CLAassistant
commented
5 years ago
All committers have signed the CLA.
Closed kyegupov closed 5 years ago
CLAassistant
commented
5 years ago
All committers have signed the CLA.
snyksec
commented
5 years ago :tada: This PR is included in version 1.5.3 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
What does this PR do?
Solves a customer issue where snyk analysis times out. This is due to Magento framework having mutual dependencies between modules.
Even with cycle breaking, a project with 10 packages that all depend on each other would produce 10!=3628800 leaf nodes of the dependency tree. This is a simple limiter on tree nodes expansion that would limit the such tree to 10*150 = 1500 leaf nodes. The resulting tree still contains all the dependencies (but not all the possible paths through them).
The proper solution is to switch to dependency graph, which is being worked on.
drive-by: update Travis config
What are the relevant tickets?
https://snyk.zendesk.com/agent/tickets/278