From 1ec341d359f6071d064d9be07b953035f381ba50 Mon Sep 17 00:00:00 2001 From: Yaroslav Drachenko Date: Thu, 24 Aug 2023 13:21:52 +0300 Subject: [PATCH] CR-19617 -- fux vulnerabilities (#834) --- .nvmrc | 2 +- Dockerfile | 2 +- Dockerfile-debian | 2 +- Dockerfile-debian-rootless | 2 +- Dockerfile-rootless | 2 +- package.json | 8 ++-- yarn.lock | 79 ++++++++++---------------------------- 7 files changed, 29 insertions(+), 68 deletions(-) diff --git a/.nvmrc b/.nvmrc index e44a38e08..860cc5000 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -v18.12.1 +v18.17.1 diff --git a/Dockerfile b/Dockerfile index dc23238d4..1ecd54e42 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,7 @@ RUN pip install yq==${YQ_VERSION} RUN pyinstaller --noconfirm --onefile --log-level DEBUG --clean --distpath /tmp/ $(which yq) # Main -FROM node:18.16.0-alpine3.17 +FROM node:18.17.1-alpine3.17 RUN apk --update add --no-cache ca-certificates git curl bash jq diff --git a/Dockerfile-debian b/Dockerfile-debian index 9c9771279..e9d92aa8a 100644 --- a/Dockerfile-debian +++ b/Dockerfile-debian @@ -11,7 +11,7 @@ RUN pip install yq==${YQ_VERSION} RUN pyinstaller --noconfirm --onefile --log-level DEBUG --clean --distpath /tmp/ $(which yq) # Main -FROM node:18.16.0-bullseye-slim +FROM node:18.17.1-bullseye-slim RUN apt update RUN apt -y install ca-certificates git curl bash jq busybox && ln -s /bin/busybox /usr/bin/[[ diff --git a/Dockerfile-debian-rootless b/Dockerfile-debian-rootless index a272b9cb7..5bf56ec33 100644 --- a/Dockerfile-debian-rootless +++ b/Dockerfile-debian-rootless @@ -11,7 +11,7 @@ RUN pip install yq==${YQ_VERSION} RUN pyinstaller --noconfirm --onefile --log-level DEBUG --clean --distpath /tmp/ $(which yq) # Main -FROM node:18.16.0-bullseye-slim +FROM node:18.17.1-bullseye-slim RUN apt update RUN apt -y install ca-certificates git curl bash jq busybox && ln -s /bin/busybox /usr/bin/[[ diff --git a/Dockerfile-rootless b/Dockerfile-rootless index 0d1ff78ff..84ca932f3 100644 --- a/Dockerfile-rootless +++ b/Dockerfile-rootless @@ -11,7 +11,7 @@ RUN pip install yq==${YQ_VERSION} RUN pyinstaller --noconfirm --onefile --log-level DEBUG --clean --distpath /tmp/ $(which yq) # Main -FROM node:18.16.0-alpine3.17 +FROM node:18.17.1-alpine3.17 RUN apk --update add --no-cache ca-certificates git curl bash jq diff --git a/package.json b/package.json index b8024d294..dca918731 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codefresh", - "version": "0.84.8", + "version": "0.84.9", "description": "Codefresh command line utility", "main": "index.js", "preferGlobal": true, @@ -52,7 +52,7 @@ "cf-errors": "^0.1.16", "chalk": "^4.1.0", "cli-progress": "3.10.0", - "codefresh-sdk": "^1.11.3", + "codefresh-sdk": "^1.12.0", "colors": "1.4.0", "columnify": "^1.6.0", "compare-versions": "^3.4.0", @@ -82,7 +82,7 @@ "request-promise": "^4.2.2", "requestretry": "^7.0.2", "rimraf": "^2.6.2", - "semver": "^7.3.2", + "semver": "^7.5.4", "tar-stream": "^2.2.0", "uuid": "^3.1.0", "yaml": "^1.10.0", @@ -115,4 +115,4 @@ "./test-setup.js" ] } -} \ No newline at end of file +} diff --git a/yarn.lock b/yarn.lock index b5f0ced67..327a5ac1e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1177,10 +1177,10 @@ code-point-at@^1.0.0: resolved "https://registry.yarnpkg.com/code-point-at/-/code-point-at-1.1.0.tgz#0d070b4d043a5bea33a2f1a40e2edb3d9a4ccf77" integrity sha1-DQcLTQQ6W+ozovGkDi7bPZpMz3c= -codefresh-sdk@^1.11.3: - version "1.11.3" - resolved "https://registry.yarnpkg.com/codefresh-sdk/-/codefresh-sdk-1.11.3.tgz#3a72f2738a6e69acc07f2ab9bb3c7da9a50eb563" - integrity sha512-tm91ex7ZZ3QeCghxchWKmuqHIZvcB84WL8wrX0W8i5AypfwNMgszo+TiCYYzUqvw0YbXBs5BtH1+WNdMv7ioTw== +codefresh-sdk@^1.12.0: + version "1.12.0" + resolved "https://registry.yarnpkg.com/codefresh-sdk/-/codefresh-sdk-1.12.0.tgz#8a162e617518c8aa690d7ca838788f0991fc95c9" + integrity sha512-FKeWc3sDeQ1u9eHbsT6W5MmMUCsPPtrzRQJYkF1Rg96mtnPPS3e9Hk46K65hoj04P5w4/Dh/rRXOQty9lb062g== dependencies: "@codefresh-io/cf-receiver" "0.0.1-alpha19" bluebird "^3.7.2" @@ -1190,10 +1190,10 @@ codefresh-sdk@^1.11.3: firebase "git+https://github.com/codefresh-io/firebase.git#80b2ed883ff281cd67b53bd0f6a0bbd6f330fed5" fs-extra "^7.0.1" js-yaml "^3.13.1" - jsonwebtoken "^8.4.0" + jsonwebtoken "^9.0.1" lodash "^4.17.21" moment "^2.29.4" - recursive-readdir "^2.2.2" + recursive-readdir "^2.2.3" request "2.88.2" request-promise "4.2.6" requestretry "^7.0.2" @@ -3842,21 +3842,15 @@ jsonpath-plus@^0.19.0: resolved "https://registry.yarnpkg.com/jsonpath-plus/-/jsonpath-plus-0.19.0.tgz#b901e57607055933dc9a8bef0cc25160ee9dd64c" integrity sha512-GSVwsrzW9LsA5lzsqe4CkuZ9wp+kxBb2GwNniaWzI2YFn5Ig42rSW8ZxVpWXaAfakXNrx5pgY5AbQq7kzX29kg== -jsonwebtoken@^8.4.0: - version "8.5.1" - resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz#00e71e0b8df54c2121a1f26137df2280673bcc0d" - integrity sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w== +jsonwebtoken@^9.0.1: + version "9.0.1" + resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-9.0.1.tgz#81d8c901c112c24e497a55daf6b2be1225b40145" + integrity sha512-K8wx7eJ5TPvEjuiVSkv167EVboBDv9PZdDoF7BgeQnBLVvZWW9clr2PsQHVJDTKaEIH5JBIwHujGcHp7GgI2eg== dependencies: jws "^3.2.2" - lodash.includes "^4.3.0" - lodash.isboolean "^3.0.3" - lodash.isinteger "^4.0.4" - lodash.isnumber "^3.0.3" - lodash.isplainobject "^4.0.6" - lodash.isstring "^4.0.1" - lodash.once "^4.0.0" + lodash "^4.17.21" ms "^2.1.1" - semver "^5.6.0" + semver "^7.3.8" jsprim@^1.2.2: version "1.4.1" @@ -4006,46 +4000,11 @@ locate-path@^5.0.0: dependencies: p-locate "^4.1.0" -lodash.includes@^4.3.0: - version "4.3.0" - resolved "https://registry.yarnpkg.com/lodash.includes/-/lodash.includes-4.3.0.tgz#60bb98a87cb923c68ca1e51325483314849f553f" - integrity sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w== - -lodash.isboolean@^3.0.3: - version "3.0.3" - resolved "https://registry.yarnpkg.com/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz#6c2e171db2a257cd96802fd43b01b20d5f5870f6" - integrity sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg== - -lodash.isinteger@^4.0.4: - version "4.0.4" - resolved "https://registry.yarnpkg.com/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz#619c0af3d03f8b04c31f5882840b77b11cd68343" - integrity sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA== - -lodash.isnumber@^3.0.3: - version "3.0.3" - resolved "https://registry.yarnpkg.com/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz#3ce76810c5928d03352301ac287317f11c0b1ffc" - integrity sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw== - -lodash.isplainobject@^4.0.6: - version "4.0.6" - resolved "https://registry.yarnpkg.com/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz#7c526a52d89b45c45cc690b88163be0497f550cb" - integrity sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA== - -lodash.isstring@^4.0.1: - version "4.0.1" - resolved "https://registry.yarnpkg.com/lodash.isstring/-/lodash.isstring-4.0.1.tgz#d527dfb5456eca7cc9bb95d5daeaf88ba54a5451" - integrity sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw== - lodash.merge@^4.6.2: version "4.6.2" resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a" integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ== -lodash.once@^4.0.0: - version "4.1.1" - resolved "https://registry.yarnpkg.com/lodash.once/-/lodash.once-4.1.1.tgz#0dd3971213c7c56df880977d504c88fb471a97ac" - integrity sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg== - lodash.sortby@^4.7.0: version "4.7.0" resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438" @@ -5155,7 +5114,7 @@ rechoir@^0.6.2: dependencies: resolve "^1.1.6" -recursive-readdir@^2.2.2, recursive-readdir@^2.2.3: +recursive-readdir@^2.2.3: version "2.2.3" resolved "https://registry.yarnpkg.com/recursive-readdir/-/recursive-readdir-2.2.3.tgz#e726f328c0d69153bcabd5c322d3195252379372" integrity sha512-8HrF5ZsXk5FAH9dgsx3BlUer73nIhuj+9OrQwEbLTPOBzGkL1lsFCR01am+v+0m2Cmbs1nP12hLDl5FA7EszKA== @@ -5486,7 +5445,7 @@ seek-bzip@^1.0.5: dependencies: commander "~2.8.1" -"semver@2 || 3 || 4 || 5", semver@^5.3.0, semver@^5.4.1, semver@^5.5.0, semver@^5.6.0: +"semver@2 || 3 || 4 || 5", semver@^5.3.0, semver@^5.4.1, semver@^5.5.0: version "5.7.1" resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7" integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ== @@ -5503,10 +5462,12 @@ semver@^7.2.1, semver@^7.3.5: dependencies: lru-cache "^6.0.0" -semver@^7.3.2: - version "7.3.2" - resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.2.tgz#604962b052b81ed0786aae84389ffba70ffd3938" - integrity sha512-OrOb32TeeambH6UrhtShmF7CRDqhL6/5XpPNp2DuRH6+9QLw/orhp72j87v8Qa1ScDkvrrBNpZcDejAirJmfXQ== +semver@^7.3.8, semver@^7.5.4: + version "7.5.4" + resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e" + integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== + dependencies: + lru-cache "^6.0.0" set-blocking@^2.0.0, set-blocking@~2.0.0: version "2.0.0"