Address critical dependabots

pulibrary / pul_library_drupal

Deprecated - Princeton University Library Core Site Drupal Codebase

https://library.princeton.edu/

GNU General Public License v2.0

3 stars 0 forks source link

Address critical dependabots #1915

Closed sandbergja closed 1 year ago

sandbergja commented 2 years ago

[x] https://github.com/pulibrary/pul_library_drupal/security/dependabot/40
[x] https://github.com/pulibrary/pul_library_drupal/security/dependabot/35
[x] https://github.com/pulibrary/pul_library_drupal/security/dependabot/34

maxkadel commented 2 years ago

It appears that the last remaining dependency on dependabot/64 is gulp-sass-lint, which is no longer being maintained. There is no one-to-one replacement that does not have the same vulnerable dependency, and simply removing the linter from the package.json and the gulpfile appears to break deployment in a way I don't currently understand.