search

dxw / govuk-theme

A WordPress theme implementing the GOV.UK design system
MIT License
17 stars 7 forks source link

Fix/minor security issue #19

Closed serena-piccioni closed 3 years ago

serena-piccioni commented 3 years ago

https://github.com/dxw/govuk-theme/security/dependabot/yarn.lock/minimist/open

serena-piccioni commented 3 years ago

Good idea to remove grunt-exorcise. It's intended to extract the map from a compiled JS file and move it to a standalone .map file, so that we don't use up people's bandwith serving them .map data they don't need. But it's stopped being updated, and there doesn't seem to be any obvious equivalent that is up to date (and thus will deal with the security alert). It might be worth recompiling the JS as well (yarn run grunt) to produce new compiled JS that reflects that change.

It looks like the .idea/ files still need removing, even after the change to the .gitignore - I think because that makes git ignore any files added to the .idea/ folder in future, but not to ignore ones that are already committed.

That's done, thanks :)