Robert Kaussow e1a273d25d Update docs deps to address cves (#2080)
Related-to: https://github.com/woodpecker-ci/woodpecker/pull/2078

Remaining CVEs:

```
❯ trivy fs --exit-code 1 --skip-dirs node_modules/,plugins/woodpecker-plugins/node_modules/ docs/
2023-08-01T10:02:36.911+0200	INFO	Vulnerability scanning is enabled
2023-08-01T10:02:36.911+0200	INFO	Secret scanning is enabled
2023-08-01T10:02:36.911+0200	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-08-01T10:02:36.911+0200	INFO	Please see also https://aquasecurity.github.io/trivy/v0.43/docs/scanner/secret/#recommendation for faster secret detection
2023-08-01T10:02:36.963+0200	INFO	Number of language-specific files: 1
2023-08-01T10:02:36.963+0200	INFO	Detecting pnpm vulnerabilities...

pnpm-lock.yaml (pnpm)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Installed Version │ Fixed Version  │                            Title                             │
├─────────┼────────────────┼──────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ got     │ CVE-2022-33987 │ MEDIUM   │ 9.6.0             │ 11.8.5, 12.1.0 │ missing verification of requested URLs allows redirects to   │
│         │                │          │                   │                │ UNIX sockets                                                 │
│         │                │          │                   │                │ https://avd.aquasec.com/nvd/cve-2022-33987                   │
├─────────┼────────────────┼──────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ trim    │ CVE-2020-7753  │ HIGH     │ 0.0.1             │ 0.0.3          │ nodejs-trim: Regular Expression Denial of Service (ReDoS) in │
│         │                │          │                   │                │ trim function                                                │
│         │                │          │                   │                │ https://avd.aquasec.com/nvd/cve-2020-7753                    │
└─────────┴────────────────┴──────────┴───────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘
```

- `trim` is pulled in by `@docusaurus/theme-classic` and can be ignored
due to
https://github.com/facebook/docusaurus/issues/7275#issuecomment-1113997259
- `got` can be ignored as well, see `trim`
2023-08-01 13:30:44 +02:00
2023-07-31 05:47:23 +02:00
2023-07-31 05:47:23 +02:00
2023-07-31 05:47:23 +02:00
2023-07-31 05:47:23 +02:00
2023-06-03 21:38:36 +02:00
2023-07-07 07:04:34 +02:00
2023-01-01 19:33:08 +01:00
2023-07-21 21:56:24 +02:00
2023-07-21 21:56:24 +02:00
2023-07-31 05:47:23 +02:00

Woodpecker


Translation status


Woodpecker

Woodpecker is a community fork of the Drone CI system.

woodpecker

🫶 Support

Please consider to donate and become a backer. 🙏 [Become a backer]

🚀 Usage

.woodpecker.yml

  • Place your pipeline in a file named .woodpecker.yml in your repository
  • Pipeline steps can be named as you like
  • Run any command in the commands section

Read More

Build steps are containers

  • Define any Docker image as context
  • Install the needed tools in custom Docker images, use them as context

Read More

Plugins

Woodpecker has official plugins, but you can also use your own.

Read More

📖 Documentation

https://woodpecker-ci.org/

Contribute

See Contributing Guide

Open in Gitpod

📣 Translate

We use an own Weblate instance at translate.woodpecker-ci.org.

Translation status

👋 Who uses Woodpecker?

Codeberg, the Woodpecker project itself, and many others.

Leave a comment if you're using it as well.

Also consider using the topic WoodpeckerCI in your repository, so others can learn from your config and use the hashtag #WoodpeckerCI when talking about the project on social media!

Here are some places where people mention Woodpecker:

Stars over time

Stargazers over time

License

Woodpecker is Apache 2.0 licensed with the source files in this repository having a header indicating which license they are under and what copyrights apply.

Files under the docs/ folder are licensed under Creative Commons Attribution-ShareAlike 4.0 International Public License.

Description
Woodpecker is a community fork of the Drone CI system.
Readme 153 MiB
Languages
Go 84.3%
Vue 10.8%
TypeScript 3.6%
Makefile 0.8%
CSS 0.4%