Fixes EE-404 - Remove npm audit job (!1033) · Merge requests · eyeo / adblockplus / abc / webext-ad-filtering-solution

Toni Feliu requested to merge ee-404-remove-audit-job into master Apr 29, 2024

Background

We currently run npm audit --omit=dev as a CI job in order to detect vulnerabilities on production dependencies. However, it truns out that the --omit=dev option does not really omit dev dependencies: https://github.com/npm/npm/issues/20564 , which defeats the whole purpose of running that job.

What this MR does

Removes the CI audit job because it can't skip development dependency vulnerabilities.

Fixes EE-404 - Remove npm audit job

Background

What this MR does

Merge request reports