Merge pull request #158 from regulaforensics/stable

Release

Author: ArtsiomTsybulko

.github/workflows/run-smoke-test.yml

@@ -4,6 +4,8 @@ on:
   pull_request:
     branches:
       - master
+      - develop
+      - stable
 
 jobs:
   run_smoke_test:

.github/workflows/sast.yaml

@@ -0,0 +1,58 @@
+name: Semgrep SAST
+
+on:
+  pull_request:
+    branches:
+      - develop
+      - staging
+      - production
+      - stable
+      - main
+      - master
+
+env:
+  # Fail workflow or not if vulnerabilities found
+  FAIL_ON_VULNERABILITIES: true
+  # List of paths (space separated) to ignore
+  # Supports PATTERNS
+  # EXCLUDE_PATHS: 'foo bar/baz file.txt dir/*.yml'
+  EXCLUDE_PATHS: 'examples'
+  # List of rules (space separated) to ignore
+  # EXCLUDE_RULES: 'generic.secrets.security.detected-aws-account-id.detected-aws-account-id'
+  # See https://github.com/semgrep/semgrep-rules for rules registry
+  EXCLUDE_RULES: ''
+
+jobs:
+  semgrep:
+    name: semgrep-oss/scan
+    runs-on: ubuntu-latest
+    container:
+      image: semgrep/semgrep
+    steps:
+      - uses: actions/checkout@v4
+      - name: Scan
+        shell: bash
+        run: |
+          EXCLUDED_PATHS=()
+          if [[ ! -z $EXCLUDE_PATHS ]]; then
+            for path in $EXCLUDE_PATHS; do
+              EXCLUDED_PATHS+=("--exclude $path")
+            done
+          fi
+
+          EXCLUDED_RULES=()
+          if [[ ! -z $EXCLUDE_RULES ]]; then
+            for rule in $EXCLUDE_RULES; do
+              EXCLUDED_RULES+=("--exclude-rule $rule")
+            done
+          fi
+
+          if [[ $FAIL_ON_VULNERABILITIES == "true" ]]; then
+            semgrep scan --config auto ${EXCLUDED_PATHS[@]} ${EXCLUDED_RULES[@]} --error --verbose
+          elif [[ $FAIL_ON_VULNERABILITIES == "false" ]]; then
+            semgrep scan --config auto ${EXCLUDED_PATHS[@]} ${EXCLUDED_RULES[@]} --error --verbose || true
+          else
+            echo "Bad FAIL_ON_VULNERABILITIES env var value"
+            exit 1
+          fi
+

.github/workflows/trivy-scan.yaml

@@ -6,6 +6,7 @@ on:
       - main
       - master
       - develop
+      - stable
 
 jobs:
   trivy-scan:

examples/auth/client/package-lock.json

@@ -3,8 +3,8 @@
   "type": "module",
   "dependencies": {
     "@regulaforensics/document-reader-webclient": "file:../../..",
-    "axios": "^1.6.8",
-    "qs": "^6.12.0"
+    "axios": "^1.7.4",
+    "qs": "^6.13.0"
   },
   "version": "0.0.0"
 }

examples/auth/client/package.json

@@ -9,14 +9,14 @@
     "start": "node index.js"
   },
   "dependencies": {
-    "axios": "^1.6.8",
+    "axios": "^1.7.4",
     "body-parser": "^1.20.2",
     "cors": "^2.8.5",
     "express": "^4.19.2",
     "helmet": "^7.1.0",
     "jsonwebtoken": "^9.0.2",
-    "jwk-to-pem": "^2.0.5",
+    "jwk-to-pem": "^2.0.6",
     "morgan": "^1.10.0",
-    "ramda": "^0.29.1"
+    "ramda": "^0.30.1"
   }
 }