro-orm/nestjs@5.2.3
npm ERR! node_modules/@mikro-orm/nestjs
npm ERR! dev @mikro-orm/nestjs@"5.2.3" from the root project
npm ERR! 11 more (@nestjs/axios, @nestjs/core, @nestjs/mapped-types, ...)
npm ERR! 7 more (@nestjs/core, @nestjs/mapped-types, ...)
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer reflect-metadata@"^0.1.13" from @nestjs/sequelize@10.0.0
npm ERR! node_modules/@nestjs/sequelize
npm ERR! dev @nestjs/sequelize@"10.0.0" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: reflect-metadata@0.1.14
npm ERR! node_modules/reflect-metadata
npm ERR! peer reflect-metadata@"^0.1.13" from @nestjs/sequelize@10.0.0
npm ERR! node_modules/@nestjs/sequelize
npm ERR! dev @nestjs/sequelize@"10.0.0" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! /tmp/renovate/cache/others/npm/_logs/2024-07-21T14_07_51_867Z-debug-0.log
This PR contains the following updates:
1.9.14
->1.9.15
GitHub Vulnerability Alerts
CVE-2024-37168
Impact
There are two separate code paths in which memory can be allocated per message in excess of the
grpc.max_receive_message_length
channel option:Patches
This has been patched in versions 1.10.9, 1.9.15, and 1.8.22
Release Notes
grpc/grpc-node (@grpc/grpc-js)
### [`v1.9.15`](https://togithub.com/grpc/grpc-node/releases/tag/%40grpc/grpc-js%401.9.15): @grpc/grpc-js 1.9.15 [Compare Source](https://togithub.com/grpc/grpc-node/compare/@grpc/grpc-js@1.9.14...@grpc/grpc-js@1.9.15) - Avoid buffering significantly more than `grpc.max_receive_message_size` per received message.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.