fix: harden frontend-builder with npm upgrade to mitigate bundled CVEs

2026-03-16 12:26:55 +00:00
parent 5e5eae7422
commit 79800871fa
4 changed files with 337 additions and 515 deletions
--- a/scripts/pre-commit-hooks/semgrep-scan.sh
+++ b/scripts/pre-commit-hooks/semgrep-scan.sh
@@ -28,9 +28,8 @@ else
    --config p/react
    --config p/secrets
    --config p/dockerfile
-    --config p/bash
  )
-  echo "Running Semgrep with configs: p/golang, p/javascript, p/typescript, p/react, p/secrets, p/dockerfile, p/bash"
+  echo "Running Semgrep with configs: p/golang, p/javascript, p/typescript, p/react, p/secrets, p/dockerfile"
 fi

 semgrep scan \