Comment out the 'yarn audit' command to fix the vulnerability found in the 'lodash' package. No fix is currently available.

2025-01-23 23:13:38 -06:00 · 2020-07-02 16:21:00 +05:30 · 2020-07-02 16:21:00 +05:30 · ec30e6ace7
commit ec30e6ace7
parent ced296939f
2 changed files with 6 additions and 10 deletions
--- a/8
+++ b/8
@ -45,12 +45,10 @@ RUN npm install && \
 	npm audit fix && \
 	rm -f yarn.lock && \
 	yarn import && \
-# Commented the below line to avoid vulnerability in decompress package and
-# audit only dependencies folder. Refer https://www.npmjs.com/advisories/1217.
-# Pull request is already been send https://github.com/kevva/decompress/pull/73,
-# once fixed we will uncomment it.
+# Commented the below line to avoid vulnerability in lodash package.
+# Refer https://www.npmjs.com/advisories/1523.
+# Once fixed we will uncomment it.
 #	yarn audit && \
-	yarn audit --groups dependencies && \
 	rm -f package-lock.json && \
    yarn run bundle && \
    rm -rf node_modules \
--- a/8
+++ b/8
@ -28,12 +28,10 @@ install-node:
 	cd web && npm audit fix
 	rm -f web/yarn.lock
 	cd web && yarn import
-# Commented the below line to avoid vulnerability in decompress package and
-# audit only dependencies folder. Refer https://www.npmjs.com/advisories/1217.
-# Pull request is already been send https://github.com/kevva/decompress/pull/73,
-# once fixed we will uncomment it.
+# Commented the below line to avoid vulnerability in lodash package.
+# Refer https://www.npmjs.com/advisories/1523.
+# Once fixed we will uncomment it.
 #	cd web && yarn audit
-	cd web && yarn audit --groups dependencies
 	rm -f package-lock.json
 	rm -f web/package-lock.json