diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 126fa950..f6c11e4b 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -527,7 +527,7 @@ jobs: - name: Run Trivy scan (table output) if: env.TRIGGER_EVENT != 'pull_request' && steps.skip.outputs.skip_build != 'true' && steps.skip.outputs.is_feature_push != 'true' - uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # 0.34.0 + uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # 0.34.1 with: image-ref: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }} format: 'table' @@ -538,7 +538,7 @@ jobs: - name: Run Trivy vulnerability scanner (SARIF) if: env.TRIGGER_EVENT != 'pull_request' && steps.skip.outputs.skip_build != 'true' && steps.skip.outputs.is_feature_push != 'true' id: trivy - uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # 0.34.0 + uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # 0.34.1 with: image-ref: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }} format: 'sarif' @@ -684,7 +684,7 @@ jobs: echo "✅ Image freshness validated" - name: Run Trivy scan on PR image (table output) - uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # 0.34.0 + uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # 0.34.1 with: image-ref: ${{ steps.pr-image.outputs.image_ref }} format: 'table' @@ -693,7 +693,7 @@ jobs: - name: Run Trivy scan on PR image (SARIF - blocking) id: trivy-scan - uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # 0.34.0 + uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # 0.34.1 with: image-ref: ${{ steps.pr-image.outputs.image_ref }} format: 'sarif' diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml index fcda8700..4e7a2da4 100644 --- a/.github/workflows/nightly-build.yml +++ b/.github/workflows/nightly-build.yml @@ -343,7 +343,7 @@ jobs: severity-cutoff: high - name: Scan with Trivy - uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # 0.34.0 + uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # 0.34.1 with: image-ref: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ needs.build-and-push-nightly.outputs.digest }} format: 'sarif' diff --git a/.github/workflows/security-pr.yml b/.github/workflows/security-pr.yml index b5e52933..94406466 100644 --- a/.github/workflows/security-pr.yml +++ b/.github/workflows/security-pr.yml @@ -268,7 +268,7 @@ jobs: - name: Run Trivy filesystem scan (SARIF output) if: steps.check-artifact.outputs.artifact_exists == 'true' || github.event_name == 'push' || github.event_name == 'pull_request' # aquasecurity/trivy-action v0.33.1 - uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 + uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 with: scan-type: 'fs' scan-ref: ${{ steps.extract.outputs.binary_path }} @@ -289,7 +289,7 @@ jobs: - name: Run Trivy filesystem scan (fail on CRITICAL/HIGH) if: steps.check-artifact.outputs.artifact_exists == 'true' || github.event_name == 'push' || github.event_name == 'pull_request' # aquasecurity/trivy-action v0.33.1 - uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 + uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 with: scan-type: 'fs' scan-ref: ${{ steps.extract.outputs.binary_path }} diff --git a/.github/workflows/security-weekly-rebuild.yml b/.github/workflows/security-weekly-rebuild.yml index affaae24..3f4a4b52 100644 --- a/.github/workflows/security-weekly-rebuild.yml +++ b/.github/workflows/security-weekly-rebuild.yml @@ -88,7 +88,7 @@ jobs: BASE_IMAGE=${{ steps.base-image.outputs.digest }} - name: Run Trivy vulnerability scanner (CRITICAL+HIGH) - uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # 0.34.0 + uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # 0.34.1 with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }} format: 'table' @@ -98,7 +98,7 @@ jobs: - name: Run Trivy vulnerability scanner (SARIF) id: trivy-sarif - uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # 0.34.0 + uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # 0.34.1 with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }} format: 'sarif' @@ -111,7 +111,7 @@ jobs: sarif_file: 'trivy-weekly-results.sarif' - name: Run Trivy vulnerability scanner (JSON for artifact) - uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # 0.34.0 + uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # 0.34.1 with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }} format: 'json' diff --git a/frontend/package-lock.json b/frontend/package-lock.json index 857bceb8..af6ab10a 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -24,7 +24,7 @@ "lucide-react": "^0.575.0", "react": "^19.2.4", "react-dom": "^19.2.4", - "react-hook-form": "^7.71.1", + "react-hook-form": "^7.71.2", "react-hot-toast": "^2.6.0", "react-i18next": "^16.5.4", "react-router-dom": "^7.13.0", @@ -52,7 +52,7 @@ "eslint-plugin-react-hooks": "^7.0.1", "eslint-plugin-react-refresh": "^0.5.0", "jsdom": "28.1.0", - "knip": "^5.84.1", + "knip": "^5.85.0", "postcss": "^8.5.6", "tailwindcss": "^4.2.0", "typescript": "^5.9.3", @@ -5709,9 +5709,9 @@ } }, "node_modules/knip": { - "version": "5.84.1", - "resolved": "https://registry.npmjs.org/knip/-/knip-5.84.1.tgz", - "integrity": "sha512-F1+yACEsSapAwmQLzfD4i9uPsnI82P4p5ABpNQ9pcc4fpQtjHEX34XDtNl5863I4O6SCECpymylcWDHI3ouhQQ==", + "version": "5.85.0", + "resolved": "https://registry.npmjs.org/knip/-/knip-5.85.0.tgz", + "integrity": "sha512-V2kyON+DZiYdNNdY6GALseiNCwX7dYdpz9Pv85AUn69Gk0UKCts+glOKWfe5KmaMByRjM9q17Mzj/KinTVOyxg==", "dev": true, "funding": [ { @@ -6622,9 +6622,9 @@ } }, "node_modules/react-hook-form": { - "version": "7.71.1", - "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.71.1.tgz", - "integrity": "sha512-9SUJKCGKo8HUSsCO+y0CtqkqI5nNuaDqTxyqPsZPqIwudpj4rCrAz/jZV+jn57bx5gtZKOh3neQu94DXMc+w5w==", + "version": "7.71.2", + "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.71.2.tgz", + "integrity": "sha512-1CHvcDYzuRUNOflt4MOq3ZM46AronNJtQ1S7tnX6YN4y72qhgiUItpacZUAQ0TyWYci3yz1X+rXaSxiuEm86PA==", "license": "MIT", "engines": { "node": ">=18.0.0" diff --git a/frontend/package.json b/frontend/package.json index 35ae94b7..047b39b7 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -43,7 +43,7 @@ "lucide-react": "^0.575.0", "react": "^19.2.4", "react-dom": "^19.2.4", - "react-hook-form": "^7.71.1", + "react-hook-form": "^7.71.2", "react-hot-toast": "^2.6.0", "react-i18next": "^16.5.4", "react-router-dom": "^7.13.0", @@ -71,7 +71,7 @@ "eslint-plugin-react-hooks": "^7.0.1", "eslint-plugin-react-refresh": "^0.5.0", "jsdom": "28.1.0", - "knip": "^5.84.1", + "knip": "^5.85.0", "postcss": "^8.5.6", "tailwindcss": "^4.2.0", "typescript": "^5.9.3",