Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

scaffold tool triggers 2 snyk errors #213

Open
fczuardi opened this issue Jan 17, 2018 · 0 comments
Open

scaffold tool triggers 2 snyk errors #213

fczuardi opened this issue Jan 17, 2018 · 0 comments

Comments

@fczuardi
Copy link
Contributor

The current implementation of the scaffold tool don't please snyk because it contain 2 dependencies with unpached vulnerabilities:

None of them affects code accessible by a browser, so it is kinda of safe to ignore them. I added exceptions on the policy file for those 2 files in the PR of the scaffold branch: #129 with an expiration date in May for us to check again if those exceptions are still needed in 4 months.

However, if some other and non dev-only farmblocks component for some strange reason have any of those packages in their dependencies, we dont want to ignore them. And ignoring snyk errors in general is a bad practice...

So, I am opening this issue to keep this situation documented, and to make us think about a future refactor of the scaffold tool that dont need to use those vulnerable dependencies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant