SNOW-841052: Don't block build on npm audit (#551)

.github/workflows/audit.yml

@@ -0,0 +1,28 @@
+name: Audit
+
+on:
+    push:
+        branches:
+            - master
+        tags:
+            - v*
+    pull_request:
+        branches:
+            - master
+            - prep-**
+
+jobs:
+    lint:
+        name: Run audit
+        runs-on: ubuntu-latest
+        steps:
+          - name: Check out code
+            uses: actions/checkout@v1
+          - name: Set up Node.js
+            uses: actions/setup-node@v1
+            with:
+                node-version: '18.x'
+          - name: Install dependencies
+            run: npm i
+          - name: Run audit
+            run: npm audit

ci/container/build_component.sh

@@ -13,19 +13,11 @@ echo "[INFO] Building"
 rm -f snowflake-sdk*.tgz
 echo "[DEBUG] Version"
 npm version
-echo "[DEBUG] Installing newer node - bundled npm version 6.0.1 does not support setting audit level"
-export NVM_PARENT_DIR=`pwd`/ignore
-mkdir -p $NVM_PARENT_DIR
-export NVM_DIR="$NVM_PARENT_DIR/nvm"
-cp -r /usr/local/nvm $NVM_DIR
-source $NVM_DIR/nvm.sh && nvm install 10
 echo "[DEBUG] Packing"
 npm pack
 echo "[DEBUG] Installing"
 npm install
 rm -f ~/.npmrc
-echo "[DEBUG] Auditing"
-npm audit --audit-level moderate # TODO SNOW-841052 fast-xml-parser has low vulnerability - when new version will be released `moderate` option should be removed
 
 echo "[INFO] Uploading Artifacts"
 ARTIFACTS=($(ls snowflake-sdk*))

package.json

@@ -21,7 +21,7 @@
     "debug": "^3.2.6",
     "expand-tilde": "^2.0.2",
     "extend": "^3.0.2",
-    "fast-xml-parser": "^4.1.3",
+    "fast-xml-parser": "^4.2.5",
     "generic-pool": "^3.8.2",
     "glob": "^7.1.6",
     "https-proxy-agent": "^5.0.1",