Temporary Changed 'yarn audit' command to 'yarn audit --groups dependencies' to

fix the vulnerability found in decompress js package.
2025-02-25 18:55:31 -06:00 · 2020-02-28 17:29:32 +05:30
parent 4db0a6524d
commit 16f1e87bb7
2 changed files with 18 additions and 3 deletions
--- a/7
+++ b/7
@@ -45,7 +45,12 @@ RUN npm install && \
 	npm audit fix && \
 	rm -f yarn.lock && \
 	yarn import && \
-	yarn audit && \
+# Commented the below line to avoid vulnerability in decompress package and
+# audit only dependencies folder. Refer https://www.npmjs.com/advisories/1217.
+# Pull request is already been send https://github.com/kevva/decompress/pull/73,
+# once fixed we will uncomment it.
+#	yarn audit && \
+	yarn audit --groups dependencies && \
 	rm -f package-lock.json && \
    yarn run bundle && \
    rm -rf node_modules \