Potential security vulnerabilities in your dependencies

Potential security vulnerabilities were found in my dependencies. The repository is from some Github tutorial. Should I delete the repository or what is the procedure to mitigate the risk of a vulnerability?

In general the proper way to fix it would be to update the dependencies to a version where the vulnerability has been fixed.

However if

means you did the tutorial a while ago, don’t care about the code any more, and aren’t going to run it any more (this part is important!), it’s really up to you whether you want to fix, delete, or just leave it.

Ok, thank you for your help.

1 Like

Also, don’t forget that potential means exactly that, i.e. it’s informing you that there are some vulnerabilities that could (potentially) be exploited. It doesn’t mean that you’re exposed to an immediate risk, but rather that you should be aware of them and act accordingly.

1 Like

You could also archive it.

It’s bad practice to leave insecure / unmaintained repositories in a state that would result in people thinking they’re good to use/fork.

1 Like