Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Javascript --required-only doesn't include transitive dependencies
See original GitHub issueWhen using the --required-only option, cdxgen uses babel-parser to find the imports in the source files as described at https://github.com/AppThreat/cdxgen#automatic-usage-detection
The problem is that it doesn’t include the dependencies of the dependencies it finds… and it needs to do so as those transitive dependencies are required.
Issue Analytics
- State:
- Created a year ago
- Comments:8
Top Results From Across the Web
RequireJS: How can I handle transitive dependencies failures?
I'm using RequireJS 2.1.15, and I have trouble getting the errback that I pass to the library to be executed. Here is a...
Read more >Maven – Optional Dependencies and Dependency Exclusions
Since Maven resolves dependencies transitively, it is possible for unwanted dependencies to be included in your project's classpath. For example, a certain ...
Read more >How to Exclude Gradle Dependencies - Tom Gregory
When you declare a dependency in your build script, Gradle automatically pulls any transitive dependencies (dependencies of that dependency) ...
Read more >How do I exclude specific transitive dependencies of ...
Subproject B depends on module M which has a required dependency on X. /a/build.gradle: dependencies { compile libraries.l }.
Read more >Dependency Management — Dataverse.org
During fetching, Maven will analyze all transitive dependencies (see ... Do not include “testing only” dependencies in the final package - it will...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
For Javascript, I don’t have one off the top of my head, but I’m highly confident they exist.
One I do know off the top of my head is log4shell. A project would depend on something which depends on log4j, and the vulnerability in log4j is exploitable. This example is burned into my memory as it was such a big deal and continues to be a big deal.
4.0.37 includes this feature. Thank you.