Commit Graph

10 Commits

Author SHA1 Message Date
dependabot[bot] d7b42fae7b
--- (#1580)
updated-dependencies:
- dependency-name: snyk/actions
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-21 15:42:12 +00:00
Kevin Burnett d7bd03bb69
simplify build with pip and poetry in one step and no pipx (#1323)
* simplify build with pip and poetry in one step and no pipx

* upgrade setuptools

* just in case

* debug w/ burnettk

* print pwd and ls whenever we call constraints w/ burnettk

* update safety and setuptools to fix ci errors w/ burnettk

---------

Co-authored-by: burnettk <burnettk@users.noreply.github.com>
Co-authored-by: jasquat <jasquat@users.noreply.github.com>
2024-04-03 11:40:50 -04:00
dependabot[bot] ca9a7d9224
Bump snyk/actions (#1178)
Bumps [snyk/actions](https://github.com/snyk/actions) from 1d672a455ab3339ef0a0021e1ec809165ee12fad to 8349f9043a8b7f0f3ee8885bf28f0b388d2446e8.
- [Release notes](https://github.com/snyk/actions/releases)
- [Commits](1d672a455a...8349f9043a)

---
updated-dependencies:
- dependency-name: snyk/actions
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-07 14:38:33 +00:00
dependabot[bot] 97ad27420f
Bump snyk/actions (#1034)
Bumps [snyk/actions](https://github.com/snyk/actions) from 806182742461562b67788a64410098c9d9b96adb to 1d672a455ab3339ef0a0021e1ec809165ee12fad.
- [Release notes](https://github.com/snyk/actions/releases)
- [Commits](8061827424...1d672a455a)

---
updated-dependencies:
- dependency-name: snyk/actions
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-14 14:37:36 +00:00
dependabot[bot] 73f7ab8ff4
Bump actions/checkout from 3 to 4 (#1019)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 15:15:20 +00:00
dependabot[bot] c36ed57996
Bump actions/setup-node from 3 to 4 (#981)
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-07 15:11:25 +00:00
dependabot[bot] 9a9df0a6ef
Bump github/codeql-action from 2 to 3 (#970)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-06 07:06:57 -08:00
Kevin Burnett b02f505bea
move snyk stuff to snyk file (#895)
Co-authored-by: burnettk <burnettk@users.noreply.github.com>
2024-01-11 06:14:25 -08:00
jasquat 016eafa35d Feature/debug snyk (#660)
* try to debug snyk issue

* try to correct debug env var

* put the debug var in the correct area

* updated autoprefixer to make snyk happy

* put the rest of the ci items back

* run snyk on a schedule w/ burnettk

---------

Co-authored-by: jasquat <jasquat@users.noreply.github.com>
2023-11-10 14:13:28 -05:00
jasquat fe4dc14b8d Feature/docker CVE issues (#558)
* updated Dockerfile to try to remove security vulnerabilities w/ burnettk

* we require curl for health checks w/ burnettk

* try to scan docker image in ci

* use Dockerfile from backend w/ burnettk

* continue-on-error w/ burnettk

* attempt to elevate permissions of snyk w/ burnettk

* added snyk security github workflow w/ burnettk

* fixed location of constraints w/ burnettk

* add in or true for snyk tests w/ burnettk

* sent the snyk token w/ burnettk

* specify the directory for the sarif file w/ burnettk

* updated spiffworkflow-connector-command for snyk issue w/ burnettk

* updated sql statements sanitize input

* ignore issues for debug_controller and check frontend with snyk w/ burnettk

* updated babel and electron for snyk w/ burnettk

* some more updates to fix vulnerabilities w/ burnettk

* prune repeated deps for frontend builds since

* uncomment ci code so it runs again and use node for frontend base image w/ burnettk

* fixed backend image name w/ burnettk

* pyl w/ burnettk

---------

Co-authored-by: jasquat <jasquat@users.noreply.github.com>
2023-10-19 14:22:52 -04:00