Contrib.social

Request to remove build dependencies in stable releases

Open on Drupal.org →
Created on 20 March 2024, about 1 year ago

As part of Security testing, the team reported vulnerability packages in the package-lock.json in the mie_demo_base folder. We will not use those in runtime in production environments can we remove package.json and package-lock.json from the stable release to avoid this?
Also, I am attaching a patch for the same please review it.

📌 Task
Status

Active

Version

3.0

Component

Miscellaneous

Created by

🇮🇳India sreeram_v Hyderabad

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @sreeram_v
  • Status changed to Needs review 2 months ago
  • Comment 2 months ago
    🇺🇸United States DamienMcKenna NH, USA
  • Comment 2 months ago
    🇺🇦Ukraine voleger Ukraine, Rivne

    At least we need MR for that.
    Developers must use the demo module as an example of using templates and CSS styles for some non-standard menu items. (that is not part of the issue, and improvement can be introduced in the follow-up)
    I think it is better to keep it up to date or modify frontend dependencies to some more simplified configuration.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024