By design, appcanary upgrade tries to install the minimum version we can that fixes all vulnerabilities we know about.
It's possible that the mirror you're using only stores the latest versions.How do we deal with this?
1) Currently we silently fail -- we only fix the vulnerabilities we can upgrade to the versions we list. The user must manually upgrade packages otherwise.
2) We can do the above, but be louder about it.
3) We can have a relaxed and a strict mode. Relaxed upgrades to the latest version available, strict upgrades to the minimum known good version, and if we can't pull it down, it's up to the user to deal with it.
By design,
appcanary upgradetries to install the minimum version we can that fixes all vulnerabilities we know about.It's possible that the mirror you're using only stores the latest versions.How do we deal with this?
1) Currently we silently fail -- we only fix the vulnerabilities we can upgrade to the versions we list. The user must manually upgrade packages otherwise. 2) We can do the above, but be louder about it. 3) We can have a relaxed and a strict mode. Relaxed upgrades to the latest version available, strict upgrades to the minimum known good version, and if we can't pull it down, it's up to the user to deal with it.