update scorecard.yml to run on pull request synchronize; fix some vulnerabilities

2025-05-10 11:10:54 +00:00 · 2025-01-08 13:04:47 -05:00 · 2025-01-08 13:04:47 -05:00 · 964da0cc03
commit 964da0cc03
parent ae2449bc5f
4 changed files with 12 additions and 19 deletions
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -4,6 +4,9 @@

 name: Scorecard supply-chain security
 on:
+  pull_request:
+    types:
+      - synchronize
  workflow_dispatch:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
@ -20,6 +23,7 @@ permissions: read-all

 jobs:
  analysis:
+    if: ${{ !(github.event_name == 'pull_request' && !startsWith(github.head_ref, '3466'))}}
    name: Scorecard analysis
    runs-on: ubuntu-latest
    permissions:
--- a/package-lock.json
+++ b/package-lock.json
@ -10883,20 +10883,6 @@
        "url": "https://opencollective.com/lint-staged"
      }
    },
-    "node_modules/lint-staged/node_modules/micromatch": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
-      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "braces": "^3.0.2",
-        "picomatch": "^2.3.1"
-      },
-      "engines": {
-        "node": ">=8.6"
-      }
-    },
    "node_modules/listr2": {
      "version": "6.6.1",
      "resolved": "https://registry.npmjs.org/listr2/-/listr2-6.6.1.tgz",
@ -11531,9 +11517,9 @@
      "license": "MIT"
    },
    "node_modules/nanoid": {
-      "version": "3.3.7",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz",
-      "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==",
+      "version": "3.3.8",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz",
+      "integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==",
      "dev": true,
      "funding": [
        {
@ -11541,7 +11527,6 @@
          "url": "https://github.com/sponsors/ai"
        }
      ],
-      "license": "MIT",
      "bin": {
        "nanoid": "bin/nanoid.cjs"
      },
--- a/package.json
+++ b/package.json
@ -36,7 +36,10 @@
    "turbo": "^1.6.3"
  },
  "overrides": {
-    "cross-spawn": "^7.0.5"
+    "cross-spawn": "^7.0.5",
+    "nanoid": "^3.3.8",
+    "micromatch": "^4.0.8",
+    "vue-template-compiler": "^3.0.0"
  },
  "prettier": {
    "printWidth": 100
--- a/pyproject.toml
+++ b/pyproject.toml
@ -3,6 +3,7 @@ package-mode = false

 [tool.poetry.dependencies]
 python = "^3.8"
+certifi = "^2024.07.04"

 [tool.poetry.dev-dependencies]
 mkdocs = "^1.6.0"