You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a common shared dependency has as vulnerability that's taking a while to work through the ecosystem what happens when that is whitelisted in rotten-deps? Does the primary dependency still fail?
At minimum this should be elaborated on in the documentation.
The text was updated successfully, but these errors were encountered:
When this question entered my head I was in the process of wrasslin' some yarn audit issues and was mixing up the goal of rotten-deps which is just outdated. It is difficult to determine something like eslint is only outdated because of a sub dependency so this isn't even a scenario I felt worth documenting.
If a common shared dependency has as vulnerability that's taking a while to work through the ecosystem what happens when that is whitelisted in
rotten-deps
? Does the primary dependency still fail?At minimum this should be elaborated on in the documentation.
The text was updated successfully, but these errors were encountered: