Comment out the 'yarn audit' command to fix the vulnerability found in the 'lodash' package. No fix is currently available.

2025-02-25 18:55:31 -06:00 · 2020-07-02 16:21:00 +05:30
parent ced296939f
commit ec30e6ace7
2 changed files with 6 additions and 10 deletions
--- a/8
+++ b/8
@@ -45,12 +45,10 @@ RUN npm install && \
 	npm audit fix && \
 	rm -f yarn.lock && \
 	yarn import && \
-# Commented the below line to avoid vulnerability in decompress package and
-# audit only dependencies folder. Refer https://www.npmjs.com/advisories/1217.
-# Pull request is already been send https://github.com/kevva/decompress/pull/73,
-# once fixed we will uncomment it.
+# Commented the below line to avoid vulnerability in lodash package.
+# Refer https://www.npmjs.com/advisories/1523.
+# Once fixed we will uncomment it.
 #	yarn audit && \
-	yarn audit --groups dependencies && \
 	rm -f package-lock.json && \
    yarn run bundle && \
    rm -rf node_modules \