renovate[bot]
commented
1 year ago ⚠ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: package-lock.json
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: @ngrx/core@1.2.0
npm ERR! Found: rxjs@6.5.4
npm ERR! node_modules/rxjs
npm ERR! rxjs@"6.5.4" from the root project
npm ERR! rxjs@"6.5.4" from @angular-devkit/schematics@9.1.7
npm ERR! node_modules/@angular-devkit/schematics
npm ERR! @angular-devkit/schematics@"9.1.7" from @angular/cli@9.1.7
npm ERR! node_modules/@angular/cli
npm ERR! dev @angular/cli@"^9.0.4" from the root project
npm ERR! @angular-devkit/schematics@"9.1.7" from @schematics/angular@9.1.7
npm ERR! node_modules/@schematics/angular
npm ERR! @schematics/angular@"9.1.7" from @angular/cli@9.1.7
npm ERR! node_modules/@angular/cli
npm ERR! dev @angular/cli@"^9.0.4" from the root project
npm ERR! 1 more (@schematics/update)
npm ERR! 20 more (@angular-devkit/core, @angular-devkit/architect, ...)
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer rxjs@"^5.0.0-beta.12" from @ngrx/core@1.2.0
npm ERR! node_modules/@ngrx/core
npm ERR! @ngrx/core@"^1.2.0" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: rxjs@5.5.12
npm ERR! node_modules/rxjs
npm ERR! peer rxjs@"^5.0.0-beta.12" from @ngrx/core@1.2.0
npm ERR! node_modules/@ngrx/core
npm ERR! @ngrx/core@"^1.2.0" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /tmp/renovate-cache/others/npm/eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! /tmp/renovate-cache/others/npm/_logs/2023-03-11T07_09_42_201Z-debug-0.log
This PR contains the following updates:
1.8.3->3.6.1GitHub Vulnerability Alerts
CVE-2020-36048
Engine.IO before 4.0.0 and 3.6.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
CVE-2022-41940
Impact
A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process.
This impacts all the users of the
engine.iopackage, including those who uses depending packages likesocket.io.Patches
A fix has been released today (2022/11/20):
engine.io@3.x.y3.6.1engine.io@6.x.y6.2.1For
socket.iousers:engine.ioversionsocket.io@4.5.x~6.2.0npm audit fixshould be sufficientsocket.io@4.4.x~6.1.0socket.io@4.5.xsocket.io@4.3.x~6.0.0socket.io@4.5.xsocket.io@4.2.x~5.2.0socket.io@4.5.xsocket.io@4.1.x~5.1.1socket.io@4.5.xsocket.io@4.0.x~5.0.0socket.io@4.5.xsocket.io@3.1.x~4.1.0socket.io@4.5.x(see here)socket.io@3.0.x~4.0.0socket.io@4.5.x(see here)socket.io@2.5.0~3.6.0npm audit fixshould be sufficientsocket.io@2.4.xand below~3.5.0socket.io@2.5.0Workarounds
There is no known workaround except upgrading to a safe version.
For more information
If you have any questions or comments about this advisory:
engine.ioThanks to Jonathan Neve for the responsible disclosure.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.