Skip to content

Commit

Permalink
Chore dependabot issues fixed
Browse files Browse the repository at this point in the history
-  dependabot issues fixed.
  • Loading branch information
adityagajbhiye9 committed Jul 12, 2024
1 parent 0347c0c commit 58f5210
Show file tree
Hide file tree
Showing 6 changed files with 12 additions and 11 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/Release-charts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
steps:
# fetch-depth: 0 is required to determine differences in chart(s)
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 0

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/code-ql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file
Expand All @@ -75,7 +75,7 @@ jobs:
# Automates dependency installation for Python, Ruby, and JavaScript, optimizing the CodeQL analysis setup
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
uses: github/codeql-action/autobuild@v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dependencies.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:
java-version: '17'

- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Generate Dependencies file
run: java -jar ./scripts/download/org.eclipse.dash.licenses-1.0.2.jar ./package-lock.json -project automotive.tractusx -summary DEPENDENCIES || true
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/dockerbuild.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Install Dependencies
run: npm install
Expand All @@ -57,7 +57,7 @@ jobs:
# Create SemVer or ref tags dependent of trigger event
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
uses: docker/metadata-action@v5
with:
images: |
${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
Expand All @@ -79,7 +79,7 @@ jobs:
password: ${{ secrets.DOCKER_HUB_TOKEN }}

- name: Build and push
uses: docker/build-push-action@v3
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
Expand All @@ -92,7 +92,7 @@ jobs:
# Important step to push image description to DockerHub
- name: Update Docker Hub description
if: github.event_name != 'pull_request'
uses: peter-evans/dockerhub-description@v3
uses: peter-evans/dockerhub-description@v4
with:
# readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images'
# readme-filepath: path/to/dedicated/notice-for-docker-image.md
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/kics.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ jobs:
security-events: write

steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4

- name: KICS scan
uses: checkmarx/kics-github-action@master
Expand All @@ -69,6 +69,6 @@ jobs:
# Upload findings to GitHub Advanced Security Dashboard
- name: Upload SARIF file for GitHub Advanced Security Dashboard
if: always()
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: kicsResults/results.sarif
3 changes: 2 additions & 1 deletion .github/workflows/trivy-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,10 @@ jobs:
image-ref: "tractusx/managed-simple-data-exchanger-frontend:latest" # Pull image from Docker Hub and run Trivy vulnerability scanner
format: "sarif"
output: "trivy-results.sarif"
exit-code: "1" # Trivy exits with code 1 if vulnerabilities are found, causing the workflow step to fail.
severity: "CRITICAL,HIGH" # While vulnerabilities of all severities are reported in the SARIF output, the exit code and workflow failure are triggered only by these specified severities (CRITICAL or HIGH).
hide-progress: false
exit-code: "1" # Trivy exits with code 1 if vulnerabilities are found, causing the workflow step to fail.
limit-severities-for-sarif: true

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
Expand Down

0 comments on commit 58f5210

Please sign in to comment.