kleros
diff --git a/‎.github/dependabot.yml‎
Lines changed: 0 additions & 46 deletions b/‎.github/dependabot.yml‎
Lines changed: 0 additions & 46 deletions
diff --git a/‎.github/workflows/contracts-testing.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/contracts-testing.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/dependency-review.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/dependency-review.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/deploy-bots.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/deploy-bots.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/deploy-subgraph.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/deploy-subgraph.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/scorecards.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/scorecards.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/sentry-release.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/sentry-release.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.whitesource‎
Lines changed: 23 additions & 0 deletions b/‎.whitesource‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎bot-pinner/Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎bot-pinner/Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎bot-pinner/package.json‎
Lines changed: 2 additions & 2 deletions b/‎bot-pinner/package.json‎
Lines changed: 2 additions & 2 deletions
@@ -17,41 +17,6 @@ updates:
     assignees:
       - jaybuidl
 
-  - package-ecosystem: npm
-    directory: /contracts
-    target-branch: dev
-    schedule:
-      interval: weekly
-    open-pull-requests-limit: 10
-    labels:
-      - dependencies
-    assignees:
-      - jaybuidl
-
-  - package-ecosystem: npm
-    directory: /subgraph
-    target-branch: dev
-    schedule:
-      interval: weekly
-    open-pull-requests-limit: 10
-    labels:
-      - dependencies
-    assignees:
-      - jaybuidl
-      - alcercu
-
-  - package-ecosystem: npm
-    directory: /web
-    target-branch: dev
-    schedule:
-      interval: weekly
-    open-pull-requests-limit: 10
-    labels:
-      - dependencies
-    assignees:
-      - jaybuidl
-      - alcercu
-
   - package-ecosystem: github-actions
     directory: /
     target-branch: dev
@@ -85,17 +50,6 @@ updates:
     assignees:
       - jaybuidl
 
-  - package-ecosystem: npm
-    directory: /bot-pinner
-    target-branch: dev
-    schedule:
-      interval: weekly
-    open-pull-requests-limit: 10
-    labels:
-      - dependencies
-    assignees:
-      - jaybuidl
-
   - package-ecosystem: pip
     directory: /bot-pinner
     target-branch: dev
 
@@ -35,10 +35,10 @@ jobs:
       with:
         node-version: 16.x   
 
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
 
     - name: Cache node modules
-      uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146
+      uses: actions/cache@67b839edb68371cc5014f6cea11c9aa77238de78
       env:
         cache-name: cache-node-modules
       with:
 
@@ -26,6 +26,6 @@ jobs:
             github.com:443
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v3.5.1
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
+        uses: actions/dependency-review-action@1360a344ccb0ab6e9475edef90ad2f46bf8003b1 # v3.0.6
@@ -8,14 +8,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
+        uses: step-security/harden-runner@215c5ca5ec7b0ee8425ee2e531db206868f0b83b
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
       - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0
-      - uses: aws-actions/setup-sam@2993f015a7af30461b7641a256042fe0c6fc0c2e
-      - uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
+      - uses: aws-actions/setup-sam@12a6719db503425e98edcc798b6779590a450e8f
+      - uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355
         with:
           aws-access-key-id: ${{ secrets.STAGING_AWS_ACCESS_KEY }}
           aws-secret-access-key: ${{ secrets.STAGING_AWS_SECRET_KEY }}
 
@@ -26,7 +26,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout code
-        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       - name: Set up Node.js
         uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2
 
@@ -49,7 +49,7 @@ jobs:
             sigstore-tuf-root.storage.googleapis.com:443
 
       - name: "Checkout code"
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.1.0
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           persist-credentials: false
 
@@ -76,14 +76,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.0
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.1.27
+        uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27
         with:
           sarif_file: results.sarif
@@ -28,10 +28,10 @@ jobs:
           registry.yarnpkg.com:443
           sentry.io:443
 
-    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
 
     - name: Cache node modules
-      uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146
+      uses: actions/cache@67b839edb68371cc5014f6cea11c9aa77238de78
       env:
         cache-name: cache-node-modules
       with:
 
@@ -0,0 +1,23 @@
+{
+  "scanSettings": {
+    "baseBranches": ["dev", "master"]
+  },
+  "checkRunSettings": {
+    "vulnerableCheckRunConclusionLevel": "failure",
+    "displayMode": "diff",
+    "useMendCheckNames": true
+  },
+  "issueSettings": {
+    "minSeverityLevel": "MEDIUM",
+    "issueType": "DEPENDENCY",
+    "customLabels": ["Type: Security🛡️", "dependencies"],
+    "assignees": ["jaybuidl"]
+  },
+  "remediateSettings": {
+    "workflowRules": {
+      "enabled": true,
+        "minVulnerabilityScore": 3,
+        "maxVulnerabilityScore": 10
+    }
+  }
+}
@@ -1,4 +1,4 @@
-FROM python:3@sha256:3a619e3c96fd4c5fc5e1998fd4dcb1f1403eb90c4c6409c70d7e80b9468df7df
+FROM python:3@sha256:2dd2f9000021839e8fba0debd8a2308c7e26f95fdfbc0c728eeb0b5b9a8c6a39
 
 WORKDIR /usr/src/app
 
 
@@ -4,7 +4,7 @@
   "description": "Pinning of the court data to decentralized storage.",
   "author": "Kleros",
   "license": "MIT",
-  "packageManager": "yarn@3.1.0",
+  "packageManager": "yarn@3.3.1",
   "volta": {
     "node": "16.13.0"
   },
@@ -19,6 +19,6 @@
     "node": ">=16.13.0"
   },
   "devDependencies": {
-    "@dappnode/dappnodesdk": "^0.2.98"
+    "@dappnode/dappnodesdk": "^0.3.7"
   }
 }
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM python:3@sha256:3a619e3c96fd4c5fc5e1998fd4dcb1f1403eb90c4c6409c70d7e80b9468df7df`
	`1`	`+FROM python:3@sha256:2dd2f9000021839e8fba0debd8a2308c7e26f95fdfbc0c728eeb0b5b9a8c6a39`
`2`	`2`
`3`	`3`	`WORKDIR /usr/src/app`
`4`	`4`