Securing your Workflows Course - No vulnerable dependencies

drewgoodfellow · April 17, 2020, 4:46pm

Hello,

I’m attempting to find my repo’s vulnerabilities according to these instructions:

Click the Insights tab in your repository.
On the left hand navigation bar, click Dependency graph.
Scroll down until you see a yellow bar highlighting the dependency named debug, and click on the right hand side of the yellow debug section.
Take note of the suggested version.
Comment in this issue with the suggested update version.

However, I do not see any vulnerabilities! See photo below.

I was expecting visionmedia/debug to have a yellow bar. Have I done something wrong?

Thank you in advance.

lmkeston · April 20, 2020, 2:29pm

Hello Drew. We have corrected this issue. You may need to de-register and restart the course to see the correction. Please let me know if you continue to encounter this issue. Thank you!

drewgoodfellow · April 20, 2020, 5:39pm

Hello,

It works perfectly now. Thank you so much.

saahithhegde · August 31, 2020, 1:05am

Hello,
I am getting the same issue.

ruizhexr · September 11, 2020, 9:28am

Same issue here. I don’t see any yellow bar.

PawlakMarek · December 21, 2020, 10:57am

It seems it’s still an issue.
Even though version is shown as 2.6.8 (lesser than in original issue), github doesn’t show it as vulnerable.

Catweazel1 · December 26, 2020, 3:16pm

This Issue still doen’t seem to be resolved. I have de-registered and re-registered several times now, still not able to see vulnerabilities. Not sure if this is now elsewhere now or not.

lmkeston · December 31, 2020, 3:05pm

Hello all,
This course was recently updated to use the default branch name “main” instead of “master”. When you re-registered, did you delete your repo? If not, can you try that and let me know if this resolves the issue?
Thanks,
Lia

dossantosr · March 12, 2021, 9:16am

Hello, I am having this same issue. Anyone else managed to solve it?

rb-03 · April 6, 2021, 11:19am

Hello everyone, I am facing the same issue. Is there anything that can be done about it?
@lmkeston could you please suggest what should be done about the same?

Sajan390 · April 24, 2021, 4:18pm

It does not solve the problem in 2021.

koushouto · April 27, 2021, 1:59pm

Hello, @lmkeston
I am getting the same issue. It seems to be caused by ignoring the update.

controangel · April 28, 2021, 10:14am

me too. I have deregister and restart the course but no change .please I kindly need your assistance.

controangel · May 5, 2021, 4:31pm

please @lmkeston I can’t see the leave course button on securing your workflow and some of the module in GitLab have that issues too. please I need help with that.

KevinMcKeown · November 9, 2021, 9:54am

Still the same in 01-Nov-2021 release of the course - step 3, no yellow bar highlighting debug.
I’ve enabled Dependabot, and I initially thought that didn’t flag anything either… then noticed emails about new Pull Requests (x5), one of which is ‘Bump debug from 2.6.8. to 4.3.2’