Merge pull request #91 from CMU-17313Q/snyk-integration-new

Integrating Snyk Analysis Tool (attempt 2)
CMU-17313Q · Nov 1, 2024 · 1bc0860 · 1bc0860
2 parents 2691f26 + 12cb4bf
commit 1bc0860
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 3 deletions.
diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
@@ -0,0 +1,39 @@
+name: Snyk Test
+
+on:
+  pull_request:
+    branches:
+      - f24
+  workflow_call: # Usually called from deploy
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  checks: write  # for coverallsapp/github-action to create new checks
+  contents: read  # for actions/checkout to fetch code
+
+jobs:
+  snyk:
+    runs-on: ubuntu-latest
+    env:
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}  # Ensure your token is added as a secret in GitHub
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: NPM Install
+        uses: bahmutov/npm-install@v1
+        with:
+          useLockFile: false
+          working-directory: ./install  # specify the correct path to package.json
+
+      - name: Run Snyk Test
+        run: npx snyk test --severity-threshold=high
+        working-directory: ./install  # specify the same path here as well
diff --git a/install/.snyk b/install/.snyk
@@ -0,0 +1,42 @@
+version: v1.1293.1
+
+ignore:
+  "SNYK-JS-BOOTBOX-174704":
+    - "*": # ignore for all paths
+        reason: "No patch or upgrade available for [email protected]"
+        expires: "2025-12-31" 
+
+  "SNYK-JS-COOKIE-8163060":
+    - "*":
+        reason: "No immediate fix available for socket.io dependency"
+        expires: "2025-12-31"
+
+  "SNYK-JS-INFLIGHT-6095116":
+    - "*":
+        reason: "No direct patch available for [email protected]"
+        expires: "2025-12-31"
+
+  "SNYK-JS-JQUERYFORM-574783":
+    - "*":
+        reason: "No upgrade available for [email protected]"
+        expires: "2025-12-31"
+
+  "SNYK-JS-MARKDOWNIT-6483324":
+    - "*":
+        reason: "No upgrade available for [email protected]; requires update to nodebb-plugin-markdown or [email protected]"
+        expires: "2025-12-31"
+
+  "SNYK-JS-REQUEST-3361831":
+    - "*":
+        reason: "No upgrade available"
+        expires: "2025-12-31"
+
+  "SNYK-JS-TOUGHCOOKIE-5672873":
+    - "*":
+        reason: "No upgrade available"
+        expires: "2025-12-31"
+
+  "SNYK-JS-ZXCVBN-3257741":
+    - "*":
+        reason: "No upgrade path for [email protected]"
+        expires: "2025-12-31"
diff --git a/install/package.json b/install/package.json
@@ -41,7 +41,7 @@
         "autoprefixer": "10.4.19",
         "bcryptjs": "2.4.3",
         "benchpressjs": "2.5.1",
-        "body-parser": "1.20.2",
+        "body-parser": "1.20.3",
         "bootbox": "6.0.0",
         "bootstrap": "5.3.3",
         "bootswatch": "5.3.3",
@@ -65,7 +65,7 @@
         "daemon": "1.1.0",
         "diff": "5.2.0",
         "esbuild": "0.21.2",
-        "express": "4.19.2",
+        "express": "4.20.0",
         "express-session": "1.18.0",
         "express-useragent": "1.0.15",
         "fetch-cookie": "3.0.1",
@@ -169,7 +169,8 @@
         "mocha-lcov-reporter": "1.3.0",
         "mockdate": "3.0.5",
         "nyc": "15.1.0",
-        "smtp-server": "3.13.4"
+        "smtp-server": "3.13.4",
+        "snyk": "1.1294.0"
     },
     "optionalDependencies": {
         "sass-embedded": "1.77.1"