Dep updates (#1297)

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow)
followed

.github/actions/node/action.yaml

@@ -6,5 +6,5 @@ runs:
   steps:
     - uses: actions/setup-node@v3
       with:
-        node-version: 16
+        node-version: 18
         cache: "npm"

.github/codeql.yaml

@@ -2,6 +2,7 @@ paths-ignore:
   - src/pkg/packager/network.go
   - src/pkg/utils/network.go
   - src/pkg/utils/credentials.go
+  - docs-website/**
   - build/**
 
 query-filters:

.github/workflows/release.yml

@@ -58,6 +58,7 @@ jobs:
       - name: Run Tests
         run: |
           sudo env "PATH=$PATH" CI=true APPLIANCE_MODE=true make test-e2e ARCH=amd64
+          sudo rm -rf zarf-sbom
           sudo chown $USER /tmp/zarf-*.log
 
       - name: Save logs
@@ -70,7 +71,7 @@ jobs:
 
       # Set up AWS credentials for GoReleaser to upload backups of artifacts to S3
       - name: Set AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v1-node16
         with:
           aws-access-key-id: ${{ secrets.AWS_GOV_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_GOV_SECRET_ACCESS_KEY }}

.github/workflows/scan-codeql.yml

@@ -40,6 +40,9 @@ jobs:
       - name: Setup golang
         uses: ./.github/actions/golang
 
+      - name: Setup NodeJS
+        uses: ./.github/actions/node
+
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2

.github/workflows/test-ui.yml

@@ -39,9 +39,12 @@ jobs:
       - name: Cache browsers
         uses: actions/cache@v3
         with:
-          path: "~/Library/Caches/ms-playwright/"
+          path: "~/.cache/ms-playwright/"
           key: ${{ runner.os }}-browsers
 
+      - name: Ensure playright is installed
+        run: npx playwright install
+
       - name: Run UI tests
         run: >
           npm run test:pre-init &&

.grype.yaml

@@ -16,3 +16,6 @@ ignore:
 
   # From yargs - only used through quicktype as a dev dependency
   - vulnerability: GHSA-p9pc-299p-vxgp
+
+  # Grype being stupid again, https://nvd.nist.gov/vuln/detail/CVE-2018-25076 is a php vulnerability 🤦
+  - vulnerability: CVE-2018-25076

Makefile

@@ -179,10 +179,10 @@ test-docs-and-schema:
 
 # INTERNAL: used to test for new CVEs that may have been introduced
 test-cves: ensure-ui-build-dir
-	go run main.go tools sbom packages . -o json | grype --fail-on low
+	go run main.go tools sbom packages . -o json --exclude './docs-website' | grype --fail-on low
 
 cve-report: ensure-ui-build-dir ## Create a CVE report for the current project (must `brew install grype` first)
-	go run main.go tools sbom packages . -o json | grype -o template -t hack/grype.tmpl > build/zarf-known-cves.csv
+	go run main.go tools sbom packages . -o json --exclude './docs-website' | grype -o template -t hack/grype.tmpl > build/zarf-known-cves.csv
 
 lint-go: ## Run revive to lint the go code (must `brew install revive` first)
 	revive -config revive.toml -exclude src/cmd/viper.go -formatter stylish ./src/...