Security updates

[atxr]

This PR brings security updates about:

• Dependabot alerts on some dependencies used in the frontend
• Snyk scan on the production app, which found vulnerabilities on the nginx-alpine image

This changes haven't been tested yet in production mode.
Close #39 and should resolve Dependabot alerts

[ctmbl]

This currently doesn't work in production mode:

> sudo docker-compose --env-file .env.production up -d --build
...
 > [iscscfr-react-app 7/7] RUN npm run build:
#0 0.880
#0 0.880 > iscsc.fr-frontend@0.1.0 build
#0 0.880 > react-scripts build
#0 0.880
#0 0.889 sh: 1: react-scripts: not found
------
failed to solve: executor failed running [/bin/sh -c npm run build]: exit code: 127

[atxr]

Oh indeed let me fix this 🤔
EDIT: Fix 62b848b

Did you experience any issue with the SSL certificates? Or maybe you tested it on the server directly.

[amtoine]

and in the end, @atxr and @ctmbl, it's probably not the place to discuss a switch in workflows 👀

[amtoine]

that looks ok to me
you only changed two versions for the better 👌

[ctmbl]

@atxr

Oh indeed let me fix this thinking
EDIT: Fix 62b848b

As far as I can tell that worked, but I have 2 limitations:

• it seems I can't test SSL certificates on local see (that will answer your question)
• I get the same issue that forbade me to test production mode on V0.2.0: production and development mode #20, all I can tell is that I get the same behaviour, but I strongly advise you to test it yourself

And one request change:
please run npm install in frontend because package-lock.json isn't up to date, and that point makes me remember we have to deal with #31

[ctmbl]

@atxr @amtoine

and in the end, @atxr and @ctmbl, it's probably not the place to discuss a switch in workflows eyes

I totally agree so please continue there: #54

[ctmbl]

@atxr this PR is almost ready do you have some time to finish it?

[atxr]

@atxr this PR is almost ready do you have some time to finish it?

I can try yes, but how about the tests? Should I test directly on the server?

[ctmbl]

@atxr

Should I test directly on the server?

for SSL certificates it seems that we don't have much choice for now, we should however look for a better solution, maybe a subdomain to test automatically? we'll have to discuss that in another issue though
So overall my answer is yes I think, but maybe I could give you a hand? (with some supervision ofc)

please run npm install in frontend

but you should do this first 😉

Anyway, if you're lacking time right now nevermind it's not an emergency I think (even if it seems severe the blog is quite unknown right now)

[atxr]

The tests were successful and I ran npm i in the frontend!
Ready to merge 🚀

[ctmbl]

@atxr tks it's perfect!
Once @amtoine will approve we'll be able to merge it

[amtoine]

@atxr
in dc5600e, you simply run

cd frontend
npm install

and that caused changes in frontend/package-lock.json? 😋

[atxr]

@atxr in dc5600e, you simply run

cd frontend
npm install

and that caused changes in frontend/package-lock.json? 😋

Yes exactly, as @ctmbl requested

[amtoine]

Yes exactly, as @ctmbl requested

then it's perfect 👌