In addition to remediation advice, Snyk can automatically create pull requests (PRs) on your behalf in order to upgrade your dependencies based on the scan results. Snyk currently supports this feature for npm, Yarn and Maven-Central projects through GitHub, GitHub Enterprise Server and BitBucket Cloud.
For use with the Broker, your administrator should first upgrade to v4.55.0 or later.
Administrators and account owners manage settings for Snyk upgrade pull requests from our app on both the organization and the project levels, configuring whether the feature is on (enabled by default) and under what conditions Snyk should submit upgrade pull requests, if at all.
Once Snyk submits an upgrade pull request on your behalf, you can view the pull request and all related details directly from the relevant repository.
To quickly review the pull request, hover over it and you can see the recommended upgrade and other pull request summary details:
Open the pull request to view in-depth details, including package release notes, and vulnerabilities included in the recommended upgrade.:
Click the Issue link from the table to view all details for the specified vulnerability, directly from our database.
Once you've reviewed the pull request, you can approve it for merge.