How to 'manual review' vulnerabilities and what are 'breaking changes'?
-
So I just managed to update my MM (with help from @thedoorsfanatic ) and it said I had 27 vulnerabilities and to do an
audit fixwhich I promptly did.
And after that I got that message saying
2 vulnerabilities require manual review and could not be updated
1 package update for 9 vulns involved breaking changes
How do I do a manual review? And what are breaking changes? Can I run the
npm audit fix --forceor should I avoid doing that?
-
@DæmonEyes I tried
npm auditas well
-
@DæmonEyes
me again
have you tried sudo npm audit fix?
-
i can’t answer on the how to review and resolve the manual issues…
breaking changes are between version x and current version, so api changed how it worked, and all using applications MUST change to the new way or they are broken (won’t work)…
in my old world and IBM, this was NEVER allowed… same data produces same results forever…
u want to change it so NEW data produces NEW results… ok… but old format MUST remain…developers have a lot of NEW work to do, they don’t need to run around and fix old versions of the app…
(usually don’t get paid for fixes like this)
-
@sdetweil hmmm that makes sense. So would
npm audit fix --forcehelp? or just make things worse?
-
@thedoorsfanatic Just gave it a go in both the MM directory as well as in general
