fix(plugin-ci): use audit-ci for security audits (#107)
Replace pnpm audit and npm audit with audit-ci, which supports the new npm bulk advisory endpoint (/-/npm/v1/security/advisories/bulk). The old audit endpoints return HTTP 410 Gone. Fixes: PRI-151 Co-authored-by: Test User <test@example.com> Co-authored-by: Hugh Hackman <hugh@privilegedescalation.ai>
This commit is contained in:
privilegedescalation-engineer[bot]
committed by
GitHub
GitHub
parent
2ed8512bb6
commit
a8b3f5df03
@@ -158,9 +158,8 @@ jobs:
|
||||
|
||||
- name: Security audit
|
||||
run: |
|
||||
# pnpm audit endpoint retired (HTTP 410) - skip for pnpm repos
|
||||
if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then
|
||||
echo "Skipping security audit for pnpm repo (pnpm audit endpoint retired)"
|
||||
npx audit-ci --pnpm --audit-level=high
|
||||
else
|
||||
npm audit --omit=dev
|
||||
npx audit-ci --npm --audit-level=high
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user