chore(deps-dev): bump eslint-plugin-jsdoc from 48.11.0 to 61.1.5 #30

Workflow file for this run

.github/workflows/dependency-audit.yml at 08bc9f7

	name: Dependency Security Audit

	on:
	pull_request:
	branches: [main, dev, staging]

	push:
	branches: [main, dev, staging]

	schedule:
	- cron: '0 9 * * 1' # 9 AM UTC every Monday

	workflow_dispatch:

	permissions:
	contents: read
	security-events: write
	pull-requests: write

	concurrency:
	group: dependency-audit-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	audit:
	name: Dependency Vulnerability Audit
	runs-on: ubuntu-latest

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 18.x
	cache: 'yarn'

	- name: Install dependencies
	run: yarn --immutable

	- name: Run Yarn Audit
	id: yarn-audit
	run: \|
	echo "Running yarn npm audit..."
	yarn npm audit --all --recursive --json > audit-results.json \|\| true

	# Parse results
	CRITICAL=$(cat audit-results.json \| jq -r '.metadata.vulnerabilities.critical // 0')
	HIGH=$(cat audit-results.json \| jq -r '.metadata.vulnerabilities.high // 0')
	MODERATE=$(cat audit-results.json \| jq -r '.metadata.vulnerabilities.moderate // 0')
	LOW=$(cat audit-results.json \| jq -r '.metadata.vulnerabilities.low // 0')

	echo "critical=$CRITICAL" >> $GITHUB_OUTPUT
	echo "high=$HIGH" >> $GITHUB_OUTPUT
	echo "moderate=$MODERATE" >> $GITHUB_OUTPUT
	echo "low=$LOW" >> $GITHUB_OUTPUT

	# Create summary
	echo "## Dependency Audit Results" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "\| Severity \| Count \|" >> $GITHUB_STEP_SUMMARY
	echo "\|----------\|-------\|" >> $GITHUB_STEP_SUMMARY
	echo "\| 🔴 Critical \| $CRITICAL \|" >> $GITHUB_STEP_SUMMARY
	echo "\| 🟠 High \| $HIGH \|" >> $GITHUB_STEP_SUMMARY
	echo "\| 🟡 Moderate \| $MODERATE \|" >> $GITHUB_STEP_SUMMARY
	echo "\| 🟢 Low \| $LOW \|" >> $GITHUB_STEP_SUMMARY

	# Generate detailed report
	yarn npm audit --all --recursive > audit-report.txt \|\| true

	- name: Upload audit results
	uses: actions/upload-artifact@v4
	with:
	name: dependency-audit-results
	path: \|
	audit-results.json
	audit-report.txt
	retention-days: 30

	- name: Check for critical vulnerabilities
	if: steps.yarn-audit.outputs.critical != '0'
	run: \|
	echo "::error::Found ${{ steps.yarn-audit.outputs.critical }} critical vulnerabilities!"
	echo "Please review the audit results and update vulnerable dependencies."
	cat audit-report.txt
	exit 1

	- name: Check for high vulnerabilities
	if: steps.yarn-audit.outputs.high != '0'
	run: \|
	echo "::warning::Found ${{ steps.yarn-audit.outputs.high }} high severity vulnerabilities!"
	echo "Please review the audit results and plan updates for vulnerable dependencies."
	cat audit-report.txt

	- name: Comment on PR
	if: github.event_name == 'pull_request'
	uses: actions/github-script@v7
	with:
	script: \|
	const fs = require('fs');
	const auditResults = JSON.parse(fs.readFileSync('audit-results.json', 'utf8'));
	const vulns = auditResults.metadata.vulnerabilities;

	const critical = vulns.critical \|\| 0;
	const high = vulns.high \|\| 0;
	const moderate = vulns.moderate \|\| 0;
	const low = vulns.low \|\| 0;

	let status = '✅ No vulnerabilities found';
	let emoji = '✅';

	if (critical > 0) {
	status = `🔴 ${critical} critical vulnerabilities found`;
	emoji = '🔴';
	} else if (high > 0) {
	status = `🟠 ${high} high severity vulnerabilities found`;
	emoji = '🟠';
	} else if (moderate > 0) {
	status = `🟡 ${moderate} moderate vulnerabilities found`;
	emoji = '🟡';
	} else if (low > 0) {
	status = `🟢 ${low} low severity vulnerabilities found`;
	emoji = '🟢';
	}

	const comment = `## ${emoji} Dependency Security Audit

	${status}

	\| Severity \| Count \|
	\|----------\|-------\|
	\| 🔴 Critical \| ${critical} \|
	\| 🟠 High \| ${high} \|
	\| 🟡 Moderate \| ${moderate} \|
	\| 🟢 Low \| ${low} \|

	${critical > 0 ? '⚠️ Action Required: Critical vulnerabilities must be resolved before merging.' : ''}
	${high > 0 ? '⚠️ Recommended: High severity vulnerabilities should be addressed.' : ''}

	<details>
	<summary>View full audit report</summary>

	\`\`\`
	${fs.readFileSync('audit-report.txt', 'utf8').slice(0, 5000)}
	\`\`\`

	</details>
	`;

	github.rest.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: comment
	});

	dependency-review:
	name: Dependency Review
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Dependency Review
	uses: actions/dependency-review-action@v4
	with:
	fail-on-severity: high
	comment-summary-in-pr: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps-dev): bump eslint-plugin-jsdoc from 48.11.0 to 61.1.5 #30

Workflow file

chore(deps-dev): bump eslint-plugin-jsdoc from 48.11.0 to 61.1.5 #30

Uh oh!

Jobs

Run details

Workflow file for this run