Perform yarn audit all dependencies on all active branches

Created on 6 March 2025, about 1 month ago

Problem/Motivation

In issue 📌 Bump serialize-javascript version in yarn.lock to overcome known vulnerability Active it is observed there are vulnerabilities in indirect dependency of some other packages we use, in which are not identified with current release setup.

It is good if we perform yarn audit on all dependencies on all active branches during commit or release to overcome this.

Steps to reproduce

Run yarn audit you will get list of vulnerabilities found in the dependencies.

Proposed resolution

Remaining tasks

Add yarn audit to CICD pipeline.

Release notes snippet

🌱 Plan
Status

Active

Version

11.0 🔥

Component

asset library system

Created by

🇮🇳India bhanu951

Live updates comments and jobs are added and updated live.
  • Security improvements

    It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024