Title: Dependency vulnerabilities
Last modified: March 28, 2025

---

# Dependency vulnerabilities

 *  Resolved [justinosa](https://wordpress.org/support/users/justinosa/)
 * (@justinosa)
 * [1 year, 2 months ago](https://wordpress.org/support/topic/dependency-vulnerabilities/)
 * We have Dependabot running on our WordPress repo and it’s flagging a couple dependencies
   within the CookieYes plugin:
    - ejs
    - loader-utils
 * I’m assuming these are for development purposes and not shipped or needed at 
   run time but I was hoping someone smarter than me could confirm that.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Support [CookieYes Team](https://wordpress.org/support/users/cookieyesteam/)
 * (@cookieyesteam)
 * [1 year, 2 months ago](https://wordpress.org/support/topic/dependency-vulnerabilities/#post-18393480)
 * Hi Justinosa,
 * Thank you for reaching out and for your detailed inquiry.
 * You are correct in your assumption that `**ejs**` and `**loader-utils**` are 
   not needed at runtime for the CookieYes plugin. These dependencies are indeed
   related to the **development** and **build process** rather than the functionality
   of the plugin in a live environment.
    - `**loader-utils**` is used by build tools such as `webpack` and `babel`, which
      are part of the development pipeline to bundle and process code. It’s not 
      required when the plugin is running on your site.
    - `**ejs**` is pulled in by the `webpack-bundle-analyzer` for generating reports
      during the build process. It’s also not needed in production.
 * Since these dependencies are part of the **build tools** and not the actual runtime
   code, they should not be shipped with the production version of the plugin, assuming
   the build process is correctly configured. If they are flagged by Dependabot,
   it’s likely because they are part of the development dependencies and not relevant
   for production use.
 * Please let me know if you need further clarification or help with this!
 *  Thread Starter [justinosa](https://wordpress.org/support/users/justinosa/)
 * (@justinosa)
 * [1 year, 2 months ago](https://wordpress.org/support/topic/dependency-vulnerabilities/#post-18393735)
 * [@cookieyesteam](https://wordpress.org/support/users/cookieyesteam/) — Awesome.
   Thanks so much!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Dependency vulnerabilities’ is closed to new replies.

 * ![](https://ps.w.org/cookie-law-info/assets/icon.svg?rev=3007243)
 * [CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)](https://wordpress.org/plugins/cookie-law-info/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/cookie-law-info/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/cookie-law-info/)
 * [Active Topics](https://wordpress.org/support/plugin/cookie-law-info/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/cookie-law-info/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/cookie-law-info/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [justinosa](https://wordpress.org/support/users/justinosa/)
 * Last activity: [1 year, 2 months ago](https://wordpress.org/support/topic/dependency-vulnerabilities/#post-18393735)
 * Status: resolved