Vulnerabilities Alerts #248
alex-hedley
started this conversation in
General
Replies: 2 comments
-
|
I think it actually is enabled already. There are 7 alerts (although not for the packages listed above), all for things that can't be updated due to conflicting dependencies... 😬 We should probably spend some time working through all these. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
@frankieroberto I'm not seeing anything on the Security tab, is this a permissions issue? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is it worth turning on in Vulnerabilities Alerts in the repo settings?
Example
liquidjs Version < 10.0.0 Upgrade to ~> 10.0.0
Defined in
package-lock.jsonVulnerabilities CVE-2022-25948 Moderate severity
request Version <= 2.88.2
Defined in
package-lock.jsontough-cookieVersion< 4.1.3 Upgrade to ~> 4.1.3
Defined in
package-lock.jsonVulnerabilities CVE-2023-26136 Moderate severity
Beta Was this translation helpful? Give feedback.
All reactions