dry run, cve file empty. sharp package updated. (#11)

CVE cleared with legacy references, only suppressing active vulnerabilities. Once the asl-schema is updated this repo should be updated and the audit process should restart to get the accurate vulnerability analysis on this repo.
UKHomeOffice · Sep 12, 2024 · 0e06bc3 · 0e06bc3
1 parent f03bd4b
commit 0e06bc3
Show file tree

Hide file tree

Showing 8 changed files with 3,982 additions and 11,879 deletions.
diff --git a/.auditrc.json b/.auditrc.json
@@ -1,8 +1,10 @@
 {
-  "comments": [
-    "GHSA-4jv9-3563-23j3 - this is a SQL injection vulnerability that only affects MySQL see https://github.com/advisories/GHSA-4jv9-3563-23j3, https://github.com/knex/knex/issues/1227 & https://www.ghostccamm.com/blog/knex_sqli/"
-  ],
+  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
+  "moderate": true,
   "allowlist": [
-    "GHSA-4jv9-3563-23j3"
+    "GHSA-grv7-fg5c-xmjg",
+    "GHSA-4jv9-3563-23j3",
+    "GHSA-59fq-727j-hm3f",
+    "GHSA-952p-6rrq-rcjv"
   ]
 }
diff --git a/.drone-1.0.yml b/.drone-1.0.yml
@@ -1,10 +1,9 @@
-
 kind: pipeline
 name: default
 type: kubernetes
 steps:
   - name: install
-    image: node:16
+    image: node:18
     environment:
       ART_AUTH_TOKEN:
         from_secret: art_auth_token
@@ -13,7 +12,7 @@ steps:
     commands:
       - npm ci
   - name: test
-    image: node:16
+    image: node:18
     environment:
       ART_AUTH_TOKEN:
         from_secret: art_auth_token
@@ -22,7 +21,7 @@ steps:
     commands:
       - npm test
   - name: audit
-    image: node:16
+    image: node:18
     environment:
       ART_AUTH_TOKEN:
         from_secret: art_auth_token
@@ -42,12 +41,15 @@ steps:
     commands:
       - docker build --secret id=github_token,env=GITHUB_AUTH_TOKEN --secret id=token,env=ART_AUTH_TOKEN -t asl-attachments .
   - name: scan-image
-    image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest
-    pull: always
+    pull: Always
+    image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/trivy/client:latest
+    resources:
+      limits:
+        cpu: 1000
+        memory: 1024Mi
     environment:
       IMAGE_NAME: asl-attachments
-      WHITELIST: CVE-2022-3734, CVE-2018-11218, CVE-2022-0543, CVE-2018-11219, CVE-2021-29940, CVE-2022-32511
-      WHITELIST_FILE: cve-exceptions.txt
+      ALLOW_CVE_LIST_FILE: cve-exceptions.txt
   - name: docker push
     image: docker:dind
     environment:

diff --git a/.eslintrc b/.eslintrc
@@ -1,2 +1,2 @@
 extends:
-  - lennym
+  - "@ukhomeoffice/asl"
diff --git a/.gitignore b/.gitignore
@@ -102,3 +102,10 @@ dist
 
 # TernJS port file
 .tern-port
+
+# InteliJ's
+.idea/*
+/*.iml
+
+# npm audit
+audit-report.json
diff --git a/.npmrc b/.npmrc
@@ -1,6 +1,9 @@
+registry=https://registry.npmjs.org/
+
+
 @ukhomeoffice:registry=https://npm.pkg.github.com
 //npm.pkg.github.com/:_authToken=${GITHUB_AUTH_TOKEN}
 
 @asl:registry = https://artifactory.digital.homeoffice.gov.uk/artifactory/api/npm/npm-virtual/
 //artifactory.digital.homeoffice.gov.uk/artifactory/api/npm/npm-virtual/:_authToken=${ART_AUTH_TOKEN}
-//artifactory.digital.homeoffice.gov.uk/artifactory/api/npm/npm-virtual/:always-auth=true
+//artifactory.digital.homeoffice.gov.uk/artifactory/api/npm/npm-virtual/:always-auth=true
diff --git a/cve-exceptions.txt b/cve-exceptions.txt
@@ -1,31 +1,5 @@
-CVE-2022-3734
-CVE-2018-11218
-CVE-2022-0543
-CVE-2018-11219
-CVE-2021-29940
-CVE-2022-32511
-
-CVE-2018-12326
-CVE-2019-10192
-CVE-2022-24735
-CVE-2020-14147
-CVE-2016-10517
-CVE-2021-32626
-CVE-2018-12453
-CVE-2019-10193
-CVE-2021-32761
-
-CVE-2014-1936
-CVE-2009-4592
-CVE-2009-4591
-CVE-2017-18589
-CVE-2017-18589
-CVE-2017-18589
-CVE-2021-27478
-CVE-2021-27500
-CVE-2021-27482
-CVE-2021-27498
-CVE-2022-0323
-GHSA-4jv9-3563-23j3
-GHSA-rc47-6667-2j5j
-CVE-2018-25076
+CVE-2024-4068
+CVE-2022-2237
+CVE-2016-20018
+CVE-2024-28863
+CVE-2024-4067