Merge pull request #29 from KaiHotz/resolution_added_to_solve_vulnera…

…bilities Resolution added to solve vulnerabilities
KaiHotz · Oct 12, 2022 · c678661 · c678661
2 parents c01ddb3 + 4f811ea
commit c678661
Show file tree

Hide file tree

Showing 5 changed files with 1,017 additions and 1,495 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -23,7 +23,7 @@ on:
 jobs:
   analyze:
     name: Analyze
-    runs-on: [ self-hosted, linux ]
+    runs-on: ubuntu-latest
     permissions:
       actions: read
       contents: read

diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
@@ -1,21 +1,20 @@
-name: UI-Kit
+name: react-rollup-boilerplate
 
 on:
   pull_request:
     branches: [ main ]
 
 jobs:
   continuous-integration:
-    runs-on: [ self-hosted, linux ]
+    runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
     - uses: actions/setup-node@v3
       with:
-        node-version: 14
+        node-version: 16.x
 
     - name: Install dependencies
       run: |
-        corepack enable
         yarn install --frozen-lockfile
 
     - name: Run Continuous Integration

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -0,0 +1,22 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: 'Dependency Review'
+on:
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v2
diff --git a/package.json b/package.json
@@ -46,6 +46,9 @@
     "react": "18.x",
     "react-dom": "18.x"
   },
+  "dependencies": {
+    "classnames": "^2.3.2"
+  },
   "devDependencies": {
     "@babel/core": "^7.19.3",
     "@babel/eslint-parser": "^7.19.1",
@@ -68,7 +71,6 @@
     "@storybook/addon-controls": "^6.5.12",
     "@storybook/addon-docs": "^6.5.12",
     "@storybook/addon-essentials": "^6.5.12",
-    "@storybook/addon-info": "^5.3.21",
     "@storybook/addon-links": "^6.5.12",
     "@storybook/addon-postcss": "^2.0.0",
     "@storybook/addons": "^6.5.12",
@@ -150,7 +152,14 @@
     "webpack": "^5.74.0",
     "yarn-audit-fix": "^9.3.6"
   },
-  "dependencies": {
-    "classnames": "^2.3.2"
+  "resolutions": {
+    "node-fetch": "^2.6.7",
+    "glob-parent": "^6.0.1",
+    "highlight.js": "^11.6.0",
+    "prismjs": "^1.21.0",
+    "got": "^11.8.5",
+    "trim-newlines": "^3.0.1",
+    "trim": "^0.0.3",
+    "postcss": "^8.4.17"
   }
 }