Wanted to get the hang of Antora, so cloned the demo example, did gradle build ok. Looks good to me. Then was going to push this trial project to GitHub. I did not have a .gitignore file so everything was pushed up to git.
Git suggested
package-lock.json 2 vulnerabilities found
so is there something we should not allow to be pushed to github ? thx Jim