We should fail builds if we update to a dependency that brings in vulnerabilities. In other projects I have used npm-audit-resolve for this purpose, since it lets you exclude vulnerabilities you choose (such as those brought in by build and test tools).
We should fail builds if we update to a dependency that brings in vulnerabilities. In other projects I have used npm-audit-resolve for this purpose, since it lets you exclude vulnerabilities you choose (such as those brought in by build and test tools).