Skip to content

Commit

Permalink
Remove audit fix during docker build
Browse files Browse the repository at this point in the history 
Doing an audit fix during docker build makes the output more
unpredictable. And we have dependabot in place to update the listed
dependencies.

It also will cause errors for dependencies that it can't fix. We are
using an older version of bootstrap, which has a XSS issue in it. But it
doesn't impact us based on our use of bootstrap. We can't upgrade
bootstrap without significant work, so for now we want to ignore this
issue. npm audit doesn't provide any way to ignore specific
dependencies.
  • Loading branch information
@haarg
haarg committed Aug 5, 2024
1 parent 398494c commit cde91e3
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ RUN \
--mount=type=cache,target=/root/.npm,sharing=private \
<<EOT
npm install --verbose
npm audit fix
EOT

# not supported yet
Expand Down Expand Up @@ -104,7 +103,6 @@ RUN \
--mount=type=cache,target=/root/.npm,sharing=private \
<<EOT
npm install --verbose --include=dev
npm audit fix
EOT

RUN \
Expand Down

0 comments on commit cde91e3

Please sign in to comment.