amphtml
amphtml copied to clipboard
ampproject
📦 Update dependency got to 11.8.5 [SECURITY]
This PR contains the following updates:
| Package | Change | Package file |
|---|---|---|
| got | 9.6.0 -> 11.8.5 |
package.json |
| got | 11.8.2 -> 11.8.5 |
build-system/tasks/e2e/package.json |
See all other Renovate PRs on the Dependency Dashboard
How to resolve breaking changes
This PR may introduce breaking changes that require manual intervention. In such cases, you will need to check out this branch, fix the cause of the breakage, and commit the fix to ensure a green CI build. To check out and update this PR, follow the steps below:
# Check out the PR branch
git checkout -b renovate/npm-got-vulnerability main
git pull https://github.com/ampproject/amphtml.git renovate/npm-got-vulnerability
# Directly make fixes and commit them
amp lint --fix # For lint errors in JS files
amp prettify --fix # For prettier errors in non-JS files
# Edit source code in case of new compiler warnings / errors
# Push the changes to the branch
git push [email protected]:ampproject/amphtml.git renovate/npm-got-vulnerability:renovate/npm-got-vulnerability
GitHub Vulnerability Alerts
CVE-2022-33987
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.
Configuration
📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
- [ ] If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by Mend Renovate. View repository job log here.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hey @estherkim! These files were changed:
build-system/tasks/e2e/package-lock.json
build-system/tasks/e2e/package.json
![amp-owners-bot[bot] avatar](https://avatars.githubusercontent.com/in/22611?v=4 "Published by a pub.dev verified publisher"){kind=small}
âš Artifact update problem
Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.
â™» Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: package-lock.json
xz: (stdin): Unexpected end of input
tar: Unexpected EOF in archive
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now
bash: npm: command not found
File name: build-system/tasks/e2e/package-lock.json
xz: (stdin): Unexpected end of input
tar: Unexpected EOF in archive
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now
bash: npm: command not found