New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability in dependencies #161
Comments
Hadn't heard of Snyk! Thanks! Will address next release. |
Published in v2.4.0 |
Broke something for somebody in #136. I would love Snyk if it worked out of the box, but I can't get behind it if the postinstall script is breaking in certain environments. Maybe in the future it will be more stable. Reverted in v2.4.1. |
I never suggested making Snyk part of ncu, just that you fix the vulnerabilities. 👍 |
Hi Gert. Thanks for clarifying! From what I can tell, since the vulnerabilities don't exist in any direct dependencies of ncu that I can upgrade myself, Snyk needs to patch the vulnerabilities in the deep dependency tree after every ncu install. This is why Snyk was added to ncu, to enable this per-install patching. Unfortunately, that is what caused ncu to break in certain environments. There is no way to fix the vulnerabilities otherwise. |
As reported by Snyk via
snyk test npm-check-updates
:The text was updated successfully, but these errors were encountered: