-
Notifications
You must be signed in to change notification settings - Fork 36
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
## What This PR reapplies #866 that was previously reverted in #869. It contains upgrade for multiple dependencies to address critical- and high-level CVE. In addition to #866, it: * upgrades `npm` to address [CVE-2024-21538](https://scout.docker.com/vulnerabilities/id/CVE-2024-21538?s=github&n=cross-spawn&t=npm&vr=%3E%3D7.0.0%2C%3C7.0.5&utm_source=desktop&utm_medium=ExternalLink). * Sets `NODE_NO_WARNINGS=1` env in Dockerfile ([ref](https://nodejs.org/api/cli.html#node_no_warnings1)) in order to suppress Node.js deprecation warnings, that may interrupt end-user automations, that rely on exact CLi output. * Migrates from `pkg`, which is no longer maintained, to its fork `@yao-pkg/pkg`.
- Loading branch information
1 parent
7e49659
commit f0a514c
Showing
7 changed files
with
2,782 additions
and
2,529 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
v18.17.1 | ||
v22.11.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,44 +1,39 @@ | ||
# go hub binary | ||
FROM golang:alpine as go | ||
FROM golang:alpine AS go | ||
RUN apk --update add ca-certificates git | ||
RUN go install github.com/github/hub@latest | ||
|
||
# python yq binary | ||
FROM six8/pyinstaller-alpine:alpine-3.6-pyinstaller-v3.4 as yq | ||
FROM six8/pyinstaller-alpine:alpine-3.6-pyinstaller-v3.4 AS yq | ||
ARG YQ_VERSION=2.10.0 | ||
ENV PATH="/pyinstaller:$PATH" | ||
RUN pip install yq==${YQ_VERSION} | ||
RUN pyinstaller --noconfirm --onefile --log-level DEBUG --clean --distpath /tmp/ $(which yq) | ||
|
||
# kubectl binary | ||
FROM bitnami/kubectl:1.27.4 as kubectl | ||
FROM bitnami/kubectl:1.30.6 AS kubectl | ||
|
||
# Main | ||
FROM node:18.17.1-alpine3.18 | ||
|
||
FROM node:22.11.0-alpine3.20 | ||
RUN apk --update add --no-cache \ | ||
bash \ | ||
ca-certificates \ | ||
curl \ | ||
git \ | ||
jq | ||
|
||
RUN npm upgrade -g npm | ||
COPY --from=go /go/bin/hub /usr/local/bin/hub | ||
COPY --from=yq /tmp/yq /usr/local/bin/yq | ||
COPY --from=kubectl /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/ | ||
|
||
WORKDIR /cf-cli | ||
|
||
COPY package.json yarn.lock check-version.js run-check-version.js /cf-cli/ | ||
|
||
RUN yarn install --prod --frozen-lockfile && \ | ||
yarn cache clean | ||
|
||
COPY . /cf-cli | ||
|
||
RUN yarn generate-completion | ||
|
||
RUN ln -s $(pwd)/lib/interface/cli/codefresh /usr/local/bin/codefresh | ||
|
||
RUN codefresh components update --location components | ||
|
||
# Node.js warnings must be suppressed to ensure that automations relying on exact output are not disrupted | ||
ENV NODE_NO_WARNINGS=1 | ||
ENTRYPOINT ["codefresh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
{ | ||
"name": "codefresh", | ||
"version": "0.88.2", | ||
"version": "0.88.3", | ||
"description": "Codefresh command line utility", | ||
"main": "index.js", | ||
"preferGlobal": true, | ||
|
@@ -9,7 +9,7 @@ | |
"test": "jest .spec.js --coverage", | ||
"e2e": "bash e2e/e2e.spec.sh", | ||
"eslint": "eslint --fix lib/logic/**", | ||
"pkg": "pkg . -t node16-alpine-x64,node16-alpine-arm64,node16-macos-x64,node16-linux-x64,node16-win-x64,node16-linux-arm64 --out-path ./dist", | ||
"pkg": "npx pkg . -t node22-alpine-x64,node22-alpine-arm64,node22-macos-x64,node22-linux-x64,node22-win-x64,node22-linux-arm64 --out-path ./dist", | ||
"serve-docs": "yarn build-local-docs && cd temp && hugo server -D", | ||
"serve-docs-beta": "ALLOW_BETA_COMMANDS=true yarn build-local-docs && cd temp && hugo server -D", | ||
"build-local-docs": "node ./docs/index.js", | ||
|
@@ -32,17 +32,10 @@ | |
"assets": "lib/**/*.hbs" | ||
}, | ||
"resolutions": { | ||
"websocket-extensions": "^0.1.4", | ||
"lodash": "^4.17.21", | ||
"json-schema": "^0.4.0", | ||
"ajv": "^6.12.6", | ||
"normalize-url": "^4.5.1", | ||
"ansi-regex": "^5.0.1", | ||
"y18n": "^4.0.1", | ||
"shelljs": "^0.8.5", | ||
"codefresh-sdk/swagger-client/qs": "6.9.7", | ||
"kubernetes-client/qs": "6.9.7", | ||
"**/request/qs": "6.5.3" | ||
"kubernetes-client/@kubernetes/client-node": ">=0.22.2", | ||
"tough-cookie": "^4.1.3" | ||
}, | ||
"dependencies": { | ||
"@codefresh-io/docker-reference": "^0.0.5", | ||
|
@@ -64,7 +57,7 @@ | |
"figlet": "^1.4.0", | ||
"filesize": "^3.5.11", | ||
"firebase": "git+https://github.com/codefresh-io/firebase.git#80b2ed883ff281cd67b53bd0f6a0bbd6f330fed5", | ||
"flat": "^4.1.1", | ||
"flat": "^5.0.2", | ||
"inquirer": "^7.1.0", | ||
"js-yaml": "^3.10.0", | ||
"kefir": "^3.8.1", | ||
|
@@ -79,7 +72,7 @@ | |
"promise-retry": "^2.0.1", | ||
"recursive-readdir": "^2.2.3", | ||
"request": "^2.88.0", | ||
"request-promise": "^4.2.2", | ||
"request-promise": "^4.2.6", | ||
"requestretry": "^7.0.2", | ||
"rimraf": "^2.6.2", | ||
"semver": "^7.5.4", | ||
|
@@ -92,13 +85,13 @@ | |
}, | ||
"devDependencies": { | ||
"@types/node-forge": "^1.0.1", | ||
"@yao-pkg/pkg": "^6.1.1", | ||
"eslint": "^7.32.0", | ||
"eslint-config-airbnb-base": "^15.0.0", | ||
"eslint-plugin-import": "^2.25.4", | ||
"eslint-plugin-jest": "^27.6.3", | ||
"hugo-cli": "^0.5.4", | ||
"jest": "^29.7.0", | ||
"pkg": "5.5.2" | ||
"jest": "^29.7.0" | ||
}, | ||
"bugs": { | ||
"url": "https://github.com/codefresh-io/cli/issues" | ||
|
@@ -114,5 +107,6 @@ | |
"setupFiles": [ | ||
"./test-setup.js" | ||
] | ||
} | ||
}, | ||
"packageManager": "[email protected]+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" | ||
} |
Oops, something went wrong.