remove refs to snyk

it does’t work with `pnpm`, but https://github.com/guardian/dotcom-rendering/security/dependabot does.
guardian · Jan 2, 2024 · 972ef45 · 972ef45
1 parent 08d0e6d
commit 972ef45
Show file tree

Hide file tree

Showing 12 changed files with 2 additions and 181 deletions.
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
diff --git a/dotcom-rendering/README.md b/dotcom-rendering/README.md
@@ -143,9 +143,9 @@ See [the makefile](https://github.com/guardian/dotcom-rendering/blob/main/dotcom
 
 [Read about testing tools and testing strategy](docs/testing.md).
 
-### Snyk Code Scanning
+### Vulnerabilities
 
-There's a Github action set up on the repository to scan for vulnerabilities. This is set to "continue on error" and so will show a green tick regardless. In order to check the vulnerabilities we can use the Github code scanning feature in the security tab and this will list all vulnerabilities for a given branch etc. You should use this if adding/removing/updating packages to see if there are any vulnerabilities.
+To check for vulnerabilities, use the Github code scanning feature in the security tab. This will list all vulnerabilities for a given branch etc. You should use this if adding/removing/updating packages to see if there are any vulnerabilities.
 
 ## IDE setup
 

diff --git a/...endering/docs/development/detecting-and-correcting-vulnerabilities-with-snyk.md b/...endering/docs/development/detecting-and-correcting-vulnerabilities-with-snyk.md
diff --git a/dotcom-rendering/docs/snyk/how-to.md b/dotcom-rendering/docs/snyk/how-to.md
diff --git a/dotcom-rendering/docs/snyk/snyk-dcr-structure.png b/dotcom-rendering/docs/snyk/snyk-dcr-structure.png
diff --git a/dotcom-rendering/docs/snyk/snyk-history.png b/dotcom-rendering/docs/snyk/snyk-history.png
diff --git a/dotcom-rendering/docs/snyk/snyk-screenshot.png b/dotcom-rendering/docs/snyk/snyk-screenshot.png
diff --git a/dotcom-rendering/docs/snyk/snyk_google_login.png b/dotcom-rendering/docs/snyk/snyk_google_login.png
diff --git a/dotcom-rendering/docs/snyk/snyk_google_sso.png b/dotcom-rendering/docs/snyk/snyk_google_sso.png
diff --git a/dotcom-rendering/makefile b/dotcom-rendering/makefile
@@ -203,20 +203,3 @@ gen-fixtures:
 
 perf-test:
 	@node scripts/perf/perf-test.js
-
-# Because Snyk finds vulnerabilities snyk test command exits with error code 1 and make picks it up.
-# Adding - at the beginning of the command ignores the error and we're getting:
-# make: [snyk] Error 1 (ignored)
-# See docs: https://www.gnu.org/software/make/manual/html_node/Errors.html#:~:text=To%20ignore%20errors%20in%20a,to%20the%20shell%20for%20execution.&text=This%20causes%20make%20to%20continue,unable%20to%20remove%20a%20file
-
-snyk:
-	-@snyk test --severity-threshold=high --file="../package.json"
-
-snyk-dcr:
-	-@snyk test --severity-threshold=high --file=package.json
-
-snyk-ar:
-	-@snyk test --severity-threshold=high --file=../apps-rendering/package.json
-
-snyk-storybooks:
-	-@snyk test --severity-threshold=high --file=../storybooks/package.json
diff --git a/dotcom-rendering/package.json b/dotcom-rendering/package.json
@@ -221,7 +221,6 @@
 		"semver": "7.5.4",
 		"serve-static": "1.15.0",
 		"simple-progress-webpack-plugin": "2.0.0",
-		"snyk": "1.1103.0",
 		"source-map": "0.7.4",
 		"start-server-and-test": "2.0.3",
 		"storybook": "7.6.6",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml