Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): upgrade node, alpine and chromium #363

Merged
merged 9 commits into from
Sep 24, 2020
Merged

fix(deps): upgrade node, alpine and chromium #363

merged 9 commits into from
Sep 24, 2020

Conversation

tshuli
Copy link
Contributor

@tshuli tshuli commented Sep 22, 2020
edited

Problem

Closes #10

Solution

  • Upgrade both node and alpine to address vulnerabilities
    • node:12.18.0-alpine3.11 -> node:12.18.4-alpine3.12
  • Upgrade chromium to v83 to correspond to alpine v3.12.0
  • Downgrade puppeteer-core to v3.1.0 to correspond to chromium v83 (it appears to have been erroneously bumped up to v5.2.1 previously)

@tshuli tshuli force-pushed the upgrade-docker-chromium branch 2 times, most recently from a281c46 to cc2a34e Compare September 23, 2020 02:32
@tshuli tshuli marked this pull request as ready for review September 23, 2020 06:24
@tshuli tshuli changed the title wip: fix(deps): upgrade node, alpine and chromium fix(deps): upgrade node, alpine and chromium Sep 23, 2020
This was referenced Sep 23, 2020
Closed
Closed
karrui
karrui requested changes Sep 24, 2020
View reviewed changes
package.json Outdated Show resolved Hide resolved
Dockerfile.production Outdated
RUN apk update && apk upgrade && \
apk --no-cache add --virtual native-deps \
g++ gcc libgcc libstdc++ linux-headers autoconf automake make nasm python git curl && \
g++ gcc libgcc libstdc++ linux-headers autoconf automake make nasm python2 git curl && \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is this python dependency used for anyways? I don't see any need for it in the prod dockerfile, since we don't use pip here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

node-gyp requires python dependency; there was a note in the troubleshooting guide that node-gyp only supports python 2 but that this is no longer the case; I've also updated the troubleshooting guide

Dockerfile.development Outdated
@@ -8,12 +8,15 @@ ENV NODE_ENV=development
RUN apk update && apk upgrade && \
# Build dependencies for node_modules
apk add --virtual native-deps \
g++ gcc libgcc libstdc++ linux-headers autoconf automake make nasm python git curl \
# Python version must be specified starting in alpine3.12
g++ gcc libgcc libstdc++ linux-headers autoconf automake make nasm python2 git curl \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will python3 not work? python2 has reached end of life

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as above, changed to python3

karrui
karrui approved these changes Sep 24, 2020
View reviewed changes
Copy link
Contributor

@karrui karrui left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@tshuli tshuli merged commit b884c6f into develop Sep 24, 2020
This was referenced Sep 29, 2020
Merged
Merged
@karrui karrui deleted the upgrade-docker-chromium branch November 18, 2020 07:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@karrui karrui karrui approved these changes

@mantariksh mantariksh Awaiting requested review from mantariksh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tshuli @karrui