diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 94ed4fb..0c8b4f2 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -111,12 +111,13 @@ jobs: cache-to: type=gha,mode=max - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@0.34.0 with: image-ref: 'core-exchange-${{ matrix.service }}:scan' format: 'sarif' output: 'trivy-results-${{ matrix.service }}.sarif' severity: 'CRITICAL,HIGH' + version: 'v0.69.2' env: TRIVY_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-db:2' @@ -127,10 +128,11 @@ jobs: sarif_file: 'trivy-results-${{ matrix.service }}.sarif' - name: Trivy summary - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@0.34.0 with: image-ref: 'core-exchange-${{ matrix.service }}:scan' format: 'table' severity: 'CRITICAL,HIGH,MEDIUM' + version: 'v0.69.2' env: TRIVY_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-db:2' diff --git a/apps/api/package.json b/apps/api/package.json index 4095959..cf7c356 100644 --- a/apps/api/package.json +++ b/apps/api/package.json @@ -18,7 +18,7 @@ }, "devDependencies": { "@types/express": "^5.0.6", - "@types/node": "^25.3.1", + "@types/node": "^25.3.3", "tsx": "^4.21.0", "typescript": "^5.9.3" } diff --git a/apps/app/package.json b/apps/app/package.json index 0169b9f..99187fe 100644 --- a/apps/app/package.json +++ b/apps/app/package.json @@ -27,7 +27,7 @@ "@types/cookie-parser": "^1.4.10", "@types/ejs": "^3.1.5", "@types/express": "^5.0.6", - "@types/node": "^25.3.1", + "@types/node": "^25.3.3", "concurrently": "^9.2.1", "tailwindcss": "^4.2.1", "tsx": "^4.21.0", diff --git a/apps/auth/package.json b/apps/auth/package.json index ee5e62c..9828157 100644 --- a/apps/auth/package.json +++ b/apps/auth/package.json @@ -23,7 +23,7 @@ "@tailwindcss/cli": "^4.2.1", "@types/ejs": "^3.1.5", "@types/express": "^5.0.6", - "@types/node": "^25.3.1", + "@types/node": "^25.3.3", "concurrently": "^9.2.1", "tailwindcss": "^4.2.1", "tsx": "^4.21.0", diff --git a/apps/shared/package.json b/apps/shared/package.json index 66f3c5a..238814c 100644 --- a/apps/shared/package.json +++ b/apps/shared/package.json @@ -53,7 +53,7 @@ }, "devDependencies": { "@types/express": "^5.0.6", - "@types/node": "^25.3.1", + "@types/node": "^25.3.3", "typescript": "^5.9.3" }, "peerDependencies": { diff --git a/package.json b/package.json index 249d0a0..7ee212c 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "@typescript-eslint/parser": "^8.56.1", "concurrently": "^9.2.1", "eslint": "^10.0.2", - "globals": "^17.3.0", + "globals": "^17.4.0", "husky": "^9.1.7", "typescript": "^5.9.3" }, diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 519afac..fe39f1d 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -31,8 +31,8 @@ importers: specifier: ^10.0.2 version: 10.0.2(jiti@2.6.1) globals: - specifier: ^17.3.0 - version: 17.3.0 + specifier: ^17.4.0 + version: 17.4.0 husky: specifier: ^9.1.7 version: 9.1.7 @@ -65,8 +65,8 @@ importers: specifier: ^5.0.6 version: 5.0.6 '@types/node': - specifier: ^25.3.1 - version: 25.3.1 + specifier: ^25.3.3 + version: 25.3.3 tsx: specifier: ^4.21.0 version: 4.21.0 @@ -120,8 +120,8 @@ importers: specifier: ^5.0.6 version: 5.0.6 '@types/node': - specifier: ^25.3.1 - version: 25.3.1 + specifier: ^25.3.3 + version: 25.3.3 concurrently: specifier: ^9.2.1 version: 9.2.1 @@ -169,8 +169,8 @@ importers: specifier: ^5.0.6 version: 5.0.6 '@types/node': - specifier: ^25.3.1 - version: 25.3.1 + specifier: ^25.3.3 + version: 25.3.3 concurrently: specifier: ^9.2.1 version: 9.2.1 @@ -206,8 +206,8 @@ importers: specifier: ^5.0.6 version: 5.0.6 '@types/node': - specifier: ^25.3.1 - version: 25.3.1 + specifier: ^25.3.3 + version: 25.3.3 typescript: specifier: ^5.9.3 version: 5.9.3 @@ -445,8 +445,8 @@ packages: resolution: {integrity: sha512-x/iUDjcS90W69PryLDIMgFyV21YLTnG9zOpPXS7Bkt2b8AsY3zZsIpOLBkYr9fBcF3HbkKaER5hOBZLfpLgYNw==} engines: {node: '>= 14.0.0'} - '@koa/router@15.3.0': - resolution: {integrity: sha512-s87hWJjFYky2Z97u8jzah73sSHp4IZivD/2PZCuspHRvcKU69OPLoBIbKigVlBmS50yFTh9GHFfr1hDag4+wXw==} + '@koa/router@15.3.1': + resolution: {integrity: sha512-n7UgxsPmgKtEsrguz8a0d6BNx3lO2x52Z4UqkGsGwJculk4TlzZf3btd3QZMq1r1M+bSxUkBbyul4mDhysIVaQ==} engines: {node: '>= 20'} peerDependencies: koa: ^2.0.0 || ^3.0.0 @@ -673,8 +673,8 @@ packages: '@types/json-schema@7.0.15': resolution: {integrity: sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==} - '@types/node@25.3.1': - resolution: {integrity: sha512-hj9YIJimBCipHVfHKRMnvmHg+wfhKc0o4mTtXh9pKBjC8TLJzz0nzGmLi5UJsYAUgSvXFHgb0V2oY10DUFtImw==} + '@types/node@25.3.3': + resolution: {integrity: sha512-DpzbrH7wIcBaJibpKo9nnSQL0MTRdnWttGyE5haGwK86xgMOkFLp7vEyfQPGLOJh5wNYiJ3V9PmUMDhV9u8kkQ==} '@types/qs@6.14.0': resolution: {integrity: sha512-eOunJqu0K1923aExK6y8p6fsihYEn/BYuQ4g0CxAAgFc4b/ZLN4CrsRZ55srTdqoiLzU2B2evC+apEIxprEzkQ==} @@ -797,8 +797,8 @@ packages: brace-expansion@2.0.2: resolution: {integrity: sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==} - brace-expansion@5.0.3: - resolution: {integrity: sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==} + brace-expansion@5.0.4: + resolution: {integrity: sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg==} engines: {node: 18 || 20 || >=22} bytes@3.1.2: @@ -930,8 +930,8 @@ packages: end-of-stream@1.4.5: resolution: {integrity: sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==} - enhanced-resolve@5.19.0: - resolution: {integrity: sha512-phv3E1Xl4tQOShqSte26C7Fl84EwUdZsyOuSSk9qtAGyyQs2s3jJzComh+Abf4g187lUUAvH+H26omrqia2aGg==} + enhanced-resolve@5.20.0: + resolution: {integrity: sha512-/ce7+jQ1PQ6rVXwe+jKEg5hW5ciicHwIQUagZkp6IufBoY3YDgdTTY1azVs0qoRgVmvsNB+rbjLJxDAeHHtwsQ==} engines: {node: '>=10.13.0'} es-define-property@1.0.1: @@ -1067,8 +1067,8 @@ packages: resolution: {integrity: sha512-f7ccFPK3SXFHpx15UIGyRJ/FJQctuKZ0zVuN3frBo4HnK3cay9VEW0R6yPYFHC0AgqhukPzKjq22t5DmAyqGyw==} engines: {node: '>=16'} - flatted@3.3.3: - resolution: {integrity: sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==} + flatted@3.3.4: + resolution: {integrity: sha512-3+mMldrTAPdta5kjX2G2J7iX4zxtnwpdA8Tr2ZSjkyPSanvbZAcy6flmtnXbEybHrDcU9641lxrMfFuUxVz9vA==} forwarded@0.2.0: resolution: {integrity: sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==} @@ -1109,8 +1109,8 @@ packages: resolution: {integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==} engines: {node: '>=10.13.0'} - globals@17.3.0: - resolution: {integrity: sha512-yMqGUQVVCkD4tqjOJf3TnrvaaHDMYp4VlUSObbkIiuCPe/ofdMBFIAcBbCSRFWOnos6qRiTVStDwqPLUclaxIw==} + globals@17.4.0: + resolution: {integrity: sha512-hjrNztw/VajQwOLsMNT1cbJiH2muO3OROCHnbehc8eY5JyD2gqz4AcMHPqgaOR59DjgUjYAYLeH699g/eWi2jw==} engines: {node: '>=18'} gopd@1.2.0: @@ -1475,8 +1475,8 @@ packages: resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==} engines: {node: '>= 0.10'} - pump@3.0.3: - resolution: {integrity: sha512-todwxLMY7/heScKmntwQG8CXVkWUOdYxIvY2s0VWAAMh/nd8SoYiRaKjlr7+iCs984f2P8zvrfWcDDYVb73NfA==} + pump@3.0.4: + resolution: {integrity: sha512-VS7sjc6KR7e1ukRFhQSY5LM2uBWAUPiOPa/A3mkKmiMwSmRFUITt0xuj+/lesgnCv+dPIEYlkzrcyXgquIHMcA==} punycode@2.3.1: resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==} @@ -1867,7 +1867,7 @@ snapshots: dependencies: vary: 1.1.2 - '@koa/router@15.3.0(koa@3.1.2)': + '@koa/router@15.3.1(koa@3.1.2)': dependencies: debug: 4.4.3 http-errors: 2.0.1 @@ -1954,7 +1954,7 @@ snapshots: '@parcel/watcher': 2.5.6 '@tailwindcss/node': 4.2.1 '@tailwindcss/oxide': 4.2.1 - enhanced-resolve: 5.19.0 + enhanced-resolve: 5.20.0 mri: 1.2.0 picocolors: 1.1.1 tailwindcss: 4.2.1 @@ -1962,7 +1962,7 @@ snapshots: '@tailwindcss/node@4.2.1': dependencies: '@jridgewell/remapping': 2.3.5 - enhanced-resolve: 5.19.0 + enhanced-resolve: 5.20.0 jiti: 2.6.1 lightningcss: 1.31.1 magic-string: 0.30.21 @@ -2023,11 +2023,11 @@ snapshots: '@types/body-parser@1.19.6': dependencies: '@types/connect': 3.4.38 - '@types/node': 25.3.1 + '@types/node': 25.3.3 '@types/connect@3.4.38': dependencies: - '@types/node': 25.3.1 + '@types/node': 25.3.3 '@types/cookie-parser@1.4.10(@types/express@5.0.6)': dependencies: @@ -2041,7 +2041,7 @@ snapshots: '@types/express-serve-static-core@5.1.1': dependencies: - '@types/node': 25.3.1 + '@types/node': 25.3.3 '@types/qs': 6.14.0 '@types/range-parser': 1.2.7 '@types/send': 1.2.1 @@ -2056,7 +2056,7 @@ snapshots: '@types/json-schema@7.0.15': {} - '@types/node@25.3.1': + '@types/node@25.3.3': dependencies: undici-types: 7.18.2 @@ -2066,12 +2066,12 @@ snapshots: '@types/send@1.2.1': dependencies: - '@types/node': 25.3.1 + '@types/node': 25.3.3 '@types/serve-static@2.2.0': dependencies: '@types/http-errors': 2.0.5 - '@types/node': 25.3.1 + '@types/node': 25.3.3 '@typescript-eslint/eslint-plugin@8.56.1(@typescript-eslint/parser@8.56.1(eslint@10.0.2(jiti@2.6.1))(typescript@5.9.3))(eslint@10.0.2(jiti@2.6.1))(typescript@5.9.3)': dependencies: @@ -2219,7 +2219,7 @@ snapshots: dependencies: balanced-match: 1.0.2 - brace-expansion@5.0.3: + brace-expansion@5.0.4: dependencies: balanced-match: 4.0.4 @@ -2331,7 +2331,7 @@ snapshots: dependencies: once: 1.4.0 - enhanced-resolve@5.19.0: + enhanced-resolve@5.20.0: dependencies: graceful-fs: 4.2.11 tapable: 2.3.0 @@ -2530,10 +2530,10 @@ snapshots: flat-cache@4.0.1: dependencies: - flatted: 3.3.3 + flatted: 3.3.4 keyv: 4.5.4 - flatted@3.3.3: {} + flatted@3.3.4: {} forwarded@0.2.0: {} @@ -2574,7 +2574,7 @@ snapshots: dependencies: is-glob: 4.0.3 - globals@17.3.0: {} + globals@17.4.0: {} gopd@1.2.0: {} @@ -2774,7 +2774,7 @@ snapshots: minimatch@10.2.4: dependencies: - brace-expansion: 5.0.3 + brace-expansion: 5.0.4 minimatch@5.1.9: dependencies: @@ -2803,7 +2803,7 @@ snapshots: oidc-provider@9.6.1: dependencies: '@koa/cors': 5.0.0 - '@koa/router': 15.3.0(koa@3.1.2) + '@koa/router': 15.3.1(koa@3.1.2) debug: 4.4.3 eta: 4.5.1 jose: 6.1.3 @@ -2874,7 +2874,7 @@ snapshots: minimist: 1.2.8 on-exit-leak-free: 2.1.2 pino-abstract-transport: 3.0.0 - pump: 3.0.3 + pump: 3.0.4 secure-json-parse: 4.1.0 sonic-boom: 4.2.1 strip-json-comments: 5.0.3 @@ -2904,7 +2904,7 @@ snapshots: forwarded: 0.2.0 ipaddr.js: 1.9.1 - pump@3.0.3: + pump@3.0.4: dependencies: end-of-stream: 1.4.5 once: 1.4.0