You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I just ran snyk-delta on some old branch of go project. To my surprise, snyk-delta output showed that nothing new was added or removed (directly or indirectly), but new issues were nonetheless introduced. See the output:
Direct deps:
Added 0
===============
Removed 0
##################
Indirect deps:
Added 0
===============
Paths
===============
Removed 0
[]
_____________________________
New issues introduced !
Security Vulnerabilities:
1/3: Denial of Service (DoS) [High Severity]
Via: <REDACTED>
Fixed in: <REDACTED> 0.7.0
2/3: Denial of Service (DoS) [High Severity]
Via: <REDACTED>
Fixed in: <REDACTED> 0.7.0
3/3: Denial of Service (DoS) [High Severity]
Via: <REDACTED>
Fixed in: <REDACTED> 0.7.0
Can you please explain in which cases this is possible? Is it because of some dynamic dependency resolution?
The text was updated successfully, but these errors were encountered:
radekjezdik
changed the title
Output says nothing was added/removed
Output says nothing was added/removed but command fails
Aug 10, 2023
hum, I'm not sure. It does look like a case of a new vuln being disclosed impacting you existing deps, comparing it to a baseline that hasn't received that update.
usually, the baseline is on the backend, retested daily, and therefore updated with the new vulns, but maybe that's not working for some reason (disabled, unable to retest for whatever reason, etc).
Hi, I just ran snyk-delta on some old branch of go project. To my surprise, snyk-delta output showed that nothing new was added or removed (directly or indirectly), but new issues were nonetheless introduced. See the output:
Can you please explain in which cases this is possible? Is it because of some dynamic dependency resolution?
The text was updated successfully, but these errors were encountered: