From cb39d312d41d86b19e8a5f47959951e2c6ba0d8b Mon Sep 17 00:00:00 2001 From: Ludek Novy <13610612+ludeknovy@users.noreply.github.com> Date: Fri, 2 Aug 2024 08:37:59 +0200 Subject: [PATCH 1/4] fix: upgrade winston from 3.13.0 to 3.13.1 (#329) Snyk has created this PR to upgrade winston from 3.13.0 to 3.13.1. See this package in npm: winston See this project in Snyk: https://app.snyk.io/org/ludeknovy/project/6001874a-311f-46e3-8e8c-e69318c103b2?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot --- package-lock.json | 11 ++++++----- package.json | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index eb46fe1..d1f6db8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -31,7 +31,7 @@ "pg": "^8.12.0", "pg-promise": "^10.15.4", "uuid": "^9.0.1", - "winston": "^3.13.0", + "winston": "^3.13.1", "xlsx": "https://cdn.sheetjs.com/xlsx-0.20.1/xlsx-0.20.1.tgz" }, "devDependencies": { @@ -10846,15 +10846,16 @@ } }, "node_modules/winston": { - "version": "3.13.0", - "resolved": "https://registry.npmjs.org/winston/-/winston-3.13.0.tgz", - "integrity": "sha512-rwidmA1w3SE4j0E5MuIufFhyJPBDG7Nu71RkZor1p2+qHvJSZ9GYDA81AyleQcZbh/+V6HjeBdfnTZJm9rSeQQ==", + "version": "3.13.1", + "resolved": "https://registry.npmjs.org/winston/-/winston-3.13.1.tgz", + "integrity": "sha512-SvZit7VFNvXRzbqGHsv5KSmgbEYR5EiQfDAL9gxYkRqa934Hnk++zze0wANKtMHcy/gI4W/3xmSDwlhf865WGw==", + "license": "MIT", "dependencies": { "@colors/colors": "^1.6.0", "@dabh/diagnostics": "^2.0.2", "async": "^3.2.3", "is-stream": "^2.0.0", - "logform": "^2.4.0", + "logform": "^2.6.0", "one-time": "^1.0.0", "readable-stream": "^3.4.0", "safe-stable-stringify": "^2.3.1", diff --git a/package.json b/package.json index b4498d5..6cb9a34 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,7 @@ "pg": "^8.12.0", "pg-promise": "^10.15.4", "uuid": "^9.0.1", - "winston": "^3.13.0", + "winston": "^3.13.1", "xlsx": "https://cdn.sheetjs.com/xlsx-0.20.1/xlsx-0.20.1.tgz" }, "devDependencies": { From 14f64bf744bba59f6a724857818b2948e684fea2 Mon Sep 17 00:00:00 2001 From: Ludek Novy <13610612+ludeknovy@users.noreply.github.com> Date: Fri, 30 Aug 2024 18:23:16 +0200 Subject: [PATCH 2/4] Update workflow to use 'docker compose' command instead of 'docker-compose' (#333) --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 020fb6e..92f415a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -14,7 +14,7 @@ jobs: - name: Install modules run: npm install - name: Build the docker-compose stack - run: docker-compose -f docker-compose.testing.yaml up -d + run: docker compose -f docker-compose.testing.yaml up -d # - name: Run contract tests # run: npm run test:contract # env: From 7b22dc543a24c7e143ffd9eba7f72e56919a7871 Mon Sep 17 00:00:00 2001 From: Ludek Novy <13610612+ludeknovy@users.noreply.github.com> Date: Fri, 30 Aug 2024 19:17:01 +0200 Subject: [PATCH 3/4] [Snyk] Security upgrade node from 18.18-alpine3.17 to 20.8.0-alpine3.17 (#332) --- .github/workflows/tests.yml | 6 ------ Dockerfile | 4 ++-- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 92f415a..d4d4205 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -15,12 +15,6 @@ jobs: run: npm install - name: Build the docker-compose stack run: docker compose -f docker-compose.testing.yaml up -d - # - name: Run contract tests - # run: npm run test:contract - # env: - # ENVIRONMENT: CI - # JWT_TOKEN: 123 - # JWT_TOKEN_LOGIN: 456 - name: Run integration tests run: npm run test:integration env: diff --git a/Dockerfile b/Dockerfile index 3822f2e..06ae981 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:18.18-alpine3.17 as builder +FROM node:20.8.0-alpine3.17 as builder RUN apk --update add git build-base @@ -16,7 +16,7 @@ COPY /src ./src/ RUN npm run build -FROM node:18.18-alpine3.17 +FROM node:20.8.0-alpine3.17 ADD https://github.com/ufoscout/docker-compose-wait/releases/download/2.7.2/wait /wait RUN chmod +x /wait From 7e3f92b93f9e38de7fc22f27adce26a0c5f74af6 Mon Sep 17 00:00:00 2001 From: Ludek Novy <13610612+ludeknovy@users.noreply.github.com> Date: Fri, 30 Aug 2024 19:19:54 +0200 Subject: [PATCH 4/4] fix: upgrade bree from 9.2.3 to 9.2.4 (#331) --- package-lock.json | 9 +++++---- package.json | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index d1f6db8..7765d9d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,7 +14,7 @@ "bcrypt": "^5.1.1", "body-parser": "^1.20.1", "boom": "^7.2.0", - "bree": "^9.2.3", + "bree": "^9.2.4", "compression": "^1.7.4", "dotenv": "^16.4.5", "express": "^4.19.2", @@ -3588,9 +3588,10 @@ } }, "node_modules/bree": { - "version": "9.2.3", - "resolved": "https://registry.npmjs.org/bree/-/bree-9.2.3.tgz", - "integrity": "sha512-iCVyLVcqql8rFogVX5gzkofdo6OZu8mxe5dUSkAZyaR43UdNfP0DOj3jJk31yogy6lfnRMhGvO5Gj1ypLeInuA==", + "version": "9.2.4", + "resolved": "https://registry.npmjs.org/bree/-/bree-9.2.4.tgz", + "integrity": "sha512-3GDVYbRYxPIIKgqu00FlIDD//q/0XkMC+zq74sp/qRRQQUWdc39lsFkdHW2g2lTlhaxbqkHd97p8oRMm/YeSJw==", + "license": "MIT", "dependencies": { "@breejs/later": "^4.2.0", "boolean": "^3.2.0", diff --git a/package.json b/package.json index 6cb9a34..09a921d 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "bcrypt": "^5.1.1", "body-parser": "^1.20.1", "boom": "^7.2.0", - "bree": "^9.2.3", + "bree": "^9.2.4", "compression": "^1.7.4", "dotenv": "^16.4.5", "express": "^4.19.2",