Closed as not planned
Description
What happened?
The reported CVE is blocking the Dependabot upgrade.
Versions
"@octokit/core": "^7.0.2",
"@octokit/rest": "^21.1.1",
"@octokit/request": "^10.0.0",
"@octokit/request-error": "^7.0.0",
"@octokit/plugin-paginate-rest": "^13.0.0",
Relevant log output
Dependabot cannot update @octokit/request to a non-vulnerable version
The latest possible version that can be installed is 6.2.8 because of the following conflicting dependencies:
> @octokit/[email protected] requires @octokit/request@^9.2.3 via a transitive dependency on @octokit/[email protected]
> @octokit/[email protected] requires @octokit/request@^9.2.3 via @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^6.0.0 via a transitive dependency on @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^6.0.0 via a transitive dependency on @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^6.0.0 via a transitive dependency on @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^6.0.0 via a transitive dependency on @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^6.2.3 via a transitive dependency on @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^5.6.3 via a transitive dependency on @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^5.6.0 via a transitive dependency on @octokit/[email protected]
> No patched version available for @octokit/request
The earliest fixed version is 8.4.1.Code of Conduct
- I agree to follow this project's Code of Conduct
Metadata
Metadata
Assignees
Type
Projects
Status
✅ Done