Skip to content

[SUPPORT]: Trouble upgrading Octokit with dependabot #762

Closed as not planned
@Van-Romel

Description

@Van-Romel

What happened?

The reported CVE is blocking the Dependabot upgrade.

Versions

"@octokit/core": "^7.0.2",
"@octokit/rest": "^21.1.1",
"@octokit/request": "^10.0.0",
"@octokit/request-error": "^7.0.0",
"@octokit/plugin-paginate-rest": "^13.0.0",

Relevant log output

Dependabot cannot update @octokit/request to a non-vulnerable version
The latest possible version that can be installed is 6.2.8 because of the following conflicting dependencies:

> @octokit/[email protected] requires @octokit/request@^9.2.3 via a transitive dependency on @octokit/[email protected]
> @octokit/[email protected] requires @octokit/request@^9.2.3 via @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^6.0.0 via a transitive dependency on @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^6.0.0 via a transitive dependency on @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^6.0.0 via a transitive dependency on @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^6.0.0 via a transitive dependency on @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^6.2.3 via a transitive dependency on @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^5.6.3 via a transitive dependency on @octokit/[email protected]
> @probot/[email protected] requires @octokit/request@^5.6.0 via a transitive dependency on @octokit/[email protected]
> No patched version available for @octokit/request

The earliest fixed version is 8.4.1.

Code of Conduct

  • I agree to follow this project's Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    Status: TriageThis is being looked at and prioritizedType: BugSomething isn't working as documented

    Type

    No type

    Projects

    Status

    ✅ Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions