feat: node audit script (#857)

* feat: upgrade lint-staged * feat: upgrade body-parser * feat: upgrade cardano-peer-connect * fix: run npm ci and fix package-lock.json * fix: upgrade @capacitor/cli * fix: upgrade appium * feat: remove unused overrides from package.json * override appium-safari-driver * fix: path-to-regexp vuln * fix: package-lock * fix: update package-lock.json * feat: add audit filter * fix: test ignore all * fix: check if audit-results.json exists * fix: check existing files * fix: pipeline Audit Dependencies * fix: testing audit-filter * fix: testing pipeline output * fix: testing pipeline output * fix: testing pipeline output * fix: testing pipeline output * feat: add script to package.json * feat: format and add guide * fix: format output * fix: format output * fix: format output * feat: expand details * fix: ignored-node-vulnerabilities.json * fix: clean ga audit * fix: set ignored vulnerabilities * fix: set ignored vulnerabilities * fix: remove unused overrides * fix: using better-npm-audit for audits * fix: gh-verify-pr.yaml * fix: clean .gitignore * fix: check all deps
cardano-foundation · Jan 3, 2025 · f246522 · f246522
1 parent ecb326c
commit f246522
Show file tree

Hide file tree

Showing 6 changed files with 2,552 additions and 6,098 deletions.
diff --git a/.github/workflows/gh-verify-pr.yaml b/.github/workflows/gh-verify-pr.yaml
@@ -49,5 +49,8 @@ jobs:
         npm ci
         npm run test
 
+    - name: Audit Dependencies
+      run: npm run audit
+
     - name: 🔨 Build project
-      run: npm run build
+      run: npm run build
diff --git a/.gitignore b/.gitignore
@@ -34,4 +34,4 @@ yarn-error.log*
 resources/android
 resources/ios
 
-services/credential-server/data/brans.json
+services/credential-server/data/brans.json
diff --git a/.nsprc b/.nsprc
@@ -0,0 +1,19 @@
+{
+  "1099357": {
+    "active": true,
+    "notes": "Ignored since there is not any patch available",
+    "expiry": "2025-03-31"
+  },
+  "1101081": {
+    "active": true,
+    "notes": "Ignored since is related just to appium e2e"
+  },
+  "1100267": {
+    "active": true,
+    "notes": "Ignored since is related just to appium e2e"
+  },
+  "1101088": {
+    "active": true,
+    "notes": "Ignored since is related to nodemon server from dev dep"
+  }
+}