Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed various docker vulnerabilities #66

Merged
merged 5 commits into from
Sep 10, 2021
Merged

Fixed various docker vulnerabilities #66

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b565eea
Fixed various docker vulnerabilities
applejag Sep 9, 2021
8f9d74c
Updated CHANGELOG.md
applejag Sep 9, 2021
d428e7f
Removed python2 & make dependencies
applejag Sep 9, 2021
8647854
Updated CHANGELOG.md
applejag Sep 9, 2021
499efc2
Apply suggestions from code review
applejag Sep 10, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
15 changes: 14 additions & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ This project tries to follow [SemVer 2.0.0](https://semver.org/).
- Added toast message support for IETF RFC-7807 formatted error responses.
These toasts provide better help for resolving issues, and include a link to
the error in question's documentation page. (#54)

- Added functionality for favoriting/unfavoriting a project in the project
details view. (#58)

Expand All @@ -27,6 +27,19 @@ This project tries to follow [SemVer 2.0.0](https://semver.org/).
- Changed tab title to be descriptive, changing based on what view you're in.
Previously it was just `wharf` no matter the view. (#59)

- Changed version of Docker base images, relying on "latest" patch version:

- `nginx` from 1.21.0 to 1.21. (#66)
- `node` from 14.17.1 to 14.17. (#66)

- Removed build dependencies `python` and `make` inside Dockerfile as they do
not seem relevant any more. (#66)

- Security fix by changing version of `libgcrypt` from v1.9.3 to v1.9.4 in
`nginx` Docker base image to resolve [CVE-2021-33560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33560),
as that package has not yet been updated in the remote `nginx` Docker image.
(#66)

## v1.3.3 (2021-07-13)

- Security fix by changing version of nginx base image in Dockerfile from
Expand Down
13 changes: 6 additions & 7 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,8 @@
FROM node:14.17.1-alpine3.11 AS build
FROM node:14.17-alpine3.14 AS build
applejag marked this conversation as resolved.
Show resolved Hide resolved

# Set working directory
WORKDIR /usr/src/app

# Install dependencies
RUN apk add --no-cache \
python=~2.7.18 \
make=~4.2.1

# node_modules to path
ENV PATH /usr/src/app/node_modules/.bin:$PATH
ENV HOME /tmp
Expand All @@ -27,7 +22,11 @@ RUN deploy/update-typescript-environments.sh src/environments/environment.prod.t
&& npm run build-clients \
&& npm run build-prod

FROM nginx:1.21.1-alpine
FROM nginx:1.21-alpine
applejag marked this conversation as resolved.
Show resolved Hide resolved

RUN apk add --upgrade --no-cache \
libgcrypt>=1.9.4 # Resolves CVE-2021-33560, as it's not yet upgraded in upstream image

COPY --from=build /usr/src/app/dist/wharf /usr/share/nginx/html
COPY ./deploy/nginx.conf /etc/nginx/conf.d/default.conf

Expand Down