From e0efbdf95d02a8f47df8345479f7c7bab289780e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Mar 2026 09:58:13 +0000 Subject: [PATCH 1/2] build(deps): bump yaml from 1.10.2 to 1.10.3 Bumps [yaml](https://github.com/eemeli/yaml) from 1.10.2 to 1.10.3. - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](https://github.com/eemeli/yaml/compare/v1.10.2...v1.10.3) --- updated-dependencies: - dependency-name: yaml dependency-version: 1.10.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 15bba86..5304a19 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8595,9 +8595,9 @@ yallist@^3.0.2: integrity sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g== yaml@^1.10.0, yaml@^1.7.2: - version "1.10.2" - resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.10.2.tgz#2301c5ffbf12b467de8da2333a459e29e7920e4b" - integrity sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg== + version "1.10.3" + resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.10.3.tgz#76e407ed95c42684fb8e14641e5de62fe65bbcb3" + integrity sha512-vIYeF1u3CjlhAFekPPAk2h/Kv4T3mAkMox5OymRiJQB0spDP10LHvt+K7G9Ny6NuuMAb25/6n1qyUjAcGNf/AA== yargs-parser@^21.0.1, yargs-parser@^21.1.1: version "21.1.1" From 267250579e71acab920e00dac966dbf1d0c969fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ali=20Kire=C3=A7lig=C3=B6l?= Date: Thu, 26 Mar 2026 13:19:20 +0300 Subject: [PATCH 2/2] comment trivy for now --- .github/workflows/sast.yml | 54 +++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index e5e83a6..b5fbbdf 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -30,32 +30,32 @@ jobs: - '**/package.json' outputs: changed: ${{ steps.changes.outputs.packages == 'true' }} - trivy: - name: Trivy - runs-on: ubuntu-latest - needs: paths - if: always() && (github.event_name == 'push' || github.event_name == 'schedule' || needs.paths.outputs.changed == 'true') - steps: - - uses: actions/checkout@v4 - - uses: actions/cache@v4 - with: - path: .trivy_cache - key: ${{ runner.os }}-trivy-v0.31.0 - - uses: aquasecurity/trivy-action@0.34.0 - with: - scan-type: 'fs' - format: 'table' - exit-code: '1' - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - cache-dir: .trivy_cache - env: - TRIVY_DEBUG: true - - name: Upload scan results to GitHub - if: github.event_name != 'pull_request' && failure() - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: 'trivy-results.sarif' + # trivy: + # name: Trivy + # runs-on: ubuntu-latest + # needs: paths + # if: always() && (github.event_name == 'push' || github.event_name == 'schedule' || needs.paths.outputs.changed == 'true') + # steps: + # - uses: actions/checkout@v4 + # - uses: actions/cache@v4 + # with: + # path: .trivy_cache + # key: ${{ runner.os }}-trivy-v0.31.0 + # - uses: aquasecurity/trivy-action@0.34.0 + # with: + # scan-type: 'fs' + # format: 'table' + # exit-code: '1' + # vuln-type: 'os,library' + # severity: 'CRITICAL,HIGH' + # cache-dir: .trivy_cache + # env: + # TRIVY_DEBUG: true + # - name: Upload scan results to GitHub + # if: github.event_name != 'pull_request' && failure() + # uses: github/codeql-action/upload-sarif@v3 + # with: + # sarif_file: 'trivy-results.sarif' semgrep: name: Semgrep runs-on: ubuntu-latest @@ -99,7 +99,7 @@ jobs: name: SAST Safe runs-on: ubuntu-latest needs: - - trivy + # - trivy - semgrep - codeql # This is needed to make sure this job always runs even if others got skipped