Risk aware Fix PRs for Snyk Open Source

We are excited to announce upcoming improvements to Snyk Open Source Fix PRs to help you manage the overall risk posture of your applications.

Fix PRs are a key tool for helping Developers stay on top of new vulnerabilities in their dependencies. However, by upgrading a dependency our PRs might sometimes introduce new vulnerabilities that increase the overall risk posture of the project.

Snyk will now only raise a PR for a vulnerability if the change does not introduce additional vulnerabilities with higher severity than the one being fixed.

Users should expect to see on average a 10% reduction in Fix PRs as a result.

When is this coming?

Gradual rollout of these changes will begin on April 3rd, and finish by April 10th.

During the rollout, an increasing percentage of Fix PRs for all users will have the new risk aware checks applied.

No action is required to benefit from these improvements.