Edge Library Updates (#308)

* Edge Library Updates - updated cookiejar to 2.1.4 - updated json5 to 2.2.3 Signed-off-by: David Deal <ddeal@linuxfoundation.org> * CI/CD - Added Edge Folder Scanning Signed-off-by: David Deal <ddeal@linuxfoundation.org> Signed-off-by: David Deal <ddeal@linuxfoundation.org>
communitybridge · Jan 26, 2023 · 8076182 · 8076182
1 parent f8f5572
commit 8076182
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 12 deletions.
diff --git a/.github/workflows/snyk-scan-edge-npm-pr.yml b/.github/workflows/snyk-scan-edge-npm-pr.yml
@@ -0,0 +1,44 @@
+---
+# Copyright The Linux Foundation and each contributor to CommunityBridge.
+# SPDX-License-Identifier: MI
+
+name: Snyk Scan Edge NPM Dependencies
+
+on:
+  # https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  snyk-scan-edge-npm-pr:
+    runs-on: ubuntu-latest
+    environment: dev
+    steps:
+      - uses: actions/checkout@v3
+      - uses: snyk/actions/setup@master
+        id: snyk
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: '14'
+      - name: Yarn Version
+        run: yarn --version
+      - name: Yarn Install
+        working-directory: src
+        run: yarn install
+      - name: Snyk version
+        run: echo "${{ steps.snyk.outputs.version }}"
+      - name: Scan for NPM Vulnerabilities
+        working-directory: src
+        run: |
+          snyk test --org=${{ secrets.SNYK_ORG }} --file=package.json
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        continue-on-error: true
+      - name: Monitor for NPM Vulnerabilities
+        working-directory: src
+        run: snyk monitor --org=${{ secrets.SNYK_ORG }} --file=package.json
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        continue-on-error: true
diff --git a/.github/workflows/yarn-scan-edge-pr.yml b/.github/workflows/yarn-scan-edge-pr.yml
@@ -0,0 +1,28 @@
+---
+# Copyright The Linux Foundation and each contributor to CommunityBridge.
+# SPDX-License-Identifier: MI
+
+name: Yarn Edge Dependency Audit
+
+on:
+  # https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  yarn-scan-edge-pr:
+    runs-on: ubuntu-latest
+    environment: dev
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: '14'
+      - name: Setup
+        run: yarn install
+      - name: Yarn Audit
+        working-directory: src
+        run: |
+          yarn audit
diff --git a/edge/package.json b/edge/package.json
@@ -25,10 +25,12 @@
   "resolutions": {
     "ansi-regex": "^5.0.1",
     "browserslist": "^4.16.5",
+    "cookiejar": "^2.1.4",
     "dns-packet": "^5.2.2",
     "hosted-git-info": "^3.0.8",
     "ini": "^1.3.7",
     "glob-parent": "^5.1.2",
+    "json5": "^2.2.3",
     "jszip": "^3.7.0",
     "netmask": "^2.0.1",
     "minimatch": "^3.0.5",

diff --git a/edge/yarn.lock b/edge/yarn.lock
@@ -922,6 +922,11 @@ convert-source-map@^1.5.1:
   dependencies:
     safe-buffer "~5.1.1"
 
+cookiejar@^2.1.4:
+  version "2.1.4"
+  resolved "https://registry.yarnpkg.com/cookiejar/-/cookiejar-2.1.4.tgz#ee669c1fea2cf42dc31585469d193fef0d65771b"
+  integrity sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw==
+
 copy-concurrently@^1.0.0:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/copy-concurrently/-/copy-concurrently-1.0.5.tgz#92297398cae34937fcafd6ec8139c18051f0b5e0"
@@ -2055,17 +2060,10 @@ json-stable-stringify-without-jsonify@^1.0.1:
   resolved "https://registry.yarnpkg.com/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz#9db7b59496ad3f3cfef30a75142d2d930ad72651"
   integrity sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=
 
-json5@^0.5.1:
-  version "0.5.1"
-  resolved "https://registry.yarnpkg.com/json5/-/json5-0.5.1.tgz#1eade7acc012034ad84e2396767ead9fa5495821"
-  integrity sha1-Hq3nrMASA0rYTiOWdn6tn6VJWCE=
-
-json5@^1.0.1:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/json5/-/json5-1.0.1.tgz#779fb0018604fa854eacbf6252180d83543e3dbe"
-  integrity sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==
-  dependencies:
-    minimist "^1.2.0"
+json5@^0.5.1, json5@^1.0.1, json5@^2.2.3:
+  version "2.2.3"
+  resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.3.tgz#78cd6f1a19bdc12b73db5ad0c61efd66c1e29283"
+  integrity sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==
 
 jszip@^3.7.0:
   version "3.7.1"
@@ -2276,7 +2274,7 @@ minimatch@^3.0.4, minimatch@^3.0.5:
   dependencies:
     brace-expansion "^1.1.7"
 
-minimist@^1.2.0, minimist@^1.2.5:
+minimist@^1.2.5:
   version "1.2.7"
   resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.7.tgz#daa1c4d91f507390437c6a8bc01078e7000c4d18"
   integrity sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g==