chore: add override for cross-spawn vulnerability (#3154)

* chore: add override for cross-spawn vulnerability * chore: debugging trivy * Revert "chore: debugging trivy" This reverts commit c8434d2. * chore(ci): trivy ignore * chore(ci): debug trivvy * Revert "chore(ci): debug trivvy" This reverts commit 81023c6. * chore(ci): debug trivy * chore(ci): checkout repo during trivy check * chore(ci): add expiry to ignored vulnerability * chore(ci): ignore vulnerability in grype * chore(ci): remove debug flag from trivy scan
interledger · Dec 8, 2024 · 61a4028 · 61a4028
1 parent 5c21c94
commit 61a4028
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 10 deletions.
diff --git a/.github/workflows/node-build.yml b/.github/workflows/node-build.yml
@@ -291,6 +291,7 @@ jobs:
           - backend
           - frontend
     steps:
+      - uses: actions/checkout@v4
       - name: Fetch docker image from cache
         uses: actions/cache/restore@v4
         with:
@@ -326,6 +327,7 @@ jobs:
           - backend
           - frontend
     steps:
+      - uses: actions/checkout@v4
       - name: Fetch docker image from cache
         uses: actions/cache/restore@v4
         with:

diff --git a/.grype.yaml b/.grype.yaml
@@ -0,0 +1,2 @@
+ignore:
+  - vulnerability: GHSA-3xgq-45jj-v275
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1 @@
+CVE-2024-21538 exp:2024-12-31
diff --git a/package.json b/package.json
@@ -78,7 +78,8 @@
       "tar@<6.2.1": ">=6.2.1",
       "braces@<3.0.3": ">=3.0.3",
       "@grpc/grpc-js@>=1.10.0 <1.10.9": ">=1.10.9",
-      "dset@<3.1.4": ">=3.1.4"
+      "dset@<3.1.4": ">=3.1.4",
+      "cross-spawn@>=7.0.0 <7.0.5": ">=7.0.5"
     }
   }
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml