GitHub is reporting that this repo has a vulnerability in uglify-js, which is several levels down our dependency tree. (We now use uglify-es for our actual uglification.) The root dependency that leads to uglify-js is grunt-topdoc, which we no longer use in this project.
Removals
grunt-topdoc dependency and its associated Grunt tasks and templates
Testing
Pull branch
rm -rf node_modules/
Run ./setup.sh and verify that everything works correctly
Checklist
[x] Changes are limited to a single goal (no scope creep)
[x] Code can be automatically merged (no conflicts)
GitHub is reporting that this repo has a vulnerability in uglify-js, which is several levels down our dependency tree. (We now use uglify-es for our actual uglification.) The root dependency that leads to uglify-js is
grunt-topdoc
, which we no longer use in this project.Removals
Testing
rm -rf node_modules/
./setup.sh
and verify that everything works correctlyChecklist