Closed ilammy closed 1 year ago
Oh wow, now it pulls in a bunch of dependencies 😢
RIP going months without a CVE in the codebase. Bracing for getting notifications about them every week.
well, the "node_modules" entry in .gitignore didn't work?
Hm... Seems to be something with my local clone 😞 When I prepared the change, I saw updates in node_modules, so naturally git add
ed them. I think that was some remnant of the past, or something.
I believe node_modules
with production dependencies is needed only on the release branch, since actions expect everything to be vendored and ready for them.
IIRC, adding a Git-ignored item is not that easy: git - Force add despite the .gitignore file - Stack Overflow.
Anyway, I've seen #57 and it's alright now. :)
Fixes CVE-2022-35954.