From b5b762f2f1fec485ba8adc59f25ad94add0aaf01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Brunner?= <stephane.brunner@camptocamp.com>
Date: Tue, 12 Nov 2024 08:27:35 +0100
Subject: [PATCH] No force in npm audit fix

It sometimes downgrad dependency to a version with more security issues.
---
 github_app_geo_project/module/audit/utils.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/github_app_geo_project/module/audit/utils.py b/github_app_geo_project/module/audit/utils.py
index 500ce22479..a9afba24e9 100644
--- a/github_app_geo_project/module/audit/utils.py
+++ b/github_app_geo_project/module/audit/utils.py
@@ -575,8 +575,8 @@ async def _npm_audit_fix(
     for package_lock_file_name, file_messages in fixable_files_npm.items():
         directory = os.path.dirname(os.path.abspath(package_lock_file_name))
         messages.update(file_messages)
-        _LOGGER.debug("Fixing vulnerabilities in %s with npm audit fix --force", package_lock_file_name)
-        command = ["npm", "audit", "fix", "--force"]
+        _LOGGER.debug("Fixing vulnerabilities in %s with npm audit fix", package_lock_file_name)
+        command = ["npm", "audit", "fix"]
         _, success, message = await module_utils.run_timeout(
             command,
             os.environ.copy(),