stackoom
  简体   繁体   中英

Can't resolve github Dependabot alert

 原文  2020-09-25 16:54:55       github/ dependabot

Question

I got this security notification:

Remediation
Upgrade node-fetch to version 2.6.1 or later. For example:

node-fetch@^2.6.1:
  version "2.6.1"

But this error has occurred. : Dependabot cannot create a pull request as one or more other dependencies require a version that is incompatible with this update.

Also, I did yarn upgrade But Nothing has changed.

What is this ?? How Can I solve this problem?

1 answers

solution1
 2 ACCPTED  2020-10-27 04:59:17

I have seen this issue multiple times myself, and it is well discussed in here and here .

If you are using npm , you can try with npm audit fix . If you using yarn , give yarn upgrade --latest a shot.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can I exclude directories from GitHub Dependabot? github Dependabot alert: Inefficient Regular Expression Complexity in nth-check upgrade specific package yarn lock after Dependabot alert on github GitHub Dependabot Doesn't Have Permissions To Publish to GHCR How Can I Give It Access Can't update private dependencies with dependabot Is dependabot.yml mandatory for GitHub Dependabot? How can I check if Dependabot is enabled for a Repo using Github APIs? Is there a way to generate a badge for the Dependabot into GitHub? Disabling dependabot alerts for a repository on GitHub Undismiss dependabot allert on Github repo
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM