GitHub user potiuk added a comment to the discussion: Should frontend/UI build manifests (package.json, package-lock.json) be present in production Python images?
One thing it might be useful, is that we should likely check if our SBOMS will be properly generated if we do that https://airflow.apache.org/docs/apache-airflow/stable/security/sbom.html -> also we should likely make sure SBOMS are attached to generated images. Because of course - those packages are **still** our dependencies - and if you want to use newer versions of those, you should upgrade to later versions of airflow - even if package.json is removed - the minified version of those dependencies are still there - no matter of you remove the package.lock files. GitHub link: https://github.com/apache/airflow/discussions/59820#discussioncomment-15347018 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
