Skip to content

fix: package.json to reduce vulnerabilities #15

fix: package.json to reduce vulnerabilities

fix: package.json to reduce vulnerabilities #15

Workflow file for this run

# This is a basic workflow to help you get started with Actions
name: ci
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the "main" branch
push:
branches:
- '**'
pull_request:
branches:
- 'master'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
build-test:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3
- name: Setup Node.js environment
uses: actions/setup-node@v3
with:
node-version: 18
- name: Install dependencies
run: |
npm install
- name: Run tests
run: |
npm test
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high
build-test-monitor:
if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest
needs: build-test
steps:
- uses: actions/checkout@v3
- name: Setup Node.js environment
uses: actions/setup-node@v3
with:
node-version: 18
- name: Install dependencies
run: |
npm install semantic-release @semantic-release/exec pkg --save-dev
npm install
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --org=cse-snyk-labs
command: monitor