From cde91e3a92a56f0fb8584e741d49f215fdcbfd92 Mon Sep 17 00:00:00 2001
From: Graham Knop <haarg@haarg.org>
Date: Mon, 5 Aug 2024 16:01:47 +0200
Subject: [PATCH] Remove audit fix during docker build

Doing an audit fix during docker build makes the output more
unpredictable. And we have dependabot in place to update the listed
dependencies.

It also will cause errors for dependencies that it can't fix. We are
using an older version of bootstrap, which has a XSS issue in it. But it
doesn't impact us based on our use of bootstrap. We can't upgrade
bootstrap without significant work, so for now we want to ignore this
issue. npm audit doesn't provide any way to ignore specific
dependencies.
---
 Dockerfile | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0607a467a5d..9d51dcf4b73 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,7 +11,6 @@ RUN \
     --mount=type=cache,target=/root/.npm,sharing=private \
 <<EOT
     npm install --verbose
-    npm audit fix
 EOT
 
 # not supported yet
@@ -104,7 +103,6 @@ RUN \
     --mount=type=cache,target=/root/.npm,sharing=private \
 <<EOT
     npm install --verbose --include=dev
-    npm audit fix
 EOT
 
 RUN \