chore(deps): upgrade project dependencies to latest versions (#184)

* chore(deps): upgrade project dependencies to latest versions

upgrade project dependencies to latest versions

GH-183

* chore(deps): upgraded to latest dependencies, comment resolved

* chore(ci-cd): Modify npm ci command to ignore scripts

* chore(ci-cd): Change npm install to npm ci in release workflow

---------

Co-authored-by: Vinay Gupta <vinay.gupta@sourcefuse.com>
Co-authored-by: yeshamavani <83634146+yeshamavani@users.noreply.github.com>

Author: 3 people

.github/workflows/main.yaml

@@ -11,14 +11,14 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [20, 22, 24]
+        node-version: ['20.19.0', '22.13.0', '24']
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
       - name: Install Dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
       - name: Run Test Cases
         run: npm run test
 

.github/workflows/release.yaml

@@ -13,7 +13,7 @@ jobs:
     # environment: production  # Uncomment if you set an environment name in npm trusted publisher settings
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           # fetch-depth is necessary to get all tags
           # otherwise lerna can't detect the changes and will end up bumping the versions for all packages
@@ -38,7 +38,7 @@ jobs:
           CONFIG_EMAIL: ${{ vars.RELEASE_COMMIT_EMAIL }}
 
       - name: Install 📌
-        run: npm install
+        run: npm ci --ignore-scripts
 
       - name: Test 🔧
         run: npm run test

.github/workflows/sync-docs.yaml

@@ -18,13 +18,13 @@ jobs:
 
     steps:
       - name: Checkout Extension Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{env.GITHUB_TOKEN}}
           path: './extension/'
 
       - name: Checkout Docs Repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           token: ${{env.GITHUB_TOKEN}}
           repository: ${{env.DOCS_REPO}}

.github/workflows/trivy.yaml

@@ -19,11 +19,11 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
-          scan-type: "fs"
-          scan-ref: "${{ github.workspace }}"
-          trivy-config: "${{ github.workspace }}/trivy.yml"
+          scan-type: 'fs'
+          scan-ref: '${{ github.workspace }}'
+          trivy-config: '${{ github.workspace }}/trivy.yml'