build(deps): Update ESLint packages to ^8.45.0 #244
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Audit Codes 🔍 | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - next | |
| pull_request: | |
| branches: | |
| - '**' | |
| paths-ignore: | |
| - '**/*.md' | |
| - '**/*.txt' | |
| - '**/*.spec.ts' | |
| jobs: | |
| codeql-scan: | |
| name: Scan Vulnerabilities with CodeQL (${{ matrix.language }}) 🛡️ | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # required for all workflows | |
| security-events: write | |
| # required to fetch internal or private CodeQL packs | |
| packages: read | |
| # only required for workflows in private repositories | |
| actions: read | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: [actions, javascript-typescript] | |
| steps: | |
| - name: Checkout 🛎️ | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 | |
| with: | |
| fetch-depth: 20 | |
| fetch-tags: false | |
| - name: Initialize CodeQL ⚙️ | |
| uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| - name: Perform CodeQL Analysis 🔍 | |
| uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3 | |
| with: | |
| category: '/language:${{ matrix.language }}' | |
| osv-scan: | |
| name: Scan Vulnerabilities with OSV 🛡️ | |
| uses: 'google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@90b209d0ea55cea1da9fc0c4e65782cc6acb6e2e' # v2.2.2 | |
| permissions: | |
| # Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117 | |
| actions: read | |
| # Require writing security events to upload SARIF file to security tab | |
| security-events: write | |
| # Only need to read contents | |
| contents: read | |
| with: | |
| # Start the scan from the root of the repository and scan subdirectories recursively. | |
| scan-args: |- | |
| --lockfile=package-lock.json | |
| --lockfile=website/package-lock.json | |
| -r | |
| ./ |