Vulnerabilities due to yarn.lock file #13
Comments
|
@DEVizzent Honestly I don't think it should be included in the tarball. But we also would want to update the dependencies in there. You prefer automation like Renovate or Dependebot for that? |
|
I wouldn't include them in the tarball neither. Which seems to be possible by specifying an exclude list in the composer.json file |
|
@ArtemisMucaj It makes sense. I will do it Thusday afternoon. |
|
Please @ArtemisMucaj . Confirm it is fixed |
|
Your PR fixed our issue! Thank you so much for your reactivity! :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
We've started using https://github.com/thephpleague/openapi-psr7-validator in a few services and it's been great so far. Thank you for your support in maintaining this fork.
I've come to you because we've had reports of vulnerabilities in our CD/CI jobs.
These seem to be related to the yarn.lock file which is present in the package artifacts and has a few critical vulnerabilities. Is this wanted behavior ? If so would you consider upgrading them to fix the vulnerabilities?
Thanks in advance,
Artemis
The text was updated successfully, but these errors were encountered: