chore: add override for cross-spawn vulnerability (#3154)

* chore: add override for cross-spawn vulnerability

* chore: debugging trivy

* Revert "chore: debugging trivy"

This reverts commit c8434d2.

* chore(ci): trivy ignore

* chore(ci): debug trivvy

* Revert "chore(ci): debug trivvy"

This reverts commit 81023c6.

* chore(ci): debug trivy

* chore(ci): checkout repo during trivy check

* chore(ci): add expiry to ignored vulnerability

* chore(ci): ignore vulnerability in grype

* chore(ci): remove debug flag from trivy scan

Author: mkurapov

.github/workflows/node-build.yml

@@ -291,6 +291,7 @@ jobs:
           - backend
           - frontend
     steps:
+      - uses: actions/checkout@v4
       - name: Fetch docker image from cache
         uses: actions/cache/restore@v4
         with:
@@ -326,6 +327,7 @@ jobs:
           - backend
           - frontend
     steps:
+      - uses: actions/checkout@v4
       - name: Fetch docker image from cache
         uses: actions/cache/restore@v4
         with:

.grype.yaml

@@ -0,0 +1,2 @@
+ignore:
+  - vulnerability: GHSA-3xgq-45jj-v275

.trivyignore

@@ -0,0 +1 @@
+CVE-2024-21538 exp:2024-12-31

package.json

@@ -78,7 +78,8 @@
       "tar@<6.2.1": ">=6.2.1",
       "braces@<3.0.3": ">=3.0.3",
       "@grpc/grpc-js@>=1.10.0 <1.10.9": ">=1.10.9",
-      "dset@<3.1.4": ">=3.1.4"
+      "dset@<3.1.4": ">=3.1.4",
+      "cross-spawn@>=7.0.0 <7.0.5": ">=7.0.5"
     }
   }
 }