Why did the Snyk CLI discover different dependencies (and vulnerabilities) than through the integration in the app?