Skip to content

Commit

Permalink
chore: update deps (#1361)
Browse files Browse the repository at this point in the history 
#1338

- Updates dependencies to resolve [severe dependabot
alerts](https://github.com/chanzuckerberg/cryoet-data-portal/security/dependabot?q=is%3Aopen+severity%3Ahigh)
- Adds workflow for scanning dependencies in a PR

## Demos

The dependency review workflow will scan the `pnpm-lock.yaml` file for
every PR to determine if a PR is installing a vulnerable dependency.
It's primarily used here to verify that the updated dependencies are no
longer vulnerable, but in case a vulnerability is found, it will
highlight it in the workflow summary.

### No vulnerabilities


https://github.com/chanzuckerberg/cryoet-data-portal/actions/runs/12055691026?pr=1361

<img width="582" alt="image"
src="https://github.com/user-attachments/assets/228a87fc-5ab0-4c51-82f8-60274e0a43b5">

### Vulnerability found


https://github.com/chanzuckerberg/cryoet-data-portal/actions/runs/12055761906?pr=1362

<img width="610" alt="image"
src="https://github.com/user-attachments/assets/08d96fc5-161e-494c-8863-3a0afa751c24">
  • Loading branch information
@codemonkey800
codemonkey800 authored Nov 27, 2024
1 parent 538a480 commit d9f6635
Show file tree
Hide file tree
Showing 4 changed files with 175 additions and 135 deletions.
13 changes: 13 additions & 0 deletions .github/workflows/frontend-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ on:
paths:
- 'frontend/**'

permissions:
contents: read

defaults:
run:
working-directory: frontend/
Expand Down Expand Up @@ -77,3 +80,13 @@ jobs:

- name: tsc
run: pnpm -r type-check

dependency-review:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4

- name: Dependency Review
uses: actions/dependency-review-action@v4
6 changes: 5 additions & 1 deletion frontend/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,11 @@
"pnpm": {
"overrides": {
"@babel/traverse": "^7.23.2",
"vite": "^4.5.3"
"cross-spawn": "^7.0.3",
"dset": "^3.1.4",
"rollup": "^3.29.5",
"vite": "^4.5.3",
"ws": "^7.5.10"
}
}
}
4 changes: 2 additions & 2 deletions frontend/packages/data-portal/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,15 +53,15 @@
"@remix-run/server-runtime": "^2.0.1",
"@remix-run/testing": "^2.0.1",
"@tanstack/react-table": "^8.10.6",
"axios": "^1.6.2",
"axios": "^1.7.8",
"axios-cache-interceptor": "^1.3.2",
"chokidar": "^3.5.3",
"clsx": "^2.0.0",
"compression": "^1.7.4",
"dayjs": "^1.11.10",
"dedent": "^1.5.3",
"deep-object-diff": "^1.1.9",
"express": "^4.19.2",
"express": "^4.21.1",
"framer-motion": "^10.16.4",
"graphql": "^16.8.1",
"i18next": "^23.7.6",
Expand Down
Loading

0 comments on commit d9f6635

Please sign in to comment.