You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
None of them affects code accessible by a browser, so it is kinda of safe to ignore them. I added exceptions on the policy file for those 2 files in the PR of the scaffold branch: #129 with an expiration date in May for us to check again if those exceptions are still needed in 4 months.
However, if some other and non dev-only farmblocks component for some strange reason have any of those packages in their dependencies, we dont want to ignore them. And ignoring snyk errors in general is a bad practice...
So, I am opening this issue to keep this situation documented, and to make us think about a future refactor of the scaffold tool that dont need to use those vulnerable dependencies.
The text was updated successfully, but these errors were encountered:
The current implementation of the scaffold tool don't please snyk because it contain 2 dependencies with unpached vulnerabilities:
None of them affects code accessible by a browser, so it is kinda of safe to ignore them. I added exceptions on the policy file for those 2 files in the PR of the scaffold branch: #129 with an expiration date in May for us to check again if those exceptions are still needed in 4 months.
However, if some other and non dev-only farmblocks component for some strange reason have any of those packages in their dependencies, we dont want to ignore them. And ignoring snyk errors in general is a bad practice...
So, I am opening this issue to keep this situation documented, and to make us think about a future refactor of the scaffold tool that dont need to use those vulnerable dependencies.
The text was updated successfully, but these errors were encountered: