Keep your code safe with GitHub security alerts
How to start using security alerts:
- Read the CVE record to learn more about the vulnerability and its severity level.
- Check to see how the vulnerable dependency is used in your project. If the vulnerability is in code that’s actively used in your project. You should prioritize the update. For example, if your project uses a vulnerable dependency in test cases. It may have less risk than a vulnerable dependency that your project uses to directly process user input.
- Check the documentation for the dependency’s recommended version to confirm that the recommended version resolves the vulnerability, and to confirm that the new version is backward compatible with your project.
- Confirm that updating the version will completely resolve the vulnerability for your project.
- Open a pull request to update the dependency to the recommended safe version and make any changes needed for compatibility. For more information, see “Viewing and updating vulnerable dependencies in your repository.”
- Ensure that all of your project’s tests pass and confirm that the functionality you’re updating works correctly, then merge the pull request. For more information see, “About statuses.”
- Notify project collaborators, owners of any forks of your project, and any projects that depend on yours of the recommended version change and tell them how the previously vulnerable dependency affected your project. For more information, see “Listing the projects that depend on a repository.”
READ ALSO:-How To Hacker Password Cracking 2018