This commit updates various dependencies to their latest versions.
Other changes include:
- Moved the following from `devDependencies` to `dependencies`:
- `electron-log`
- `electron-updater`
- Remove `npm` dependency.
- Code changes:
- Add type casting in several places to align with the latest
`typescript` version.
- Adopt to new return type of `setTimeout`.
- Dependencies not upgraded due to
`@vue/eslint-config-airbnb-with-typescript` not supporting
`@eslint-typescript` V6 (see vuejs/eslint-config-airbnb#58):
- `vue/eslint-config-typescript`
- `@typescript-eslint/eslint-plugin`
- `@typescript-eslint/parser`
- Enable video recording for cypress as it's disabled by default since
13.X.X.
This commit incorporates Static Analysis Security Testing (SAST) using
CodeQL. This integration will enforce consistent security assessments
with every change and on a predetermined schedule.
This commit also involves a restructure of security checks. The existing
security-checks workflow is renamed to better reflect its functionality
related to dependency audits.
These changes will enhance the project's resilience against potential
vulnerabilities in both the codebase and third-party dependencies.
Changes include:
- Remove older LGTM badge that's replaced by SAST checks.
- Rename `checks.security.yaml` to `checks.security.dependencies.yaml`,
reinforcing the focus on dependency audits.
- Update `README.md`, ensuring the clear representation of security
check statuses, including new SAST integration.
- Add new `SECURITY.md`, establishing the protocol for reporting
vulnerabilities and outlining the project's commitment to robust
security testing.
- Enhance `docs/tests.md` with detailed information on the newly
integrated security checks.
- Add reference to SECURITY.md in README.md.
