BitBoxSwiss
frontend: update package-lock.json
This reduces the vulnerabilities reported by npm audit. Those are all npm dev dependencies and production modules should not be affected.
Deleted node_modules and package-lock.json and did a new clean
install running: npm install --ignore-scripts
opened so I don't forget but need to test this more.
opened so I don't forget but need to test this more.
fyi, you can use 'Draft' instead of PR when a PR is not ready
it is ready, I just wanted to review/test before.
fyi, you can use 'Draft' instead of PR when a PR is not ready
I think some versions were already updated again, such as node_modules/@babel/helper-compilation-targets. Maybe rebase and do it again?
Speaking of --ignore-scripts - also in our Makefile in make buildweb? Didn't we also mean to change npm install to npm ci to force using the lockfile and auto-deleting node_modules upfront, for better safety?
Yes changing to npm ci --ignore-scripts would make sense, but it deletes node_modules everytime. So in that case the CI should not cache node_modules anymore. agree?
see https://github.com/digitalbitbox/bitbox-wallet-app/blob/ff6fada72d50325c2944723bd72922d22d17b8bc/.github/workflows/ci.yml#L56
and node_modules is cached in various places in https://github.com/digitalbitbox/bitbox-wallet-app/blob/ff6fada72d50325c2944723bd72922d22d17b8bc/scripts/travis-ci.sh#L57
Didn't we also mean to change npm install to npm ci to force using the lockfile and auto-deleting node_modules upfront, for better safety?