Closed renovate[bot] closed 1 year ago
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
â™» Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: @ngrx/core@1.2.0
npm ERR! Found: rxjs@6.5.4
npm ERR! node_modules/rxjs
npm ERR! rxjs@"6.5.4" from the root project
npm ERR! rxjs@"6.5.4" from @angular-devkit/schematics@9.1.7
npm ERR! node_modules/@angular-devkit/schematics
npm ERR! @angular-devkit/schematics@"9.1.7" from @angular/cli@9.1.7
npm ERR! node_modules/@angular/cli
npm ERR! dev @angular/cli@"^9.0.4" from the root project
npm ERR! @angular-devkit/schematics@"9.1.7" from @schematics/angular@9.1.7
npm ERR! node_modules/@schematics/angular
npm ERR! @schematics/angular@"9.1.7" from @angular/cli@9.1.7
npm ERR! node_modules/@angular/cli
npm ERR! dev @angular/cli@"^9.0.4" from the root project
npm ERR! 1 more (@schematics/update)
npm ERR! 20 more (@angular-devkit/core, @angular-devkit/architect, ...)
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer rxjs@"^5.0.0-beta.12" from @ngrx/core@1.2.0
npm ERR! node_modules/@ngrx/core
npm ERR! @ngrx/core@"^1.2.0" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: rxjs@5.5.12
npm ERR! node_modules/rxjs
npm ERR! peer rxjs@"^5.0.0-beta.12" from @ngrx/core@1.2.0
npm ERR! node_modules/@ngrx/core
npm ERR! @ngrx/core@"^1.2.0" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /tmp/renovate-cache/others/npm/eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! /tmp/renovate-cache/others/npm/_logs/2023-05-03T16_12_15_536Z-debug-0.log
This PR contains the following updates:
1.0.0
->2.2.3
GitHub Vulnerability Alerts
CVE-2018-3739
Versions of
https-proxy-agent
before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options (proxy.auth) being passed toBuffer()
.Recommendation
Update to version 2.2.0 or later.
GHSA-pc5p-h8pf-mvwp
Versions of
https-proxy-agent
prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept unencrypted communications, which may include sensitive information such as credentials.Recommendation
Upgrade to version 3.0.0 or 2.2.3.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.