Skip to content

Commit 6f01e88

Browse files
committed
ci(workflows): add dependency vulnerability scanning
1 parent 9812a96 commit 6f01e88

2 files changed

Lines changed: 245 additions & 0 deletions

File tree

.cve-lite/baseline.json

Lines changed: 217 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,217 @@
1+
{
2+
"version": 1,
3+
"createdAt": "2026-06-18T15:47:32.794Z",
4+
"findings": [
5+
{
6+
"name": "vitest",
7+
"version": "4.0.17",
8+
"advisoryIds": [
9+
"GHSA-5xrq-8626-4rwp"
10+
]
11+
},
12+
{
13+
"name": "jsonpath-plus",
14+
"version": "4.0.0",
15+
"advisoryIds": [
16+
"GHSA-hw8r-x6gr-5gjp",
17+
"GHSA-pppg-cpfq-h7wr"
18+
]
19+
},
20+
{
21+
"name": "protobufjs",
22+
"version": "7.5.4",
23+
"advisoryIds": [
24+
"GHSA-2pr8-phx7-x9h3",
25+
"GHSA-66ff-xgx4-vchm",
26+
"GHSA-685m-2w69-288q",
27+
"GHSA-75px-5xx7-5xc7",
28+
"GHSA-f38q-mgvj-vph7",
29+
"GHSA-fx83-v9x8-x52w",
30+
"GHSA-jggg-4jg4-v7c6",
31+
"GHSA-jvwf-75h9-cwgg",
32+
"GHSA-q6x5-8v7m-xcrf",
33+
"GHSA-wcpc-wj8m-hjx6",
34+
"GHSA-xq3m-2v4x-88gg"
35+
]
36+
},
37+
{
38+
"name": "ws",
39+
"version": "8.20.1",
40+
"advisoryIds": [
41+
"GHSA-96hv-2xvq-fx4p"
42+
]
43+
},
44+
{
45+
"name": "flatted",
46+
"version": "3.3.1",
47+
"advisoryIds": [
48+
"GHSA-25h7-pfq9-p65f",
49+
"GHSA-rf6f-7fwh-wjgh"
50+
]
51+
},
52+
{
53+
"name": "glob",
54+
"version": "10.3.10",
55+
"advisoryIds": [
56+
"GHSA-5j98-mcp5-4vw2"
57+
]
58+
},
59+
{
60+
"name": "glob",
61+
"version": "10.4.5",
62+
"advisoryIds": [
63+
"GHSA-5j98-mcp5-4vw2"
64+
]
65+
},
66+
{
67+
"name": "lodash",
68+
"version": "4.17.21",
69+
"advisoryIds": [
70+
"GHSA-f23m-r3pf-42rh",
71+
"GHSA-r5fr-rjxr-66jc",
72+
"GHSA-xxjr-mmjv-4gpg"
73+
]
74+
},
75+
{
76+
"name": "minimatch",
77+
"version": "3.0.8",
78+
"advisoryIds": [
79+
"GHSA-23c5-xmqv-rm74",
80+
"GHSA-3ppc-4f35-3m26",
81+
"GHSA-7r86-cg39-jmmj"
82+
]
83+
},
84+
{
85+
"name": "minimatch",
86+
"version": "3.1.2",
87+
"advisoryIds": [
88+
"GHSA-23c5-xmqv-rm74",
89+
"GHSA-3ppc-4f35-3m26",
90+
"GHSA-7r86-cg39-jmmj"
91+
]
92+
},
93+
{
94+
"name": "minimatch",
95+
"version": "9.0.3",
96+
"advisoryIds": [
97+
"GHSA-23c5-xmqv-rm74",
98+
"GHSA-3ppc-4f35-3m26",
99+
"GHSA-7r86-cg39-jmmj"
100+
]
101+
},
102+
{
103+
"name": "minimatch",
104+
"version": "9.0.4",
105+
"advisoryIds": [
106+
"GHSA-23c5-xmqv-rm74",
107+
"GHSA-3ppc-4f35-3m26",
108+
"GHSA-7r86-cg39-jmmj"
109+
]
110+
},
111+
{
112+
"name": "protobufjs",
113+
"version": "7.5.6",
114+
"advisoryIds": [
115+
"GHSA-f38q-mgvj-vph7",
116+
"GHSA-jggg-4jg4-v7c6",
117+
"GHSA-wcpc-wj8m-hjx6"
118+
]
119+
},
120+
{
121+
"name": "validator",
122+
"version": "13.12.0",
123+
