Merge pull request #12 from jmrplens/fix/dependabot-security-updates

jmrplens · web-flow · commit b014ebe11234 · 2026-01-05T22:02:51.000+01:00
fix(security): resolve node-forge vulnerabilities via pnpm overrides
diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
@@ -44,25 +44,4 @@ jobs:
 
     - name: Verify graph generation
       run: |
-        python generate_graphs.py
-
-    - name: Snyk Security Scan
-      uses: snyk/actions/python@9adf32b1121593767fc3c057af55b55db032dc04 # master
-      env:
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      continue-on-error: true
-      with:
-        args: --sarif-file-output=snyk.sarif
-
-    - name: Upload Snyk scan results to GitHub Code Scanning
-      uses: github/codeql-action/upload-sarif@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.28.5
-      continue-on-error: true
-      with:
-        sarif_file: snyk.sarif
-
-    - name: SonarQube Scan
-      uses: SonarSource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
-      env:
-        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        GITHUB_TOKEN: ${{ secrets.TOKEN_GH }}
-      continue-on-error: true
+        python generate_graphs.py
diff --git a/package.json b/package.json
@@ -2,5 +2,10 @@
 	"devDependencies": {
 		"snyk": "^1.1301.2",
 		"sonarqube-scanner": "^4.3.2"
+	},
+	"pnpm": {
+		"overrides": {
+			"node-forge": ">=1.3.2"
+		}
 	}
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
