Replies: 1 comment 2 replies
-
So, for example, there is a CVE for
|
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Do y'all have a published policy about how you manage your NPM dependencies, including an upgrade cadence, etc?
When I clone the
main
branch of the repo & do annpm install
I see a lot of deprecation warnings. And when I run a Mend scan against the resulting directory with its node modules populated, there are quite a fewhigh
CVEs in transitive dependencies.Beta Was this translation helpful? Give feedback.
All reactions