When creating a Fix Pull Request I was told that it could not be generated due to incompatible versions across project dependencies.
When Snyk attempts to resolve vulnerabilities in your dependencies, we do so by upgrading packages to newer versions of the packages without the vulnerabilities (or in some cases with a patch).
In the case of npm this is a relatively straight forward process. Each version of the dependency can be upgraded independently, as you can have multiple versions of the same dependencies being used within the same project.
In the case of other package managers, for example Bundler, it is not so straight forward. We need to end in a state with only one version of each dependency in a given project.
If you have a large project, with numerous vulnerabilities, it is possible to be in a situation where there are conflicting upgrades trying to resolve different vulnerabilities. In this scenario Snyk attempts several different configurations to fix the vulnerabilities, but it can reach a point where the requirements are impossible to satisfy as a whole. In this scenario, we need some human intervention to make it easier.
Instead of attempting to fix all the vulnerabilities in the project in one go, try instead to fix one vulnerability at a time. This makes the computation simpler and will mean there is a greater chance of the Pull Request succeeding.