diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 000000000..7aa959680 --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,28 @@ +name: Audit + +on: + push: + branches: + - master + tags: + - v* + pull_request: + branches: + - master + - prep-** + +jobs: + lint: + name: Run audit + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v1 + - name: Set up Node.js + uses: actions/setup-node@v1 + with: + node-version: '18.x' + - name: Install dependencies + run: npm i + - name: Run audit + run: npm audit diff --git a/ci/container/build_component.sh b/ci/container/build_component.sh index 41b00c28e..5d6d40e71 100755 --- a/ci/container/build_component.sh +++ b/ci/container/build_component.sh @@ -13,19 +13,11 @@ echo "[INFO] Building" rm -f snowflake-sdk*.tgz echo "[DEBUG] Version" npm version -echo "[DEBUG] Installing newer node - bundled npm version 6.0.1 does not support setting audit level" -export NVM_PARENT_DIR=`pwd`/ignore -mkdir -p $NVM_PARENT_DIR -export NVM_DIR="$NVM_PARENT_DIR/nvm" -cp -r /usr/local/nvm $NVM_DIR -source $NVM_DIR/nvm.sh && nvm install 10 echo "[DEBUG] Packing" npm pack echo "[DEBUG] Installing" npm install rm -f ~/.npmrc -echo "[DEBUG] Auditing" -npm audit --audit-level moderate # TODO SNOW-841052 fast-xml-parser has low vulnerability - when new version will be released `moderate` option should be removed echo "[INFO] Uploading Artifacts" ARTIFACTS=($(ls snowflake-sdk*)) diff --git a/package.json b/package.json index 2225ab803..63c36aa9e 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,7 @@ "debug": "^3.2.6", "expand-tilde": "^2.0.2", "extend": "^3.0.2", - "fast-xml-parser": "^4.1.3", + "fast-xml-parser": "^4.2.5", "generic-pool": "^3.8.2", "glob": "^7.1.6", "https-proxy-agent": "^5.0.1",