loading...

Discussion on: Fixing NPM Dependencies Vulnerabilities

Collapse
bsastregx profile image
bsastregx

Thanks!!

"The only difference is that manually upgrading our packages will allow us to upgrade a single package, test for a breaking change"

  1. Then what do we do if we find a breaking change? How do we fix it?
Collapse
bbenefield89 profile image
Brandon Benefield Author

@bsastregx If you run into a breaking change after upgrading a package then I would suggest you try and figure out what is causing breaking change. It could be as simple as the argument(s) to a method have changed or a simple environment variable needs to be set. If you can't figure out the issue then my suggestion is to either:

  • Choose a different package and remove the vulnerable package
  • Revert back to the vulnerable package (at your own risk)