Security: Ignore scripts during CI and allow safe packages #480

New issue

Open

opened 2025-11-27 10:54:57 +00:00 by Vylpes · 0 comments

Vylpes commented 2025-11-27 10:54:57 +00:00

Owner

Copy link

• Due to recent security news we want to disable automatically running scripts
• https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/
• canvas currently requires scripts, so we will need to find a way around this, either by getting a new package or allowing this safely

- Due to recent security news we want to disable automatically running scripts - https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/ - `canvas` currently requires scripts, so we will need to find a way around this, either by getting a new package or allowing this safely

Vylpes added the

type

investigation

label 2025-11-27 10:55:05 +00:00

Vylpes added this to the 0.11.0 milestone 2025-11-27 10:55:09 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

feature/455-unclaimed-card-effect-dynamic

feature/364-remove-logger-debug

feature/295-series-list-command-claims

feature/473-card-object-undefined

release/0.10.0

develop

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.0

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.2

v0.5.1

v0.5.0

v0.4.2

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

blocked

  

duplicate

  

needs criteria

  

needs estimate

  

needs tests

  

question

  

requires documentation

  

type

admin

  

type

alert

  

type

bug

  

type

change

  

type

defect

  

type

dependencies

  

type

epic

  

type

investigation

  

type

spike

  

type

story

  

type

subtask

  

won't fix

No labels

blocked

duplicate

needs criteria

needs estimate

needs tests

question

requires documentation

type

admin

type

alert

type

bug

type

change

type

defect

type

dependencies

type

epic

type

investigation

type

spike

type

story

type

subtask

won't fix

Milestone

Clear milestone

No items

No milestone

0.11.0

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

External/card-drop#480

No description provided.