chore: patch dependency vulnerabilities and harden production image (#6055)
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
This commit is contained in:
Mir Arif Hasan
GitHub
parent
088ea9f4dc
commit
e4eee306a7
12 changed files with 492 additions and 628 deletions
|
|
@ -40,6 +40,7 @@
|
|||
"apiconnect-wsdl": "2.0.36",
|
||||
"body-parser": "2.2.1",
|
||||
"cross-spawn": "7.0.6",
|
||||
"effect@3.18.4": "3.20.0",
|
||||
"execa@<2.0.0": "2.0.0",
|
||||
"flatted@>=3.0.0 <3.4.2": "3.4.2",
|
||||
"form-data": "4.0.4",
|
||||
|
|
@ -57,7 +58,7 @@
|
|||
"serialize-javascript@>=7.0.0 <7.0.3": "7.0.3",
|
||||
"subscriptions-transport-ws>ws": "7.5.10",
|
||||
"svgo@4.0.0": "4.0.1",
|
||||
"vue": "3.5.30",
|
||||
"vue": "3.5.31",
|
||||
"ws": "8.17.1"
|
||||
},
|
||||
"onlyBuiltDependencies": [
|
||||
|
|
|
|||
|
|
@ -24,15 +24,15 @@
|
|||
"axios": "1.13.6",
|
||||
"fp-ts": "2.16.11",
|
||||
"lodash-es": "4.17.23",
|
||||
"vue": "3.5.30"
|
||||
"vue": "3.5.31"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@iconify-json/lucide": "1.2.98",
|
||||
"@iconify-json/lucide": "1.2.99",
|
||||
"@tauri-apps/cli": "2.9.3",
|
||||
"@types/lodash-es": "4.17.12",
|
||||
"@types/node": "24.10.1",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.1",
|
||||
"@typescript-eslint/parser": "8.57.1",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.2",
|
||||
"@typescript-eslint/parser": "8.57.2",
|
||||
"@vitejs/plugin-vue": "6.0.5",
|
||||
"@vue/eslint-config-typescript": "14.7.0",
|
||||
"autoprefixer": "10.4.27",
|
||||
|
|
|
|||
|
|
@ -97,8 +97,8 @@
|
|||
"@types/passport-jwt": "4.0.1",
|
||||
"@types/passport-microsoft": "2.1.1",
|
||||
"@types/supertest": "7.2.0",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.1",
|
||||
"@typescript-eslint/parser": "8.57.1",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.2",
|
||||
"@typescript-eslint/parser": "8.57.2",
|
||||
"cross-env": "10.1.0",
|
||||
"eslint": "10.0.3",
|
||||
"eslint-config-prettier": "10.1.8",
|
||||
|
|
|
|||
|
|
@ -70,6 +70,6 @@
|
|||
"semver": "7.7.4",
|
||||
"tsup": "8.5.1",
|
||||
"typescript": "5.9.3",
|
||||
"vitest": "4.1.0"
|
||||
"vitest": "4.1.2"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -111,14 +111,14 @@
|
|||
"util": "0.12.5",
|
||||
"uuid": "13.0.0",
|
||||
"verzod": "0.4.0",
|
||||
"vue": "3.5.30",
|
||||
"vue": "3.5.31",
|
||||
"vue-i18n": "11.3.0",
|
||||
"vue-json-pretty": "2.6.0",
|
||||
"vue-pdf-embed": "2.1.4",
|
||||
"vue-router": "4.6.4",
|
||||
"vue-tippy": "6.7.1",
|
||||
"vuedraggable-es": "4.1.1",
|
||||
"wonka": "6.3.5",
|
||||
"wonka": "6.3.6",
|
||||
"workbox-window": "7.4.0",
|
||||
"xml-formatter": "3.7.0",
|
||||
"yargs-parser": "22.0.0",
|
||||
|
|
@ -137,7 +137,7 @@
|
|||
"@graphql-codegen/typescript-urql-graphcache": "3.1.1",
|
||||
"@graphql-codegen/urql-introspection": "3.0.1",
|
||||
"@graphql-typed-document-node/core": "3.2.0",
|
||||
"@iconify-json/lucide": "1.2.98",
|
||||
"@iconify-json/lucide": "1.2.99",
|
||||
"@import-meta-env/cli": "0.7.4",
|
||||
"@intlify/unplugin-vue-i18n": "11.0.7",
|
||||
"@relmify/jest-fp-ts": "2.1.1",
|
||||
|
|
@ -151,12 +151,12 @@
|
|||
"@types/qs": "6.15.0",
|
||||
"@types/splitpanes": "2.2.6",
|
||||
"@types/yargs-parser": "21.0.3",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.1",
