diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 0af6213f..b75779b0 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -403,7 +403,7 @@ jobs: # Generate SBOM (Software Bill of Materials) for supply chain security # Only for production builds (main/development) - feature branches use downstream supply-chain-pr.yml - name: Generate SBOM - uses: anchore/sbom-action@62ad5284b8ced813296287a0b63906cb364b73ee # v0.22.0 + uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56 # v0.22.1 if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true' && steps.skip.outputs.is_feature_push != 'true' with: image: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }} diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml index bdc856be..9f8e50f9 100644 --- a/.github/workflows/nightly-build.yml +++ b/.github/workflows/nightly-build.yml @@ -142,7 +142,7 @@ jobs: sbom: true - name: Generate SBOM - uses: anchore/sbom-action@62ad5284b8ced813296287a0b63906cb364b73ee # v0.22.0 + uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56 # v0.22.1 with: image: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:nightly format: cyclonedx-json @@ -300,7 +300,7 @@ jobs: name: sbom-nightly - name: Scan with Grype - uses: anchore/scan-action@0d444ed77d83ee2ba7f5ced0d90d640a1281d762 # v7.3.0 + uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175 # v7.3.1 with: sbom: sbom-nightly.json fail-build: false diff --git a/.github/workflows/security-pr.yml b/.github/workflows/security-pr.yml index 34cea0bd..3e6ef5f8 100644 --- a/.github/workflows/security-pr.yml +++ b/.github/workflows/security-pr.yml @@ -214,7 +214,7 @@ jobs: - name: Upload Trivy SARIF to GitHub Security if: steps.check-artifact.outputs.artifact_exists == 'true' # github/codeql-action v4 - uses: github/codeql-action/upload-sarif@ee1e1399e292f3386c840526dac6a4dc7509ad72 + uses: github/codeql-action/upload-sarif@b126facd4e5d140dbdf5202489ec4a70ff75ce5c with: sarif_file: 'trivy-binary-results.sarif' category: ${{ steps.pr-info.outputs.is_push == 'true' && format('security-scan-{0}', github.event.workflow_run.head_branch) || format('security-scan-pr-{0}', steps.pr-info.outputs.pr_number) }} diff --git a/.github/workflows/supply-chain-pr.yml b/.github/workflows/supply-chain-pr.yml index fcbad334..ba2d66b6 100644 --- a/.github/workflows/supply-chain-pr.yml +++ b/.github/workflows/supply-chain-pr.yml @@ -296,7 +296,7 @@ jobs: - name: Upload SARIF to GitHub Security if: steps.check-artifact.outputs.artifact_found == 'true' # github/codeql-action v4 - uses: github/codeql-action/upload-sarif@ee1e1399e292f3386c840526dac6a4dc7509ad72 + uses: github/codeql-action/upload-sarif@b126facd4e5d140dbdf5202489ec4a70ff75ce5c continue-on-error: true with: sarif_file: grype-results.sarif diff --git a/frontend/package-lock.json b/frontend/package-lock.json index 900d042f..0118fbfc 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -15,7 +15,7 @@ "@radix-ui/react-tabs": "^1.1.13", "@radix-ui/react-tooltip": "^1.2.8", "@tanstack/react-query": "^5.90.20", - "axios": "^1.13.3", + "axios": "^1.13.4", "class-variance-authority": "^0.7.1", "clsx": "^2.1.1", "date-fns": "^4.1.0", @@ -26,7 +26,7 @@ "react-dom": "^19.2.4", "react-hook-form": "^7.71.1", "react-hot-toast": "^2.6.0", - "react-i18next": "^16.5.3", + "react-i18next": "^16.5.4", "react-router-dom": "^7.13.0", "tailwind-merge": "^3.4.0", "tldts": "^7.0.19" @@ -38,7 +38,7 @@ "@testing-library/react": "^16.3.2", "@testing-library/user-event": "^14.6.1", "@types/node": "^25.0.10", - "@types/react": "^19.2.9", + "@types/react": "^19.2.10", "@types/react-dom": "^19.2.3", "@typescript-eslint/eslint-plugin": "^8.54.0", "@typescript-eslint/parser": "^8.54.0", @@ -3101,9 +3101,9 @@ } }, "node_modules/@types/react": { - "version": "19.2.9", - "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.9.tgz", - "integrity": "sha512-Lpo8kgb/igvMIPeNV2rsYKTgaORYdO1XGVZ4Qz3akwOj0ySGYMPlQWa8BaLn0G63D1aSaAQ5ldR06wCpChQCjA==", + "version": "19.2.10", + "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.10.tgz", + "integrity": "sha512-WPigyYuGhgZ/cTPRXB2EwUw+XvsRA3GqHlsP4qteqrnnjDrApbS7MxcGr/hke5iUoeB7E/gQtrs9I37zAJ0Vjw==", "devOptional": true, "license": "MIT", "peer": true, @@ -3706,9 +3706,9 @@ } }, "node_modules/axios": { - "version": "1.13.3", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.3.tgz", - "integrity": "sha512-ERT8kdX7DZjtUm7IitEyV7InTHAF42iJuMArIiDIV5YtPanJkgw4hw5Dyg9fh0mihdWNn1GKaeIWErfe56UQ1g==", + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.4.tgz", + "integrity": "sha512-1wVkUaAO6WyaYtCkcYCOx12ZgpGf9Zif+qXa4n+oYzK558YryKqiL6UWwd5DqiH3VRW0GYhTZQ/vlgJrCoNQlg==", "license": "MIT", "dependencies": { "follow-redirects": "^1.15.6", @@ -5947,7 +5947,9 @@ } }, "node_modules/react-i18next": { - "version": "16.5.3", + "version": "16.5.4", + "resolved": "https://registry.npmjs.org/react-i18next/-/react-i18next-16.5.4.tgz", + "integrity": "sha512-6yj+dcfMncEC21QPhOTsW8mOSO+pzFmT6uvU7XXdvM/Cp38zJkmTeMeKmTrmCMD5ToT79FmiE/mRWiYWcJYW4g==", "license": "MIT", "dependencies": { "@babel/runtime": "^7.28.4", diff --git a/frontend/package.json b/frontend/package.json index 1b4710ad..974fc0d8 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -34,7 +34,7 @@ "@radix-ui/react-tabs": "^1.1.13", "@radix-ui/react-tooltip": "^1.2.8", "@tanstack/react-query": "^5.90.20", - "axios": "^1.13.3", + "axios": "^1.13.4", "class-variance-authority": "^0.7.1", "clsx": "^2.1.1", "date-fns": "^4.1.0", @@ -45,7 +45,7 @@ "react-dom": "^19.2.4", "react-hook-form": "^7.71.1", "react-hot-toast": "^2.6.0", - "react-i18next": "^16.5.3", + "react-i18next": "^16.5.4", "react-router-dom": "^7.13.0", "tailwind-merge": "^3.4.0", "tldts": "^7.0.19" @@ -57,7 +57,7 @@ "@testing-library/react": "^16.3.2", "@testing-library/user-event": "^14.6.1", "@types/node": "^25.0.10", - "@types/react": "^19.2.9", + "@types/react": "^19.2.10", "@types/react-dom": "^19.2.3", "@typescript-eslint/eslint-plugin": "^8.54.0", "@typescript-eslint/parser": "^8.54.0",