It's good idea to check for vulnerabilities, but as Pramod said all
softwares / libraries are going to have some or other vulnerability at any
time. I will go with approach of "let's discuss this addition" and we
should not affect PRs which are not adding any new dependencies (due to old
Also I also strongly feel, we need to be meticulous and think it through
before introducing such checks for reasons discussed before.
On Sat, Sep 9, 2017 at 8:36 PM, Vlad Rozov <[EMAIL PROTECTED]> wrote: