App sec and jena updates (#171)

## Aim of the PR
This PR fixes
[AB#379924](https://dev.azure.com/EquinorASA/bb9bd8cb-74f7-4ffa-b0cb-60eff0a0be58/_workitems/edit/379924)

## Implementation 
- Upgrade the README.md to say that this app is only used for local
development and that because of this some of the GHAS alerts are
dismissed.
- npm package upgrades flagged by GHAS 
- Also upgraded jena installation in github action so that it works.

Author: henriettelienrebnor

.github/workflows/rdf_tests.yml

@@ -29,21 +29,21 @@ jobs:
 
       - name: install apache jena
         run: |
-          wget https://dlcdn.apache.org/jena/binaries/apache-jena-5.5.0.tar.gz
+          wget https://dlcdn.apache.org/jena/binaries/apache-jena-5.6.0.tar.gz
           tar -xzvf apache-jena-*.tar.gz
           
       - name: Check ontologies and mappings are valid rdf
         id: validate_ontology_rdf
         run: |
-          export JENA_HOME=$(pwd)/apache-jena-5.5.0/
+          export JENA_HOME=$(pwd)/apache-jena-5.6.0/
           export PATH="$PATH:$JENA_HOME/bin"
           riot --validate owl/*ttl
           riot --validate rml_mappings/imf/*
           riot --validate rml_mappings/graphics/*
           
       - name: Test imf mappings
         run: |
-          export JENA_HOME=$(pwd)/apache-jena-5.5.0/
+          export JENA_HOME=$(pwd)/apache-jena-5.6.0/
           export PATH="$PATH:$JENA_HOME/bin"
           curl -o rml_mappings/pandid.xml https://raw.githubusercontent.com/equinor/NOAKADEXPI/refs/heads/main/Blueprint/DISC_EXAMPLE-02/DISC_EXAMPLE-02-02.xml
           docker run -v .:/data rmlio/rmlmapper-java:7.2.0 -m rml_mappings/imf/* -o /data/imf.ttl -s Turtle
@@ -58,7 +58,7 @@ jobs:
 
       - name: Test graphics mappings
         run: |
-          export JENA_HOME=$(pwd)/apache-jena-5.5.0/
+          export JENA_HOME=$(pwd)/apache-jena-5.6.0/
           export PATH="$PATH:$JENA_HOME/bin"
           curl -o rml_mappings/pandid.xml https://raw.githubusercontent.com/equinor/NOAKADEXPI/refs/heads/main/Blueprint/DISC_EXAMPLE-02/DISC_EXAMPLE-02-02.xml
           docker run -v .:/data rmlio/rmlmapper-java:7.2.0 -m rml_mappings/graphics/* -o /data/graphics.ttl -s Turtle
@@ -73,7 +73,7 @@ jobs:
 
       - name: Test rdf examples
         run: |
-          export JENA_HOME=$(pwd)/apache-jena-5.5.0/
+          export JENA_HOME=$(pwd)/apache-jena-5.6.0/
           export PATH="$PATH:$JENA_HOME/bin"
           riot --validate examples/graphical.trig
           shacl v --shapes  shacl/graphic-dexpi.shacl.ttl --data examples/graphical.trig

README.md

@@ -8,4 +8,8 @@ A repository for SSI experiments with DEXPI.
 
 * For the mappings from Dexpi to IMF see the [RML mappings](rml/README.md)
 
-* For the backend setup of the triplestore, see the [RDFox scripts](rdfox/README.md)
+* For the backend setup of the triplestore, see the [RDFox scripts](rdfox/README.md)
+
+### Security
+The code in this repository is not deployed anywhere as this project is only used for demos run locally.
+Because of this some of the GHAS alerts are dismissed with reason `Risk is tolerable for this project`. Package upgrades is actively maintained. 

cli/chex/requirements.txt

@@ -1,5 +1,5 @@
 click==8.1.7
 prettytable==3.12.0
-setuptools==75.3.0
+setuptools==78.1.1
 lxml==5.1.0
 zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability

www/package-lock.json

@@ -12,6 +12,7 @@
   "dependencies": {
     "@equinor/eds-core-react": "^0.46.0",
     "@types/react-svg-pan-zoom": "^3.3.9",
+    "js-yaml": "^4.1.1",
     "react": "^19.1.0",
     "react-dom": "^19.1.0",
     "react-svg-pan-zoom": "^3.13.1",
@@ -31,10 +32,10 @@
     "eslint-plugin-react-refresh": "^0.4.20",
     "fast-xml-parser": "^5.2.5",
     "globals": "^16.1.0",
+    "prettier": "^3.5.3",
     "typescript": "^5.8.3",
     "typescript-eslint": "^8.39.0",
-    "prettier": "^3.5.3",
-    "vite": "^6.3.6",
+    "vite": "^6.4.1",
     "vite-plugin-svgr": "^4.3.0"
   }
 }