Merge pull request #36938 from wolfi-dev/cve-mattermost-10.2-24822774…

…d1fcbfd4fb349645af912758 mattermost-10.2/10.2.1-r0: cve remediation
wolfi-dev · Dec 17, 2024 · a05b46d · a05b46d
2 parents 00612fc + 99d62f1
commit a05b46d
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/mattermost-10.2.yaml b/mattermost-10.2.yaml
@@ -1,7 +1,9 @@
 package:
   name: mattermost-10.2
+  # Note the npm version has been pinned to 10.8.3 to avoid the error:
+  # "npm error notsup Required: {"node":">=18.10.0","npm":"^9.0.0 || ^10.0.0"}"
   version: 10.2.1
-  epoch: 0
+  epoch: 1
   description: "Mattermost is an open source platform for secure collaboration across the entire software development lifecycle."
   copyright:
     - license: MIT
@@ -30,7 +32,7 @@ environment:
       - libpng-dev
       - libtool
       - nodejs-20
-      - npm
+      - npm=10.8.3 # Have to specify older version, or: "npm error notsup Required: {"node":">=18.10.0","npm":"^9.0.0 || ^10.0.0"}"
       - pkgconf-dev
       - posix-libc-utils
       - wolfi-base
@@ -52,6 +54,11 @@ pipeline:
 
   - working-directory: server
     pipeline:
+      - uses: go/bump
+        with:
+          deps: golang.org/x/[email protected]
+          modroot: .
+          tidy: false # https://github.com/mattermost/mattermost/issues/26221
       - runs: make modules-tidy
       - runs: |
           # Our global LDFLAGS conflict with a Makefile parameter: `flag provided but not defined: -Wl,--as-needed,-O1,--sort-common`