From b9b81c98cdb3a935ffaa28c6afa8c5b72e07883b Mon Sep 17 00:00:00 2001 From: Darryl Hein Date: Mon, 29 Jul 2024 15:36:59 -0600 Subject: [PATCH] switch to npx version of audit-ci works better on CI --- .github/workflows/ci.yml | 6 +- package.json | 5 +- yarn.lock | 228 ++------------------------------------- 3 files changed, 12 insertions(+), 227 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 23e28b77b..18b4c8ecd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,7 +32,7 @@ jobs: uses: symfonycorp/security-checker-action@v5 - name: Run JS security checks - run: npx audit-ci@^7 --high --config .audit-ci.jsonc --report-type summary + run: yarn audit:high - name: Install Composer dependencies run: composer install --no-interaction --no-progress --ignore-platform-reqs @@ -93,7 +93,7 @@ jobs: uses: symfonycorp/security-checker-action@v5 - name: Run JS security checks - run: npx audit-ci@^7 --high --config .audit-ci.jsonc --report-type summary + run: yarn audit:high - name: Install Composer dependencies run: composer install --classmap-authoritative --no-interaction --no-progress --ignore-platform-reqs @@ -134,7 +134,7 @@ jobs: uses: symfonycorp/security-checker-action@v5 - name: Run JS security checks - run: npx audit-ci@^7 --high --config .audit-ci.jsonc --report-type summary + run: yarn audit:high - name: Install Composer dependencies run: composer install --no-dev --classmap-authoritative --no-interaction --no-progress --ignore-platform-reqs diff --git a/package.json b/package.json index 453ef4686..74b692bf6 100644 --- a/package.json +++ b/package.json @@ -18,8 +18,8 @@ "lint:js:fix": "eslint --ext .js,.vue public/js *.js --fix", "lint:css": "stylelint public/css/**/*.scss", "lint:css:fix": "stylelint public/css/**/*.scss --fix", - "audit:moderate": "audit-ci --moderate --config .audit-ci.jsonc --report-type summary", - "audit:high": "audit-ci --high --config .audit-ci.jsonc --report-type summary" + "audit:moderate": "npx audit-ci@^7 --moderate --config .audit-ci.jsonc --report-type summary", + "audit:high": "npx audit-ci@^7 --high --config .audit-ci.jsonc --report-type summary" }, "dependencies": { "@apollo/client": "^3.7.12", @@ -66,7 +66,6 @@ "@tailwindcss/typography": "^0.5.0", "@vitejs/plugin-vue": "^5.0.0", "@vue/test-utils": "^2.0.0", - "audit-ci": "^7.0.1", "autoprefixer": "^10.0.2", "dotenv": "^16.0.0", "eslint": "^8.0.0", diff --git a/yarn.lock b/yarn.lock index 6f09e77a6..fe43158f6 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1896,25 +1896,6 @@ __metadata: languageName: node linkType: hard -"audit-ci@npm:^7.0.1": - version: 7.0.1 - resolution: "audit-ci@npm:7.0.1" - dependencies: - cross-spawn: ^7.0.3 - escape-string-regexp: ^4.0.0 - event-stream: 4.0.1 - jju: ^1.4.0 - jsonstream-next: ^3.0.0 - readline-transform: 1.0.0 - semver: ^7.0.0 - tslib: ^2.0.0 - yargs: ^17.0.0 - bin: - audit-ci: dist/bin.js - checksum: 4146d28458c0eb9ddf79aa2ccf4b53d45db1468eef968bc6d9f4584c880d31fbce2e3bd8a83a649f597e35d24969e9dbc65f9736de2aa2a031680c0c435eae29 - languageName: node - linkType: hard - "autoprefixer@npm:^10.0.2": version: 10.4.19 resolution: "autoprefixer@npm:10.4.19" @@ -2160,17 +2141,6 @@ __metadata: languageName: node linkType: hard -"cliui@npm:^8.0.1": - version: 8.0.1 - resolution: "cliui@npm:8.0.1" - dependencies: - string-width: ^4.2.0 - strip-ansi: ^6.0.1 - wrap-ansi: ^7.0.0 - checksum: 79648b3b0045f2e285b76fb2e24e207c6db44323581e421c3acbd0e86454cba1b37aea976ab50195a49e7384b871e6dfb2247ad7dec53c02454ac6497394cb56 - languageName: node - linkType: hard - "color-convert@npm:^1.9.0": version: 1.9.3 resolution: "color-convert@npm:1.9.3" @@ -2471,13 +2441,6 @@ __metadata: languageName: node linkType: hard -"duplexer@npm:^0.1.1, duplexer@npm:~0.1.1": - version: 0.1.2 - resolution: "duplexer@npm:0.1.2" - checksum: 62ba61a830c56801db28ff6305c7d289b6dc9f859054e8c982abd8ee0b0a14d2e9a8e7d086ffee12e868d43e2bbe8a964be55ddbd8c8957714c87373c7a4f9b0 - languageName: node - linkType: hard - "eastasianwidth@npm:^0.2.0": version: 0.2.0 resolution: "eastasianwidth@npm:0.2.0" @@ -2655,7 +2618,7 @@ __metadata: languageName: node linkType: hard -"escalade@npm:^3.1.1, escalade@npm:^3.1.2": +"escalade@npm:^3.1.2": version: 3.1.2 resolution: "escalade@npm:3.1.2" checksum: 1ec0977aa2772075493002bdbd549d595ff6e9393b1cb0d7d6fcaf78c750da0c158f180938365486f75cb69fba20294351caddfce1b46552a7b6c3cde52eaa02 @@ -2818,21 +2781,6 @@ __metadata: languageName: node linkType: hard -"event-stream@npm:4.0.1": - version: 4.0.1 - resolution: "event-stream@npm:4.0.1" - dependencies: - duplexer: ^0.1.1 - from: ^0.1.7 - map-stream: 0.0.7 - pause-stream: ^0.0.11 - split: ^1.0.1 - stream-combiner: ^0.2.2 - through: ^2.3.8 - checksum: 515cdff30c8dd74d5869cf53133b8851deba012605d2a15a1bc77b777b9d237ebf06d99ec62be2c6fc8adb2c89bf392771e2809239b278e5e70ba2f88cd1955c - languageName: node - linkType: hard - "execa@npm:^8.0.1": version: 8.0.1 resolution: "execa@npm:8.0.1" @@ -3035,13 +2983,6 @@ __metadata: languageName: node linkType: hard -"from@npm:^0.1.7": - version: 0.1.7 - resolution: "from@npm:0.1.7" - checksum: b85125b7890489656eb2e4f208f7654a93ec26e3aefaf3bbbcc0d496fc1941e4405834fcc9fe7333192aa2187905510ace70417bbf9ac6f6f4784a731d986939 - languageName: node - linkType: hard - "fs-minipass@npm:^2.0.0": version: 2.1.0 resolution: "fs-minipass@npm:2.1.0" @@ -3100,13 +3041,6 @@ __metadata: languageName: node linkType: hard -"get-caller-file@npm:^2.0.5": - version: 2.0.5 - resolution: "get-caller-file@npm:2.0.5" - checksum: b9769a836d2a98c3ee734a88ba712e62703f1df31b94b784762c433c27a386dd6029ff55c2a920c392e33657d80191edbf18c61487e198844844516f843496b9 - languageName: node - linkType: hard - "get-func-name@npm:^2.0.1, get-func-name@npm:^2.0.2": version: 2.0.2 resolution: "get-func-name@npm:2.0.2" @@ -3488,7 +3422,7 @@ __metadata: languageName: node linkType: hard -"inherits@npm:2, inherits@npm:^2.0.3": +"inherits@npm:2": version: 2.0.4 resolution: "inherits@npm:2.0.4" checksum: 