Contrib.social

Remove or update build dependencies in stable releases

Open on Drupal.org →
Created on 20 March 2024, 3 months ago
Updated 21 March 2024, 3 months ago

As part of Security testing, the team reported vulnerability packages in the package-lock.json. We will not use those in runtime in production environments can we remove package.json and package-lock.json from the stable release to avoid this?
Also, I am attaching a patch for the same please review.

📌 Task
Status

Needs work

Version

1.1

Component

Code

Created by

🇮🇳India sreeram_v Hyderabad

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @sreeram_v
  • Status changed to Needs work 3 months ago
  • Comment 3 months ago →
    🇯🇴Jordan Rajab Natshah Jordan

    Thanks, Sreeram, for reporting and patching!

    While you are making the above changes, we recommend that you convert this patch to a merge request. Merge requests → are preferred over patches. Be sure to hide the old patch files as well.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024