Contrib.social

Remove or update build dependencies in stable releases

Open on Drupal.org →
Created on 20 March 2024, 12 months ago
Updated 21 March 2024, 12 months ago

As part of Security testing, the team reported vulnerability packages in the package-lock.json. We will not use those in runtime in production environments can we remove package.json and package-lock.json from the stable release to avoid this?
Also, I am attaching a patch for the same please review.

📌 Task
Status

Needs work

Version

1.1

Component

Code

Created by

🇮🇳India sreeram_v Hyderabad

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @sreeram_v
  • Status changed to Needs work 12 months ago
  • Comment 12 months ago
    🇯🇴Jordan Rajab Natshah Jordan

    Thanks, Sreeram, for reporting and patching!

    While you are making the above changes, we recommend that you convert this patch to a merge request. Merge requests are preferred over patches. Be sure to hide the old patch files as well.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024