Why swiper as a dependency?

kunalnagarco / action-cve

A GitHub action that sends Dependabot Vulnerability Alerts to Slack, PagerDuty, Zenduty, Microsoft Teams.

https://github.com/marketplace/actions/check-cve

MIT License

20 stars 20 forks source link

Why swiper as a dependency? #181

Closed Seb33300 closed 3 months ago

Seb33300 commented 3 months ago

I just saw the latest release about upgrading swiper.

Swiper is a javascript library to render carousel on web pages. I don't understand why it is required by this project and I cannot find any usage of it in the code base.

Seb33300 commented 3 months ago

Added by @kunalnagar in https://github.com/kunalnagarco/action-cve/commit/bb547f9e96ee8949d84df280c75ae7097d9b60b8#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519

kunalnagar commented 3 months ago

@Seb33300 - thanks, this is a good catch. I don't think this is needed but I'll investigate how it got added in the first place.

kunalnagar commented 3 months ago

@Seb33300 - I remember now - this is the reason why I had to add: https://github.com/kunalnagarco/action-cve/actions/runs/8648505040/job/23712460836?pr=182#step:8:1

The adaptivecards package we use depends on swiper: https://github.com/microsoft/AdaptiveCards/blob/main/source/nodejs/adaptivecards/package.json#L52

Seb33300 commented 3 months ago

Indeed, that's really weird to depend on this...