From ff93932ba21edec9f7289109d1aee811543ca4ac Mon Sep 17 00:00:00 2001 From: Joe Previte Date: Mon, 24 May 2021 10:55:15 -0700 Subject: [PATCH 1/2] fix: temporarily disable trivy-scan-image --- .github/workflows/ci.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index cb210d86a..6dd06c5f7 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -434,7 +434,9 @@ jobs: trivy-scan-image: runs-on: ubuntu-20.04 needs: docker-amd64 - + # NOTE@jsjoeio: disabling due to a memory issue upstream + # See: https://github.com/github/codeql-action/issues/528 + if: 1 == 2 steps: - name: Checkout code uses: actions/checkout@v2 @@ -457,6 +459,9 @@ jobs: output: "trivy-image-results.sarif" severity: "HIGH,CRITICAL" + - name: Debug Trivy SARIF file + run: cat trivy-image-results.sarif && ls -l trivy-image-results.sarif + - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 with: From 35f57e5ebb8b03466907534fdf140364c013e445 Mon Sep 17 00:00:00 2001 From: Joe Previte Date: Mon, 24 May 2021 14:21:00 -0700 Subject: [PATCH 2/2] chore(security): upgrade browserslist --- package.json | 1 + yarn.lock | 20 ++------------------ 2 files changed, 3 insertions(+), 18 deletions(-) diff --git a/package.json b/package.json index 70b5940a7..6167122df 100644 --- a/package.json +++ b/package.json @@ -80,6 +80,7 @@ "doctoc/**/trim": "^1.0.0", "postcss": "^8.2.1", "parcel-bundler/cssnano": "^5.0.2", + "browserslist": "^4.16.5", "safe-buffer": "^5.1.1", "vfile-message": "^2.0.2" }, diff --git a/yarn.lock b/yarn.lock index 19051432b..4db79a7fb 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1867,18 +1867,7 @@ browserify-zlib@^0.2.0: dependencies: pako "~1.0.5" -browserslist@^4.0.0, browserslist@^4.1.0, browserslist@^4.12.0, browserslist@^4.14.5, browserslist@^4.16.3: - version "4.16.4" - resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.16.4.tgz#7ebf913487f40caf4637b892b268069951c35d58" - integrity sha512-d7rCxYV8I9kj41RH8UKYnvDYCRENUlHRgyXy/Rhr/1BaeLGfiCptEdFE8MIrvGfWbBFNjVYx76SQWvNX1j+/cQ== - dependencies: - caniuse-lite "^1.0.30001208" - colorette "^1.2.2" - electron-to-chromium "^1.3.712" - escalade "^3.1.1" - node-releases "^1.1.71" - -browserslist@^4.16.0: +browserslist@^4.0.0, browserslist@^4.1.0, browserslist@^4.12.0, browserslist@^4.14.5, browserslist@^4.16.0, browserslist@^4.16.3, browserslist@^4.16.5: version "4.16.6" resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.16.6.tgz#d7901277a5a88e554ed305b183ec9b0c08f66fa2" integrity sha512-Wspk/PqO+4W9qp5iUTJsa1B/QrYn1keNCcEP5OvP7WBwT4KaDly0uONYmC6Xa3Z5IqnUgS0KcgLYu1l74x0ZXQ== @@ -2030,7 +2019,7 @@ caniuse-api@^3.0.0: lodash.memoize "^4.1.2" lodash.uniq "^4.5.0" -caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001109, caniuse-lite@^1.0.30001208: +caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001109: version "1.0.30001209" resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001209.tgz#1bb4be0bd118e98e21cfb7ef617b1ef2164622f4" integrity sha512-2Ktt4OeRM7EM/JaOZjuLzPYAIqmbwQMNnYbgooT+icoRGrKOyAxA1xhlnotBD1KArRSPsuJp3TdYcZYrL7qNxA== @@ -3028,11 +3017,6 @@ ee-first@1.1.1: resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d" integrity sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0= -electron-to-chromium@^1.3.712: - version "1.3.717" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.717.tgz#78d4c857070755fb58ab64bcc173db1d51cbc25f" - integrity sha512-OfzVPIqD1MkJ7fX+yTl2nKyOE4FReeVfMCzzxQS+Kp43hZYwHwThlGP+EGIZRXJsxCM7dqo8Y65NOX/HP12iXQ== - electron-to-chromium@^1.3.723: version "1.3.727" resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.727.tgz#857e310ca00f0b75da4e1db6ff0e073cc4a91ddf"