🔥 3-day streak
GitHub Copilot141 / 190
Question 141 of 190

While adding a JSON parsing library to a Node.js microservice, a developer accepts a GitHub Copilot suggestion that pins a specific older version of a popular package in package.json. The build succeeds and tests pass. During a later security review, the team's SCA (software composition analysis) scanner flags this exact version as having a known critical CVE that was patched in a newer release. What is the most responsible conclusion the team should draw about using Copilot for dependency management going forward?

Reviewed for accuracy · Report an issueNext question