4a48a733847879d6cf6691860a6b1e3f0f4754176e4d71494c41f3475553768b10f84b5ce1d40fbd0e34e6bfbb864ee35858ad4dd2cf31e02fc4a154b724d7f1 @@ -3645,13 +3579,6 @@ __metadata: languageName: node linkType: hard -"jju@npm:^1.4.0": - version: 1.4.0 - resolution: "jju@npm:1.4.0" - checksum: 3790481bd2b7827dd6336e6e3dc2dcc6d425679ba7ebde7b679f61dceb4457ea0cda330972494de608571f4973c6dfb5f70fab6f3c5037dbab19ac449a60424f - languageName: node - linkType: hard - "js-beautify@npm:^1.14.9": version: 1.15.1 resolution: "js-beautify@npm:1.15.1" @@ -3795,25 +3722,6 @@ __metadata: languageName: node linkType: hard -"jsonparse@npm:^1.2.0": - version: 1.3.1 - resolution: "jsonparse@npm:1.3.1" - checksum: 6514a7be4674ebf407afca0eda3ba284b69b07f9958a8d3113ef1005f7ec610860c312be067e450c569aab8b89635e332cee3696789c750692bb60daba627f4d - languageName: node - linkType: hard - -"jsonstream-next@npm:^3.0.0": - version: 3.0.0 - resolution: "jsonstream-next@npm:3.0.0" - dependencies: - jsonparse: ^1.2.0 - through2: ^4.0.2 - bin: - jsonstream-next: bin.js - checksum: 651d9d304ae9b23e397f0c1c60d8679daab41f42981eca6eaa61527a2f249d1cc0e8f3b3da2ce686590933ee92301d2092cb4cc65a24206d5a4e4409b77bdc21 - languageName: node - linkType: hard - "jssha@npm:^3.3.1": version: 3.3.1 resolution: "jssha@npm:3.3.1" @@ -4028,13 +3936,6 @@ __metadata: languageName: node linkType: hard -"map-stream@npm:0.0.7": - version: 0.0.7 - resolution: "map-stream@npm:0.0.7" - checksum: 74596bc701abb3e328e0783d70fcfdc5204798d945662a1824b57b7f10f3c36835edee5881bdd68618f96c992594bcbe09233f12b04d3a6a55a76e1a5793b76e - languageName: node - linkType: hard - "mathml-tag-names@npm:^2.1.3": version: 2.1.3 resolution: "mathml-tag-names@npm:2.1.3" @@ -4603,15 +4504,6 @@ __metadata: languageName: node linkType: hard -"pause-stream@npm:^0.0.11": - version: 0.0.11 - resolution: "pause-stream@npm:0.0.11" - dependencies: - through: ~2.3 - checksum: 3c4a14052a638b92e0c96eb00c0d7977df7f79ea28395250c525d197f1fc02d34ce1165d5362e2e6ebbb251524b94a76f3f0d4abc39ab8b016d97449fe15583c - languageName: node - linkType: hard - "picocolors@npm:^1.0.0, picocolors@npm:^1.0.1": version: 1.0.1 resolution: "picocolors@npm:1.0.1" @@ -4934,17 +4826,6 @@ __metadata: languageName: node linkType: hard -"readable-stream@npm:3": - version: 3.6.2 - resolution: "readable-stream@npm:3.6.2" - dependencies: - inherits: ^2.0.3 - string_decoder: ^1.1.1 - util-deprecate: ^1.0.1 - checksum: bdcbe6c22e846b6af075e32cf8f4751c2576238c5043169a1c221c92ee2878458a816a4ea33f4c67623c0b6827c8a400409bfb3cf0bf3381392d0b1dfb52ac8d - languageName: node - linkType: hard - "readdirp@npm:~3.6.0": version: 3.6.0 resolution: "readdirp@npm:3.6.0" @@ -4954,13 +4835,6 @@ __metadata: languageName: node linkType: hard -"readline-transform@npm:1.0.0": - version: 1.0.0 - resolution: "readline-transform@npm:1.0.0" - checksum: 0d2d130cc9a853dc4089c22ee3807de721133b49e2a07d129827ab6a5ffc93202e70e0fb090b1a08b70d74e901ee8f48ad728feccad26bfbd223a8b6b87dac65 - languageName: node - linkType: hard - "rehackt@npm:^0.1.0": version: 0.1.0 resolution: "rehackt@npm:0.1.0" @@ -4976,13 +4850,6 @@ __metadata: languageName: node linkType: hard -"require-directory@npm:^2.1.1": - version: 2.1.1 - resolution: "require-directory@npm:2.1.1" - checksum: fb47e70bf0001fdeabdc0429d431863e9475e7e43ea5f94ad86503d918423c1543361cc5166d713eaa7029dd7a3d34775af04764bebff99ef413111a5af18c80 - languageName: node - linkType: hard - "require-from-string@npm:^2.0.2": version: 2.0.2 resolution: "require-from-string@npm:2.0.2" @@ -5155,13 +5022,6 @@ __metadata: languageName: node linkType: hard -"safe-buffer@npm:~5.2.0": - version: 5.2.1 - resolution: "safe-buffer@npm:5.2.1" - checksum: b99c4b41fdd67a6aaf280fcd05e9ffb0813654894223afb78a31f14a19ad220bba8aba1cb14eddce1fcfb037155fe6de4e861784eb434f7d11ed58d1e70dd491 - languageName: node - linkType: hard - "safer-buffer@npm:>= 2.1.2 < 3.0.0": version: 2.1.2 resolution: "safer-buffer@npm:2.1.2" @@ -5200,7 +5060,7 @@ __metadata: languageName: node linkType: hard -"semver@npm:^7.0.0, semver@npm:^7.3.5, semver@npm:^7.3.6, semver@npm:^7.5.3, semver@npm:^7.6.0": +"semver@npm:^7.3.5, semver@npm:^7.3.6, semver@npm:^7.5.3, semver@npm:^7.6.0": version: 7.6.2 resolution: "semver@npm:7.6.2" bin: @@ -5343,15 +5203,6 @@ __metadata: languageName: node linkType: hard -"split@npm:^1.0.1": - version: 1.0.1 - resolution: "split@npm:1.0.1" - dependencies: - through: 2 - checksum: 12f4554a5792c7e98bb3e22b53c63bfa5ef89aa704353e1db608a55b51f5b12afaad6e4a8ecf7843c15f273f43cdadd67b3705cc43d48a75c2cf4641d51f7e7a - languageName: node - linkType: hard - "sprintf-js@npm:^1.1.3": version: 1.1.3 resolution: "sprintf-js@npm:1.1.3" @@ -5382,17 +5233,7 @@ __metadata: languageName: node linkType: hard -"stream-combiner@npm:^0.2.2": - version: 0.2.2 - resolution: "stream-combiner@npm:0.2.2" - dependencies: - duplexer: ~0.1.1 - through: ~2.3.4 - checksum: 5d3f4f6dd3604b3c5acf16150eabbbd131247378b54719c39cac5b5793150a92842306f662b58df65f2bd2e64bf8081f21449489591fed440c2b280021474e7d - languageName: node - linkType: hard - -"string-width-cjs@npm:string-width@^4.2.0, string-width@npm:^4.1.0, string-width@npm:^4.2.0, string-width@npm:^4.2.3": +"string-width-cjs@npm:string-width@^4.2.0, string-width@npm:^4.1.0, string-width@npm:^4.2.3": version: 4.2.3 resolution: "string-width@npm:4.2.3" dependencies: @@ -5414,15 +5255,6 @@ __metadata: languageName: node linkType: hard -"string_decoder@npm:^1.1.1": - version: 1.3.0 - resolution: "string_decoder@npm:1.3.0" - dependencies: - safe-buffer: ~5.2.0 - checksum: 8417646695a66e73aefc4420eb3b84cc9ffd89572861fe004e6aeb13c7bc00e2f616247505d2dbbef24247c372f70268f594af7126f43548565c68c117bdeb56 - languageName: node - linkType: hard - "strip-ansi-cjs@npm:strip-ansi@^6.0.1, strip-ansi@npm:^6.0.0, strip-ansi@npm:^6.0.1": version: 6.0.1 resolution: "strip-ansi@npm:6.0.1" @@ -5727,22 +5559,6 @@ __metadata: languageName: node linkType: hard -"through2@npm:^4.0.2": - version: 4.0.2 - resolution: "through2@npm:4.0.2" - dependencies: - readable-stream: 3 - checksum: ac7430bd54ccb7920fd094b1c7ff3e1ad6edd94202e5528331253e5fde0cc56ceaa690e8df9895de2e073148c52dfbe6c4db74cacae812477a35660090960cc0 - languageName: node - linkType: hard - -"through@npm:2, through@npm:^2.3.8, through@npm:~2.3, through@npm:~2.3.4": - version: 2.3.8 - resolution: "through@npm:2.3.8" - checksum: a38c3e059853c494af95d50c072b83f8b676a9ba2818dcc5b108ef252230735c54e0185437618596c790bbba8fcdaef5b290405981ffa09dce67b1f1bf190cbd - languageName: node - linkType: hard - "tinybench@npm:^2.5.1": version: 2.8.0 resolution: "tinybench@npm:2.8.0" @@ -5843,7 +5659,7 @@ __metadata: languageName: node linkType: hard -"tslib@npm:^2.0.0, tslib@npm:^2.1.0, tslib@npm:^2.3.0": +"tslib@npm:^2.1.0, tslib@npm:^2.3.0": version: 2.6.3 resolution: "tslib@npm:2.6.3" checksum: 74fce0e100f1ebd95b8995fbbd0e6c91bdd8f4c35c00d4da62e285a3363aaa534de40a80db30ecfd388ed7c313c42d930ee0eaf108e8114214b180eec3dbe6f5 @@ -5976,7 +5792,7 @@ __metadata: languageName: node linkType: hard -"util-deprecate@npm:^1.0.1, util-deprecate@npm:^1.0.2": +"util-deprecate@npm:^1.0.2": version: 1.0.2 resolution: "util-deprecate@npm:1.0.2" checksum: 474acf1146cb2701fe3b074892217553dfcf9a031280919ba1b8d651a068c9b15d863b7303cb15bd00a862b498e6cf4ad7b4a08fb134edd5a6f7641681cb54a2 @@ -6397,7 +6213,7 @@ __metadata: languageName: node linkType: hard -"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0, wrap-ansi@npm:^7.0.0": +"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0": version: 7.0.0 resolution: "wrap-ansi@npm:7.0.0" dependencies: @@ -6473,7 +6289,6 @@ __metadata: "@xstate/vue": ^3.0.2 "@zootools/email-spell-checker": ^1.12.0 apollo-upload-client: ^18.0.1 - audit-ci: ^7.0.1 autoprefixer: ^10.0.2 core-js: ^3.4.3 cuid: ^3.0.0 @@ -6545,13 +6360,6 @@ __metadata: languageName: node linkType: hard -"y18n@npm:^5.0.5": - version: 5.0.8 - resolution: "y18n@npm:5.0.8" - checksum: 54f0fb95621ee60898a38c572c515659e51cc9d9f787fb109cef6fde4befbe1c4602dc999d30110feee37456ad0f1660fa2edcfde6a9a740f86a290999550d30 - languageName: node - linkType: hard - "yallist@npm:^3.0.2": version: 3.1.1 resolution: "yallist@npm:3.1.1" @@ -6575,28 +6383,6 @@ __metadata: languageName: node linkType: hard -"yargs-parser@npm:^21.1.1": - version: 21.1.1 - resolution: "yargs-parser@npm:21.1.1" - checksum: ed2d96a616a9e3e1cc7d204c62ecc61f7aaab633dcbfab2c6df50f7f87b393993fe6640d017759fe112d0cb1e0119f2b4150a87305cc873fd90831c6a58ccf1c - languageName: node - linkType: hard - -"yargs@npm:^17.0.0": - version: 17.7.2 - resolution: "yargs@npm:17.7.2" - dependencies: - cliui: ^8.0.1 - escalade: ^3.1.1 - get-caller-file: ^2.0.5 - require-directory: ^2.1.1 - string-width: ^4.2.3 - y18n: ^5.0.5 - yargs-parser: ^21.1.1 - checksum: 73b572e863aa4a8cbef323dd911d79d193b772defd5a51aab0aca2d446655216f5002c42c5306033968193bdbf892a7a4c110b0d77954a7fdf563e653967b56a - languageName: node - linkType: hard - "yocto-queue@npm:^0.1.0": version: 0.1.0 resolution: "yocto-queue@npm:0.1.0"