Skip to content
Security

chore: update dependencies #216

Sign in to view logs

chore: update dependencies

chore: update dependencies #216

Workflow file for this run

.github/workflows/security.yml at 922959c
name: Security
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: '0 6 * * 1' # Weekly Monday at 06:00 UTC
jobs:
snyk-go:
name: Snyk Go
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Run Snyk to check for Go vulnerabilities
uses: snyk/actions/golang@9adf32b1121593767fc3c057af55b55db032dc04 # master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high
snyk-node:
name: Snyk Node
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Setup Node.js
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
with:
node-version: '20'
cache: 'npm'
cache-dependency-path: web/package-lock.json
- name: Install dependencies
run: npm ci --ignore-scripts
working-directory: web
- name: Run Snyk to check for Node vulnerabilities
uses: snyk/actions/node@9adf32b1121593767fc3c057af55b55db032dc04 # master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high --file=web/package-lock.json
snyk-docker:
name: Snyk Docker
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Build Docker image
run: docker build -t muximux:test .
- name: Run Snyk to check Docker image
uses: snyk/actions/docker@9adf32b1121593767fc3c057af55b55db032dc04 # master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: muximux:test
args: --severity-threshold=high
govulncheck:
name: Go Vulnerability Check
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6
with:
go-version-file: go.mod
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
- name: Run govulncheck
run: govulncheck ./...