Yes, it can happen with our fix logic. When looking for upgrade paths, our fix checks against the vulnerabilities that were detected in the original project tree.
Articles in this section
- Cannot create a Fix PR
- Can patching break my code?
- Failed to detect issues
- Failed to update the yarn.lock, please update manually before merging.
- Fixed in version vs. fixable attribute in vulnerabilities
- How are Snyk patches created?
- How are Snyk patches tested?
- Is it possible that a fix pull request could introduce new vulnerabilities?
- Snyk changed the "resolved" URLs in my lockfile
- What can I do if I my scan reports vulnerabilities?