Is it possible that a fix pull request could introduce new vulnerabilities?

Snyk changed the "resolved" URL's in my Lock file
When I can choose, how should I decide whether to upgrade or patch?
What if there is no upgrade or patch available?
What is a Snyk Patch?
What can I do if I'm vulnerable?
Is it possible that a fix pull request could introduce new vulnerabilities?
Can patching break my code?
How are Snyk patches created?
How are Snyk patches tested?

Omri from Snyk

February 08, 2019 15:58

Yes, it can happen with our remediation logic. When looking for upgrade paths, our remediation checks against the vulnerabilities that were detected in the original project tree.

Comments

0 comments

Please sign in to leave a comment.

Is it possible that a fix pull request could introduce new vulnerabilities?

Articles in this section