chore: fixed axios vulnerability by upgrading to 1.7.4 #202
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: NPM Audit Check | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
jobs: | |
audit: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
node-version: [18.x, 16.x, 14.x] | |
steps: | |
- name: Checkout cli repo | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v2 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'npm' | |
- run: make install | |
- name: Run audit check | |
run: npm audit --audit-level=moderate --production | |
# minimum vulnerability level that will cause the command to fail | |
# audit reports with low severity would pass the test | |
notify-complete-fail: | |
if: ${{ failure() && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} | |
needs: [ audit ] | |
name: Notify Npm Audit Failed | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Slack Notification | |
uses: rtCamp/action-slack-notify@v2 | |
env: | |
SLACK_WEBHOOK: ${{ secrets.ALERT_SLACK_WEB_HOOK }} | |
SLACK_COLOR: 'danger' | |
SLACK_USERNAME: CLI Github Actions | |
SLACK_MSG_AUTHOR: twilio-dx | |
SLACK_ICON_EMOJI: ':github:' | |
SLACK_TITLE: "Twilio Cli" | |
SLACK_MESSAGE: 'Cli audit test failed' | |
MSG_MINIMAL: actions url | |
SLACK_FOOTER: Posted automatically using GitHub Actions |