Skip to content

Commit dcf2d0e

Browse files
mprahlmprahl
committed
Address CVEs
This updates: - nanoid (JavaScript) (CVE-2024-55565) - path-to-regexp (JavaScript) (CVE-2024-52798) - golang.org/x/net (Go) (CVE-2024-45338) This also updates to Node.js 22. Many of the CVEs addressed are not in the delivered product, but it can help to avoid false positives from CVE scanners and avoid CVEs during development. Relates: https://issues.redhat.com/browse/RHOAIENG-17816 Signed-off-by: mprahl <[email protected]>
1 parent 937dd10 commit dcf2d0e

File tree

15 files changed

+8444
-6997
lines changed

15 files changed

+8444
-6997
lines changed

api/go.mod

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,11 @@ go 1.16
44

55
require (
66
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1
7-
google.golang.org/protobuf v1.30.0
7+
google.golang.org/protobuf v1.33.0
88
)
99

1010
replace (
1111
github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.14.18
12-
golang.org/x/net => golang.org/x/net v0.17.0
13-
golang.org/x/net v0.17.0 => golang.org/x/net v0.23.0
12+
golang.org/x/net => golang.org/x/net v0.33.0
1413
google.golang.org/grpc => google.golang.org/grpc v1.56.3
1514
)

api/go.sum

Lines changed: 22 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

frontend/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM node:18.18.2 as build
1+
FROM node:22.13 as build
22

33
ARG COMMIT_HASH
44
ENV COMMIT_HASH=${COMMIT_HASH}
@@ -25,7 +25,7 @@ RUN mkdir -p ./server/dist && \
2525
# concatenate them to one file under ./src/server
2626
RUN ./scripts/yarn-licenses.sh
2727

28-
FROM node:18.18.2-alpine3.17
28+
FROM node:22.13-alpine
2929

3030
COPY --from=build ./src/frontend/server /server
3131
COPY --from=build ./src/frontend/build /client

frontend/package-lock.json

Lines changed: 23 additions & 15 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

frontend/package.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,12 @@
153153
"resolutions": {
154154
"workbox-webpack-plugin": "6.6.0"
155155
},
156+
"overrides": {
157+
"nanoid": "3.3.8",
158+
"express": {
159+
"path-to-regexp": "0.1.12"
160+
}
161+
},
156162
"homepage": "./",
157163
"jest": {
158164
"collectCoverageFrom": [

0 commit comments

Comments
 (0)