Skip to content

Commit ff24f44

Browse files
fdevansfdevans
committed
fix(security): address npm CVEs in rundeck-cli; schedule weekly Snyk
- Pin xml2js via overrides (CVE-2023-0842) - Bump js-yaml to 3.14.2; override follow-redirects to 1.16.0 - Run Snyk workflow weekly on Mondays (UTC)
1 parent fdeb09c commit ff24f44

3 files changed

Lines changed: 19 additions & 11 deletions

File tree

.github/workflows/snyk-scan.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ on:
55
branches: [ main, master ]
66
pull_request:
77
branches: [ main, master ]
8+
schedule:
9+
# Weekly on Monday 06:00 UTC (GitHub Actions cron is UTC-only)
10+
- cron: '0 6 * * 1'
811
workflow_dispatch:
912

1013
jobs:

docker/client/rundeck-cli/package-lock.json

Lines changed: 13 additions & 10 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docker/client/rundeck-cli/package.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
"@types/node": "^13.13.5",
1414
"dotenv": "^10.0.0",
1515
"form-data": "^3.0.0",
16-
"js-yaml": "^3.13.2",
16+
"js-yaml": "^3.14.2",
1717
"node-fetch": "^2.6.1",
1818
"ts-node": "^8.10.1",
1919
"ts-rundeck": "^0.1.8",
@@ -28,8 +28,10 @@
2828
},
2929
"overrides": {
3030
"axios": "1.15.0",
31+
"follow-redirects": "1.16.0",
3132
"tough-cookie": "4.1.3",
3233
"xml-js": "0.5.1",
34+
"xml2js": "0.6.2",
3335
"diff": "4.0.4"
3436
}
3537
}

0 commit comments

Comments
 (0)