Closed cyphercider closed 6 years ago
Mmmmm i just investigated through Snyk.io and got a different report : https://i.imgur.com/1ZKo3CY.png
Looks to me a false positive from npm adding these 2 deps (codecov and coveralls) to published packages ?
I have added Snyk to our CI, thanks @tamethecomplex
I'm running into this with v1.9.5 when testing my app via npm audit
. It seems to be coming from https://github.com/Sharlaan/material-ui-superselectfield/blob/master/.travis.yml#L11 when you add these packages for use in the CI.
Some versions of the test will not fail if you simple move that to add -D
and keep them in development dependencies, however, if you don't actually need them accept for the testing phase, you could also just yarn remove
them after the test command...
It would be really great not to have these failures in my repo, so let me know if there is anything I could do to help this along.
Hey, great package. A vulnerability scan shows some out of date dependencies for codecov.io causing vulnerabilities within this package. I'm just starting using snyk and I don't see codecov.io in your package.json, so I'm not sure why that dependency is showing up on snyk...but just wanted to make sure you were aware.
https://snyk.io/test/npm/material-ui-superselectfield/1.9.2?