"advisoryIds": [
124+
"GHSA-9965-vmph-33xx",
125+
"GHSA-vghf-hv5q-vc2g"
126+
]
127+
},
128+
{
129+
"name": "@babel/runtime",
130+
"version": "7.24.5",
131+
"advisoryIds": [
132+
"GHSA-968p-4wvh-cqc8"
133+
]
134+
},
135+
{
136+
"name": "@opentelemetry/core",
137+
"version": "1.27.0",
138+
"advisoryIds": [
139+
"GHSA-8988-4f7v-96qf"
140+
]
141+
},
142+
{
143+
"name": "@opentelemetry/core",
144+
"version": "1.30.1",
145+
"advisoryIds": [
146+
"GHSA-8988-4f7v-96qf"
147+
]
148+
},
149+
{
150+
"name": "@opentelemetry/core",
151+
"version": "2.2.0",
152+
"advisoryIds": [
153+
"GHSA-8988-4f7v-96qf"
154+
]
155+
},
156+
{
157+
"name": "@protobufjs/utf8",
158+
"version": "1.1.0",
159+
"advisoryIds": [
160+
"GHSA-q6x5-8v7m-xcrf"
161+
]
162+
},
163+
{
164+
"name": "ajv",
165+
"version": "6.12.6",
166+
"advisoryIds": [
167+
"GHSA-2g4f-4pwh-qvx6"
168+
]
169+
},
170+
{
171+
"name": "brace-expansion",
172+
"version": "1.1.11",
173+
"advisoryIds": [
174+
"GHSA-f886-m6hf-6m8v",
175+
"GHSA-v6h2-p8h4-qcjw"
176+
]
177+
},
178+
{
179+
"name": "brace-expansion",
180+
"version": "2.0.1",
181+
"advisoryIds": [
182+
"GHSA-f886-m6hf-6m8v",
183+
"GHSA-v6h2-p8h4-qcjw"
184+
]
185+
},
186+
{
187+
"name": "brace-expansion",
188+
"version": "5.0.4",
189+
"advisoryIds": [
190+
"GHSA-f886-m6hf-6m8v",
191+
"GHSA-jxxr-4gwj-5jf2"
192+
]
193+
},
194+
{
195+
"name": "js-yaml",
196+
"version": "3.14.1",
197+
"advisoryIds": [
198+
"GHSA-h67p-54hq-rp68",
199+
"GHSA-mh29-5h37-fv8m"
200+
]
201+
},
202+
{
203+
"name": "js-yaml",
204+
"version": "4.1.1",
205+
"advisoryIds": [
206+
"GHSA-h67p-54hq-rp68"
207+
]
208+
},
209+
{
210+
"name": "esbuild",
211+
"version": "0.27.7",
212+
"advisoryIds": [
213+
"GHSA-g7r4-m6w7-qqqr"
214+
]
215+
}
216+
]
217+
}

.github/workflows/cve-lite.yml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
# SPDX-FileCopyrightText: 2024 LiveKit, Inc.
2+
#
3+
# SPDX-License-Identifier: Apache-2.0
4+
5+
name: Dependency Vulnerability Scan
6+
7+
on:
8+
push:
9+
branches: [next, main, 0.x]
10+
pull_request:
11+
branches: [next, main, 0.x]
12+
13+
jobs:
14+
scan:
15+
name: Dependency Vulnerability Scan
16+
runs-on: ubuntu-latest
17+
steps:
18+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
19+
- uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0
20+
- name: Setup node
21+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
22+
with:
23+
node-version: 20
24+
cache: pnpm
25+
- name: Install dependencies
26+
run: pnpm install --frozen-lockfile --ignore-scripts
27+
- name: Scan for vulnerabilities
28+
run: npx cve-lite-cli@latest . --fail-on high --ratchet

0 commit comments

Comments
 (0)