From ec30e6ace78a813eb5215efc5c1f0e94582ffc12 Mon Sep 17 00:00:00 2001 From: Akshay Joshi Date: Thu, 2 Jul 2020 16:21:00 +0530 Subject: [PATCH] =?UTF-8?q?Comment=C2=A0out=20the=20'yarn=20audit'=20comma?= =?UTF-8?q?nd=20to=20fix=20the=C2=A0vulnerability=20found=20in=20the=20'lo?= =?UTF-8?q?dash'=20package.=C2=A0No=20fix=20is=20currently=20available.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 8 +++----- Makefile | 8 +++----- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 50ffb7d5a..a0d5094da 100644 --- a/Dockerfile +++ b/Dockerfile @@ -45,12 +45,10 @@ RUN npm install && \ npm audit fix && \ rm -f yarn.lock && \ yarn import && \ -# Commented the below line to avoid vulnerability in decompress package and -# audit only dependencies folder. Refer https://www.npmjs.com/advisories/1217. -# Pull request is already been send https://github.com/kevva/decompress/pull/73, -# once fixed we will uncomment it. +# Commented the below line to avoid vulnerability in lodash package. +# Refer https://www.npmjs.com/advisories/1523. +# Once fixed we will uncomment it. # yarn audit && \ - yarn audit --groups dependencies && \ rm -f package-lock.json && \ yarn run bundle && \ rm -rf node_modules \ diff --git a/Makefile b/Makefile index 89e9cb630..9fe2bbc73 100644 --- a/Makefile +++ b/Makefile @@ -28,12 +28,10 @@ install-node: cd web && npm audit fix rm -f web/yarn.lock cd web && yarn import -# Commented the below line to avoid vulnerability in decompress package and -# audit only dependencies folder. Refer https://www.npmjs.com/advisories/1217. -# Pull request is already been send https://github.com/kevva/decompress/pull/73, -# once fixed we will uncomment it. +# Commented the below line to avoid vulnerability in lodash package. +# Refer https://www.npmjs.com/advisories/1523. +# Once fixed we will uncomment it. # cd web && yarn audit - cd web && yarn audit --groups dependencies rm -f package-lock.json rm -f web/package-lock.json