diff --git a/.github/workflows/snyk-security.yml b/.github/workflows/snyk-security.yml deleted file mode 100644 index f23d5707..00000000 --- a/.github/workflows/snyk-security.yml +++ /dev/null @@ -1,79 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# A sample workflow which sets up Snyk to analyze the full Snyk platform (Snyk Open Source, Snyk Code, -# Snyk Container and Snyk Infrastructure as Code) -# The setup installs the Snyk CLI - for more details on the possible commands -# check https://docs.snyk.io/snyk-cli/cli-reference -# The results of Snyk Code are then uploaded to GitHub Security Code Scanning -# -# In order to use the Snyk Action you will need to have a Snyk API token. -# More details in https://github.com/snyk/actions#getting-your-snyk-token -# or you can signup for free at https://snyk.io/login -# -# For more examples, including how to limit scans to only high-severity issues -# and fail PR checks, see https://github.com/snyk/actions/ - -name: Snyk Security - -on: - push: - branches: ["v2", "master"] - pull_request: - branches: ["v2"] - -permissions: - contents: read - -jobs: - snyk: - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Set up Snyk CLI to check for security issues - # Snyk can be used to break the build when it detects security issues. - # In this case we want to upload the SAST issues to GitHub Code Scanning - uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb - - # For Snyk Open Source you must first set up the development environment for your application's dependencies - # For example for Node - #- uses: actions/setup-node@v3 - # with: - # node-version: 16 - - env: - # This is where you will need to introduce the Snyk API token created with your Snyk account - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - # Runs Snyk Code (SAST) analysis and uploads result into GitHub. - # Use || true to not fail the pipeline - - name: Snyk Code test - run: snyk code test --sarif > snyk-code.sarif # || true - - # Runs Snyk Open Source (SCA) analysis and uploads result to Snyk. - - name: Snyk Open Source monitor - run: snyk monitor --all-projects - - # Runs Snyk Infrastructure as Code (IaC) analysis and uploads result to Snyk. - # Use || true to not fail the pipeline. - - name: Snyk IaC test and report - run: snyk iac test --report # || true - - # Build the docker image for testing - - name: Build a Docker image - run: docker build -t your/image-to-test . - # Runs Snyk Container (Container and SCA) analysis and uploads result to Snyk. - - name: Snyk Container monitor - run: snyk container monitor your/image-to-test --file=Dockerfile - - # Push the Snyk Code results into GitHub Code Scanning tab - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: snyk-code.sarif diff --git a/package.json b/package.json index d1dae982..2769d983 100644 --- a/package.json +++ b/package.json @@ -49,7 +49,7 @@ "scrypt-js": "^3.0.1", "secp256k1": "^3.7.1", "superagent": "^6.1.0", - "websocket": "^1.0.31" + "websocket": "^1.0.35" }, "devDependencies": { "@babel/core": "^7.8.4", diff --git a/yarn.lock b/yarn.lock index ea256abc..983e0a4e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2701,6 +2701,14 @@ d@1, d@^1.0.1: es5-ext "^0.10.50" type "^1.0.1" +d@^1.0.2: + version "1.0.2" + resolved "https://registry.npmmirror.com/d/-/d-1.0.2.tgz#2aefd554b81981e7dccf72d6842ae725cb17e5de" + integrity sha512-MOqHvMWF9/9MX6nza0KgvFH4HpMU0EF5uUDXqX/BtxtU8NfB0QzRtJ8Oe/6SuS4kbhyzVJwjd97EA4PKrzJ8bw== + dependencies: + es5-ext "^0.10.64" + type "^2.7.2" + dash-ast@^1.0.0: version "1.0.0" resolved "https://registry.npmmirror.com/dash-ast/download/dash-ast-1.0.0.tgz#12029ba5fb2f8aa6f0a861795b23c1b4b6c27d37" @@ -3092,10 +3100,20 @@ es5-ext@^0.10.35, es5-ext@^0.10.50: es6-symbol "~3.1.3" next-tick "~1.0.0" -es6-iterator@~2.0.3: +es5-ext@^0.10.62, es5-ext@^0.10.63, es5-ext@^0.10.64, es5-ext@~0.10.14: + version "0.10.64" + resolved "https://registry.npmmirror.com/es5-ext/-/es5-ext-0.10.64.tgz#12e4ffb48f1ba2ea777f1fcdd1918ef73ea21714" + integrity sha512-p2snDhiLaXe6dahss1LddxqEm+SkuDvV8dnIQG0MWjyHpcMNfXKPE+/Cc0y+PhxJX3A4xGNeFCj5oc0BUh6deg== + dependencies: + es6-iterator "^2.0.3" + es6-symbol "^3.1.3" + esniff "^2.0.1" + next-tick "^1.1.0" + +es6-iterator@^2.0.3, es6-iterator@~2.0.3: version "2.0.3" - resolved "https://registry.npmmirror.com/es6-iterator/download/es6-iterator-2.0.3.tgz#a7de889141a05a94b0854403b2d0a0fbfa98f3b7" - integrity sha1-p96IkUGgWpSwhUQDstCg+/qY87c= + resolved "https://registry.npmmirror.com/es6-iterator/-/es6-iterator-2.0.3.tgz#a7de889141a05a94b0854403b2d0a0fbfa98f3b7" + integrity sha512-zw4SRzoUkd+cl+ZoE15A9o1oQd920Bb0iOJMQkQhl3jNc03YqVjAhG7scf9C5KWRU/R13Orf588uCC6525o02g== dependencies: d "1" es5-ext "^0.10.35" @@ -3109,6 +3127,14 @@ es6-symbol@^3.1.1, es6-symbol@~3.1.3: d "^1.0.1" ext "^1.1.2" +es6-symbol@^3.1.3: + version "3.1.4" + resolved "https://registry.npmmirror.com/es6-symbol/-/es6-symbol-3.1.4.tgz#f4e7d28013770b4208ecbf3e0bf14d3bcb557b8c" + integrity sha512-U9bFFjX8tFiATgtkJ1zg25+KviIXpgRvRHS8sau3GfhVzThRQrOeksPeT0BWW2MNZs1OEWJ1DPXOQMn0KKRkvg== + dependencies: + d "^1.0.2" + ext "^1.7.0" + escalade@^3.1.1: version "3.1.1" resolved "https://registry.npmmirror.com/escalade/download/escalade-3.1.1.tgz#d8cfdc7000965c5a0174b4a82eaa5c0552742e40" @@ -3262,6 +3288,16 @@ eslint@^7.12.0: text-table "^0.2.0" v8-compile-cache "^2.0.3" +esniff@^2.0.1: + version "2.0.1" + resolved "https://registry.npmmirror.com/esniff/-/esniff-2.0.1.tgz#a4d4b43a5c71c7ec51c51098c1d8a29081f9b308" + integrity sha512-kTUIGKQ/mDPFoJ0oVfcmyJn4iBDRptjNVIzwIFR7tqWXdVI9xfA2RMwY/gbSpJG3lkdWNEjLap/NqVHZiJsdfg== + dependencies: + d "^1.0.1" + es5-ext "^0.10.62" + event-emitter "^0.3.5" + type "^2.7.2" + espree@^7.3.0, espree@^7.3.1: version "7.3.1" resolved "https://registry.npmmirror.com/espree/download/espree-7.3.1.tgz#f2df330b752c6f55019f8bd89b7660039c1bbbb6" @@ -3305,6 +3341,14 @@ esutils@^2.0.2: resolved "https://registry.npmmirror.com/esutils/download/esutils-2.0.3.tgz#74d2eb4de0b8da1293711910d50775b9b710ef64" integrity sha1-dNLrTeC42hKTcRkQ1Qd1ubcQ72Q= +event-emitter@^0.3.5: + version "0.3.5" + resolved "https://registry.npmmirror.com/event-emitter/-/event-emitter-0.3.5.tgz#df8c69eef1647923c7157b9ce83840610b02cc39" + integrity sha512-D9rRn9y7kLPnJ+hMq7S/nhvoKwwvVJahBi2BPmx3bvbsEdK3W9ii8cBSGjP+72/LnM4n6fo3+dkCX5FeTQruXA== + dependencies: + d "1" + es5-ext "~0.10.14" + event-pubsub@4.3.0: version "4.3.0" resolved "https://registry.yarnpkg.com/event-pubsub/-/event-pubsub-4.3.0.tgz#f68d816bc29f1ec02c539dc58c8dd40ce72cb36e" @@ -3403,6 +3447,13 @@ ext@^1.1.2: dependencies: type "^2.5.0" +ext@^1.7.0: + version "1.7.0" + resolved "https://registry.npmmirror.com/ext/-/ext-1.7.0.tgz#0ea4383c0103d60e70be99e9a7f11027a33c4f5f" + integrity sha512-6hxeJYaL110a9b5TEJSj0gojyHQAmA2ch5Os+ySCiA1QGdS697XWY1pzsrSjqA9LDEEgdB/KypIlR59RcLuHYw== + dependencies: + type "^2.7.2" + extend-shallow@^2.0.1: version "2.0.1" resolved "https://registry.npmmirror.com/extend-shallow/download/extend-shallow-2.0.1.tgz#51af7d614ad9a9f610ea1bafbb989d6b1c56890f" @@ -5526,6 +5577,11 @@ neo-async@^2.6.0: resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f" integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw== +next-tick@^1.1.0: + version "1.1.0" + resolved "https://registry.npmmirror.com/next-tick/-/next-tick-1.1.0.tgz#1836ee30ad56d67ef281b22bd199f709449b35eb" + integrity sha512-CXdUiJembsNjuToQvxayPZF9Vqht7hewsvy2sOWafLvi2awflj9mOC6bHIg50orX8IJvWKY9wYQ/zB2kogPslQ== + next-tick@~1.0.0: version "1.0.0" resolved "https://registry.npmmirror.com/next-tick/download/next-tick-1.0.0.tgz#ca86d1fe8828169b0120208e3dc8424b9db8342c" @@ -7301,6 +7357,11 @@ type@^2.5.0: resolved "https://registry.npmmirror.com/type/download/type-2.5.0.tgz#0a2e78c2e77907b252abe5f298c1b01c63f0db3d" integrity sha1-Ci54wud5B7JSq+XymMGwHGPw2z0= +type@^2.7.2: + version "2.7.2" + resolved "https://registry.npmmirror.com/type/-/type-2.7.2.tgz#2376a15a3a28b1efa0f5350dcf72d24df6ef98d0" + integrity sha512-dzlvlNlt6AXU7EBSfpAscydQ7gXB+pPGsPnfJnZpiNJBDj7IaJzQlBZYGdEi4R9HmPdBv2XmWJ6YUtoTa7lmCw== + typedarray-to-buffer@^3.1.5: version "3.1.5" resolved "https://registry.npmmirror.com/typedarray-to-buffer/download/typedarray-to-buffer-3.1.5.tgz#a97ee7a9ff42691b9f783ff1bc5112fe3fca9080" @@ -7592,14 +7653,14 @@ webidl-conversions@^6.1.0: resolved "https://registry.npmmirror.com/webidl-conversions/download/webidl-conversions-6.1.0.tgz#9111b4d7ea80acd40f5270d666621afa78b69514" integrity sha1-kRG01+qArNQPUnDWZmIa+ni2lRQ= -websocket@^1.0.31: - version "1.0.34" - resolved "https://registry.npmmirror.com/websocket/download/websocket-1.0.34.tgz#2bdc2602c08bf2c82253b730655c0ef7dcab3111" - integrity sha1-K9wmAsCL8sgiU7cwZVwO99yrMRE= +websocket@^1.0.35: + version "1.0.35" + resolved "https://registry.npmmirror.com/websocket/-/websocket-1.0.35.tgz#374197207d7d4cc4c36cbf8a1bb886ee52a07885" + integrity sha512-/REy6amwPZl44DDzvRCkaI1q1bIiQB0mEFQLUrhz3z2EK91cp3n72rAjUlrTP0zV22HJIUOVHQGPxhFRjxjt+Q== dependencies: bufferutil "^4.0.1" debug "^2.2.0" - es5-ext "^0.10.50" + es5-ext "^0.10.63" typedarray-to-buffer "^3.1.5" utf-8-validate "^5.0.2" yaeti "^0.0.6"