Skip to content

Add npm audit to the build steps action for CDA#1256

Merged
MikeNeilson merged 3 commits into
developfrom
1255-enforce-audits-for-the-web-ui
Sep 4, 2025
Merged

Add npm audit to the build steps action for CDA#1256
MikeNeilson merged 3 commits into
developfrom
1255-enforce-audits-for-the-web-ui

Conversation

@krowvin
Copy link
Copy Markdown
Collaborator

@krowvin krowvin commented Aug 27, 2025

Ran this locally to test, currently with the dependabot changes merged

#1243

Reporting

npm audit --audit-level=high
found 0 vulnerabilities

Note: I went with node 20 in the actions, but we could probably bump that up?

@krowvin krowvin requested a review from MikeNeilson August 27, 2025 15:20
@krowvin krowvin linked an issue Aug 27, 2025 that may be closed by this pull request
Enforce Audits for the Web-UI #1255
Closed
@krowvin
Copy link
Copy Markdown
Collaborator Author

krowvin commented Aug 27, 2025
edited
Loading

@adamscarberry discussed/showed a similar setup for WM sites

MikeNeilson
MikeNeilson requested changes Aug 27, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@MikeNeilson MikeNeilson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, put node version to latest. 22 is what's used in the docker file.

Comment thread .github/workflows/build.yml Outdated
@krowvin
Update build.yml
adc6cea 
bump node to 22
@krowvin krowvin requested a review from MikeNeilson August 27, 2025 22:40
@MikeNeilson MikeNeilson merged commit daeba6e into develop Sep 4, 2025
9 checks passed
@MikeNeilson MikeNeilson deleted the 1255-enforce-audits-for-the-web-ui branch September 4, 2025 13:42
@zack-rma zack-rma mentioned this pull request Sep 8, 2025
Closed
MikeNeilson pushed a commit that referenced this pull request Oct 23, 2025
@krowvin @MikeNeilson
Add npm audit to the build steps action for CDA (#1256)
0444c89 
Ran this locally to test, currently with the dependabot changes merged

#1243

Reporting
```
npm audit --audit-level=high
found 0 vulnerabilities
```

Note: I went with node 20 in the actions, but we could probably bump
that up?

(cherry picked from commit daeba6e)
MikeNeilson pushed a commit that referenced this pull request Oct 24, 2025
@krowvin @MikeNeilson
Add npm audit to the build steps action for CDA (#1256)
c7ac5b9 
Ran this locally to test, currently with the dependabot changes merged

#1243

Reporting
```
npm audit --audit-level=high
found 0 vulnerabilities
```

Note: I went with node 20 in the actions, but we could probably bump
that up?

(cherry picked from commit daeba6e)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MikeNeilson MikeNeilson MikeNeilson approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enforce Audits for the Web-UI

2 participants

@krowvin @MikeNeilson