|
||||
"@typescript-eslint/parser": "8.57.1",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.2",
|
||||
"@typescript-eslint/parser": "8.57.2",
|
||||
"@vitejs/plugin-vue": "6.0.5",
|
||||
"@vue/compiler-sfc": "3.5.30",
|
||||
"@vue/compiler-sfc": "3.5.31",
|
||||
"@vue/eslint-config-typescript": "14.7.0",
|
||||
"@vue/runtime-core": "3.5.30",
|
||||
"@vue/runtime-core": "3.5.31",
|
||||
"autoprefixer": "10.4.27",
|
||||
"cross-env": "10.1.0",
|
||||
"dotenv": "17.3.1",
|
||||
|
|
@ -187,7 +187,7 @@
|
|||
"vite-plugin-pages-sitemap": "1.7.1",
|
||||
"vite-plugin-pwa": "1.2.0",
|
||||
"vite-plugin-vue-layouts": "0.11.0",
|
||||
"vitest": "4.1.0",
|
||||
"vitest": "4.1.2",
|
||||
"vue-tsc": "1.8.8"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@
|
|||
"@tauri-apps/plugin-updater": "2.9.0",
|
||||
"fp-ts": "2.16.11",
|
||||
"rxjs": "7.8.2",
|
||||
"vue": "3.5.30",
|
||||
"vue": "3.5.31",
|
||||
"vue-router": "4.6.4",
|
||||
"vue-tippy": "6.7.1",
|
||||
"zod": "3.25.32"
|
||||
|
|
@ -45,11 +45,11 @@
|
|||
"devDependencies": {
|
||||
"@eslint/eslintrc": "3.3.5",
|
||||
"@eslint/js": "9.39.2",
|
||||
"@iconify-json/lucide": "1.2.98",
|
||||
"@iconify-json/lucide": "1.2.99",
|
||||
"@rushstack/eslint-patch": "1.16.1",
|
||||
"@tauri-apps/cli": "2.9.3",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.1",
|
||||
"@typescript-eslint/parser": "8.57.1",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.2",
|
||||
"@typescript-eslint/parser": "8.57.2",
|
||||
"@vitejs/plugin-vue": "6.0.5",
|
||||
"@vue/eslint-config-typescript": "14.7.0",
|
||||
"autoprefixer": "10.4.27",
|
||||
|
|
|
|||
|
|
@ -67,8 +67,8 @@
|
|||
"@types/jest": "30.0.0",
|
||||
"@types/lodash": "4.17.24",
|
||||
"@types/node": "24.10.1",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.1",
|
||||
"@typescript-eslint/parser": "8.57.1",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.2",
|
||||
"@typescript-eslint/parser": "8.57.2",
|
||||
"eslint": "9.39.2",
|
||||
"eslint-config-prettier": "10.1.8",
|
||||
"eslint-plugin-prettier": "5.5.5",
|
||||
|
|
@ -77,7 +77,7 @@
|
|||
"prettier": "3.8.1",
|
||||
"typescript": "5.9.3",
|
||||
"vite": "7.3.1",
|
||||
"vitest": "4.1.0"
|
||||
"vitest": "4.1.2"
|
||||
},
|
||||
"peerDependencies": {
|
||||
"isolated-vm": "6.1.2"
|
||||
|
|
|
|||
|
|
@ -41,8 +41,8 @@
|
|||
"devDependencies": {
|
||||
"@eslint/js": "9.39.2",
|
||||
"@types/node": "24.9.1",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.1",
|
||||
"@typescript-eslint/parser": "8.57.1",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.2",
|
||||
"@typescript-eslint/parser": "8.57.2",
|
||||
"eslint": "9.39.2",
|
||||
"eslint-plugin-prettier": "5.5.5",
|
||||
"globals": "16.5.0",
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@
|
|||
"stream-browserify": "3.0.0",
|
||||
"util": "0.12.5",
|
||||
"verzod": "0.4.0",
|
||||
"vue": "3.5.30",
|
||||
"vue": "3.5.31",
|
||||
"workbox-window": "7.4.0",
|
||||
"zod": "3.25.32"
|
||||
},
|
||||
|
|
@ -61,11 +61,11 @@
|
|||
"@graphql-codegen/typescript-urql-graphcache": "3.1.1",
|
||||
"@graphql-codegen/urql-introspection": "3.0.1",
|
||||
"@graphql-typed-document-node/core": "3.2.0",
|
||||
"@iconify-json/lucide": "1.2.98",
|
||||
"@iconify-json/lucide": "1.2.99",
|
||||
