Replies: 1 comment 1 reply
-
|
I just merged it. Can't you tailor your security review a little bit? The production build of lazysizes has zero dependencies. Meaning there is absolutely no security risk. An outdated version for devDependency has no effect. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thanks @aFarkas. My security team rep feels better now. However, we will take dev vs prod dependencies into account for the future. Looking forward to using this library in prod! |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi. I'd like to use this library for my project. However, I am currently not passing security review, due to the vulnerability of ini 1.3.5, https://ossindex.sonatype.org/component/pkg:npm/ini. Any idea of when this PR, #848 will be merged in? Thanks.
Beta Was this translation helpful? Give feedback.
All reactions