sudo87 commented on code in PR #10951: URL: https://github.com/apache/cloudstack/pull/10951#discussion_r2131491026
########## ui/package-lock.json: ########## Review Comment: @harikrishna-patnala If I understand it correctly, as new dependency (dompurify) is added in the project, that has to be included in package.json. Similarily to ensure that dependency is not vulnerable to Supply chain attack and the version is locked for 'npm install', we need to include it in package-lock.json as well. https://dev.to/adamklein/package-lock-json-in-git-or-not-50l5 https://www.aikido.dev/blog/why-we-need-lockfiles-to-secure-our-supply-chain -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
