Merge remote-tracking branch 'origin/main'

2024-12-09 21:39:47 -05:00 · 2024-12-09 21:39:47 -05:00 · 7c26e397bf
commit 7c26e397bf
parent 7c9799ac2c efb61ed10e
2 changed files with 66 additions and 5 deletions
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@ -0,0 +1,61 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow checks out code, performs a Codacy security scan
+# and integrates the results with the
+# GitHub Advanced Security code scanning feature.  For more information on
+# the Codacy security scan action usage and parameters, see
+# https://github.com/codacy/codacy-analysis-cli-action.
+# For more information on Codacy Analysis CLI in general, see
+# https://github.com/codacy/codacy-analysis-cli.
+
+name: Codacy Security Scan
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '35 8 * * 2'
+
+permissions:
+  contents: read
+
+jobs:
+  codacy-security-scan:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Codacy Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
+      - name: Run Codacy Analysis CLI
+        uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
+        with:
+          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
+          # You can also omit the token and run the tools that support default configurations
+          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+          verbose: true
+          output: results.sarif
+          format: sarif
+          # Adjust severity of non-security issues
+          gh-code-scanning-compat: true
+          # Force 0 exit code to allow SARIF file generation
+          # This will handover control about PR rejection to the GitHub side
+          max-allowed-issues: 2147483647
+
+      # Upload the SARIF file generated in the previous step
+      - name: Upload SARIF results file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif
--- a/package.json
+++ b/package.json
@ -30,7 +30,7 @@
    "any-promise": "^1.3.0",
    "anymatch": "^3.1.3",
    "arg": "^5.0.2",
-    "balanced-match": "^1.0.2",
+    "balanced-match": "^3.0.1",
    "binary-extensions": "^2.3.0",
    "brace-expansion": "^2.0.1",
    "braces": "^3.0.3",
@ -61,12 +61,12 @@
    "is-fullwidth-code-point": "^3.0.0",
    "is-glob": "^4.0.3",
    "is-number": "^7.0.0",
-    "isexe": "^2.0.0",
+    "isexe": "^3.1.1",
    "jackspeak": "^3.4.3",
    "jiti": "^1.21.6",
    "lilconfig": "^2.1.0",
    "lines-and-columns": "^2.0.4",
-    "lru-cache": "^10.4.3",
+    "lru-cache": "^11.0.2",
    "merge2": "^1.4.1",
    "micromatch": "^4.0.8",
    "minimatch": "^10.0.1",
@ -88,13 +88,13 @@
    "pirates": "^4.0.6",
    "postcss-import": "^15.1.0",
    "postcss-js": "^4.0.1",
-    "postcss-load-config": "^4.0.2",
+    "postcss-load-config": "^6.0.1",
    "postcss-nested": "^7.0.2",
    "postcss-selector-parser": "^6.1.2",
    "postcss-value-parser": "^4.2.0",
    "queue-microtask": "^1.2.3",
    "read-cache": "^1.0.0",
-    "readdirp": "^3.6.0",
+    "readdirp": "^4.0.2",
    "resolve": "^1.22.8",
    "reusify": "^1.0.4",
    "run-parallel": "^1.2.0",