"@intlify/unplugin-vue-i18n": "11.0.7",
|
||||
"@rushstack/eslint-patch": "1.16.1",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.1",
|
||||
"@typescript-eslint/parser": "8.57.1",
|
||||
"@typescript-eslint/eslint-plugin": "8.57.2",
|
||||
"@typescript-eslint/parser": "8.57.2",
|
||||
"@vitejs/plugin-legacy": "7.2.1",
|
||||
"@vitejs/plugin-vue": "6.0.5",
|
||||
"@vue/eslint-config-typescript": "14.7.0",
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@
|
|||
"ts-node-dev": "2.0.0",
|
||||
"unplugin-icons": "22.5.0",
|
||||
"unplugin-vue-components": "30.0.0",
|
||||
"vue": "3.5.30",
|
||||
"vue": "3.5.31",
|
||||
"vue-i18n": "11.3.0",
|
||||
"vue-router": "4.6.4",
|
||||
"vue-tippy": "6.7.1"
|
||||
|
|
@ -53,12 +53,12 @@
|
|||
"@graphql-codegen/typescript-document-nodes": "5.0.9",
|
||||
"@graphql-codegen/typescript-operations": "5.0.9",
|
||||
"@graphql-codegen/urql-introspection": "3.0.1",
|
||||
"@iconify-json/lucide": "1.2.98",
|
||||
"@iconify-json/lucide": "1.2.99",
|
||||
"@import-meta-env/cli": "0.7.4",
|
||||
"@import-meta-env/unplugin": "0.6.3",
|
||||
"@types/lodash-es": "4.17.12",
|
||||
"@vitejs/plugin-vue": "6.0.5",
|
||||
"@vue/compiler-sfc": "3.5.30",
|
||||
"@vue/compiler-sfc": "3.5.31",
|
||||
"autoprefixer": "10.4.27",
|
||||
"dotenv": "17.3.1",
|
||||
"graphql-tag": "2.12.6",
|
||||
|
|
|
|||
1041
pnpm-lock.yaml
1041
pnpm-lock.yaml
File diff suppressed because it is too large
Load diff
|
|
@ -68,7 +68,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -o webapp-server .
|
|||
FROM alpine:3.23.3 AS node_base
|
||||
# Install dependencies
|
||||
RUN apk upgrade --no-cache && \
|
||||
apk add --no-cache nodejs curl bash tini ca-certificates git openssh-client
|
||||
apk add --no-cache nodejs curl bash tini ca-certificates
|
||||
# Set working directory for NPM installation
|
||||
RUN mkdir -p /tmp/npm-install
|
||||
WORKDIR /tmp/npm-install
|
||||
|
|
@ -104,11 +104,21 @@ RUN mkdir -p /tmp/serialize-fix && \
|
|||
cp -r node_modules/serialize-javascript /usr/lib/node_modules/@import-meta-env/cli/node_modules/ && \
|
||||
rm -rf /tmp/serialize-fix
|
||||
|
||||
# Fix CVE: upgrade picomatch in npm and pnpm (ships 4.0.3, fix requires >=4.0.4)
|
||||
RUN mkdir -p /tmp/picomatch-fix && \
|
||||
cd /tmp/picomatch-fix && \
|
||||
npm install picomatch@4.0.4 && \
|
||||
rm -rf /usr/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch && \
|
||||
cp -r node_modules/picomatch /usr/lib/node_modules/npm/node_modules/tinyglobby/node_modules/ && \
|
||||
rm -rf /usr/lib/node_modules/pnpm/dist/node_modules/picomatch && \
|
||||
cp -r node_modules/picomatch /usr/lib/node_modules/pnpm/dist/node_modules/ && \
|
||||
rm -rf /tmp/picomatch-fix
|
||||
|
||||
|
||||
|
||||
FROM node_base AS base_builder
|
||||
# Required by @hoppscotch/js-sandbox to build `isolated-vm`
|
||||
RUN apk add --no-cache python3 make g++ zlib-dev brotli-dev c-ares-dev nghttp2-dev openssl-dev icu-dev ada-dev simdjson-dev simdutf-dev sqlite-dev zstd-dev
|
||||
RUN apk add --no-cache python3 make g++ git openssh-client zlib-dev brotli-dev c-ares-dev nghttp2-dev openssl-dev icu-dev ada-dev simdjson-dev simdutf-dev sqlite-dev zstd-dev
|
||||
|
||||
WORKDIR /usr/src/app
|
||||
ENV HOPP_ALLOW_RUNTIME_ENV=true
|
||||
|
|
|
|||
Loading…
Reference in a new issue