admin管理员组

文章数量:1126164

I have a very simple issue with Snyk, but I cannot figure out from the documentation how it could be solved. Snyk tried to recommend a major Rails version upgrade for my project and at this moment I am not ready to upgrade Rails. In the Gemfile I already specifed for Rails to only accept minor version upgrades but I am really not understand why Snyk ignores it.

The current Gemfile config is for rails gem:

gem 'rails', '~> 6.1'

The main problem is, I do not want to disable just that specific affectd vulnerability to pop up, because I am afraid later more vulnerabilities will come out that makes Snyk to post a new PR about raising a major Rails version. Also, I do not want to disable this automatic PR feature completely, because most of the times they are pretty helpful.

Is there any way to refine Snyk config to reject any major version upgrade to any gem, or specifically Rails gem?

本文标签: ruby on railsSnykConfigure what versions are accepted for a packageStack Overflow

版权声明:本文标题:ruby on rails - Snyk - Configure what versions are accepted for a package - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736618976a1945532.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。