Is it ok to ignore vulnerabilities in dev dependencies? In your particular example jest is used for tests, how the vulnerabilities in jest could cause the risks in production site? Should we spend time to fix vulnerabilities in dev packages?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Is it ok to ignore vulnerabilities in dev dependencies? In your particular example jest is used for tests, how the vulnerabilities in jest could cause the risks in production site? Should we spend time to fix vulnerabilities in dev packages?