Remove unused audit-ci dependency

There is a `yarn ci` script which was using audit-ci but this does not appear to be called anywhere. The security worflow uses `yarn audit` and `npm audit` which seem fine enough anyway.
coder · Jul 10, 2024 · a9eb923 · a9eb923
1 parent 2b33ca8
commit a9eb923
Show file tree

Hide file tree

Showing 7 changed files with 8 additions and 188 deletions.
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -19,7 +19,7 @@ concurrency:
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 jobs:
-  audit-ci:
+  audit:
     name: Audit node modules
     runs-on: ubuntu-latest
     timeout-minutes: 15

diff --git a/ci/README.md b/ci/README.md
@@ -24,8 +24,6 @@ This directory contains scripts used for the development of code-server.
   - Runs unit tests.
 - [./ci/dev/test-e2e.sh](./dev/test-e2e.sh) (`yarn test:e2e`)
   - Runs end-to-end tests.
-- [./ci/dev/ci.sh](./dev/ci.sh) (`yarn ci`)
-  - Runs `yarn fmt`, `yarn lint` and `yarn test`.
 - [./ci/dev/watch.ts](./dev/watch.ts) (`yarn watch`)
   - Starts a process to build and launch code-server and restart on any code changes.
   - Example usage in [./docs/CONTRIBUTING.md](../docs/CONTRIBUTING.md).

diff --git a/ci/dev/audit.sh b/ci/dev/audit.sh
diff --git a/ci/dev/ci.sh b/ci/dev/ci.sh
diff --git a/docs/SECURITY.md b/docs/SECURITY.md
@@ -17,10 +17,8 @@ We use the following tools to help us stay on top of vulnerability mitigation.
     - Comprehensive vulnerability scanner that runs on PRs into the default
       branch and scans both our container image and repository code (see
       `trivy-scan-repo` and `trivy-scan-image` jobs in `build.yaml`)
-- [`audit-ci`](https://github.com/IBM/audit-ci)
-  - Audits npm and Yarn dependencies in CI (see `Audit for vulnerabilities` step
-    in `build.yaml`) on PRs into the default branch and fails CI if moderate or
-    higher vulnerabilities (see the `audit.sh` script) are present.
+- `yarn audit` and `npm audit`
+  - Audits Yarn/NPM dependencies.
 
 ## Supported Versions
 

diff --git a/package.json b/package.json
@@ -27,12 +27,10 @@
     "postinstall": "./ci/dev/postinstall.sh",
     "publish:npm": "./ci/steps/publish-npm.sh",
     "publish:docker": "./ci/steps/docker-buildx-push.sh",
-    "_audit": "./ci/dev/audit.sh",
     "fmt": "yarn prettier && ./ci/dev/doctoc.sh",
     "lint:scripts": "./ci/dev/lint-scripts.sh",
     "lint:ts": "eslint --max-warnings=0 --fix $(git ls-files '*.ts' '*.js' | grep -v 'lib/vscode')",
     "test": "echo 'Run yarn test:unit or yarn test:e2e' && exit 1",
-    "ci": "./ci/dev/ci.sh",
     "watch": "VSCODE_DEV=1 VSCODE_IPC_HOOK_CLI= NODE_OPTIONS='--max_old_space_size=32384 --trace-warnings' ts-node ./ci/dev/watch.ts",
     "icons": "./ci/dev/gen_icons.sh"
   },
@@ -53,7 +51,6 @@
     "@types/ws": "^8.5.5",
     "@typescript-eslint/eslint-plugin": "^7.0.0",
     "@typescript-eslint/parser": "^6.7.2",
-    "audit-ci": "^6.6.1",
     "doctoc": "^2.2.1",
     "eslint": "^8.49.0",
     "eslint-config-prettier": "^9.0.0",