From d045223371aab1b84999fe06c3ec9be773c082c4 Mon Sep 17 00:00:00 2001 From: Mihael Pranjic Date: Tue, 11 May 2021 12:23:46 +0200 Subject: [PATCH 1/6] website: npm audit --- src/tools/website/package-lock.json | 141 ++++------------------------ 1 file changed, 19 insertions(+), 122 deletions(-) diff --git a/src/tools/website/package-lock.json b/src/tools/website/package-lock.json index d20387c2d62..6bca5db5cb9 100644 --- a/src/tools/website/package-lock.json +++ b/src/tools/website/package-lock.json @@ -10,36 +10,6 @@ "integrity": "sha1-k/LT1+qcmKs2UGTgZTNL5cpy8x4=", "dev": true }, - "@types/concat-stream": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/@types/concat-stream/-/concat-stream-1.6.0.tgz", - "integrity": "sha1-OU2+C7X+5Gs42JZzXoto7yOQ0A0=", - "dev": true, - "requires": { - "@types/node": "*" - } - }, - "@types/form-data": { - "version": "0.0.33", - "resolved": "https://registry.npmjs.org/@types/form-data/-/form-data-0.0.33.tgz", - "integrity": "sha1-yayFsqX9GENbjIXZ7LUObWyJP/g=", - "dev": true, - "requires": { - "@types/node": "*" - } - }, - "@types/node": { - "version": "10.17.56", - "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.56.tgz", - "integrity": "sha512-LuAa6t1t0Bfw4CuSR0UITsm1hP17YL+u82kfHGrHUWdhlBtH7sa7jGY5z7glGaIj/WDYDkRtgGd+KCjCzxBW1w==", - "dev": true - }, - "@types/qs": { - "version": "6.9.6", - "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.6.tgz", - "integrity": "sha512-0/HnwIfW4ki2D8L8c9GVcG5I72s9jP5GSLVF0VIXDW00kmIpA6O33G7a8n59Tmh7Nz0WUC3rSb7PTY/sdW2JzA==", - "dev": true - }, "@uirouter/angularjs": { "version": "0.4.3", "resolved": "https://registry.npmjs.org/@uirouter/angularjs/-/angularjs-0.4.3.tgz", @@ -179,7 +149,7 @@ "integrity": "sha1-Ax+BAV2tX7Aa341IkixS/rNYjeU=", "dev": true, "requires": { - "marked": "^2.0.3" + "marked": "^0.3.3" } }, "angular-messages": { @@ -323,12 +293,6 @@ "integrity": "sha1-qJS3XUvE9s1nnvMkSp/Y9Gri1Cg=", "dev": true }, - "asap": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz", - "integrity": "sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY=", - "dev": true - }, "asn1": { "version": "0.2.4", "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz", @@ -2316,6 +2280,12 @@ "requires": { "lodash": "^4.17.14" } + }, + "lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "dev": true } } }, @@ -2401,7 +2371,6 @@ "connect-livereload": "^0.6.1", "morgan": "^1.10.0", "node-http2": "^4.0.1", - "open": "^6.0.0", "portscanner": "^2.2.0", "serve-index": "^1.9.1", "serve-static": "^1.14.1" @@ -2651,6 +2620,12 @@ "requires": { "lodash": "^4.17.14" } + }, + "lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "dev": true } } }, @@ -2922,18 +2897,6 @@ } } }, - "http-basic": { - "version": "8.1.3", - "resolved": "https://registry.npmjs.org/http-basic/-/http-basic-8.1.3.tgz", - "integrity": "sha512-/EcDMwJZh3mABI2NhGfHOGOeOZITqfkEO4p/xK+l3NpyncIHUQBoMvCSF/b5GqvKtySC2srL/GGG3+EtlqlmCw==", - "dev": true, - "requires": { - "caseless": "^0.12.0", - "concat-stream": "^1.6.2", - "http-response-object": "^3.0.1", - "parse-cache-control": "^1.0.1" - } - }, "http-errors": { "version": "1.6.3", "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz", @@ -2966,15 +2929,6 @@ "integrity": "sha512-t7hjvef/5HEK7RWTdUzVUhl8zkEu+LlaE0IYzdMuvbSDipxBRpOn4Uhw8ZyECEa808iVT8XCjzo6xmYt4CiLZg==", "dev": true }, - "http-response-object": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/http-response-object/-/http-response-object-3.0.2.tgz", - "integrity": "sha512-bqX0XTF6fnXSQcEJ2Iuyr75yVakyjIDCqroJQ/aHfSdlM743Cwqoi2nDYMzLGWUcuTWGWy8AAvOKXTfiv6q9RA==", - "dev": true, - "requires": { - "@types/node": "^10.0.3" - } - }, "http-signature": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz", @@ -3361,12 +3315,6 @@ "integrity": "sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==", "dev": true }, - "is-wsl": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-1.1.0.tgz", - "integrity": "sha1-HxbkqiKwTRM2tmGIpmrzxgDDpm0=", - "dev": true - }, "isarray": { "version": "2.0.5", "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", @@ -3718,9 +3666,9 @@ "dev": true }, "lodash": { - "version": "4.17.20", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz", - "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==", + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", "dev": true }, "lodash.isfinite": { @@ -4287,15 +4235,6 @@ "wrappy": "1" } }, - "open": { - "version": "6.4.0", - "resolved": "https://registry.npmjs.org/open/-/open-6.4.0.tgz", - "integrity": "sha512-IFenVPgF70fSm1keSd2iDBIDIBZkroLeuffXq+wKTzTJlBpesFWojV9lb8mzOfaAzM1sr7HQHuO0vtV0zYekGg==", - "dev": true, - "requires": { - "is-wsl": "^1.1.0" - } - }, "os-browserify": { "version": "0.3.0", "resolved": "https://registry.npmjs.org/os-browserify/-/os-browserify-0.3.0.tgz", @@ -4367,12 +4306,6 @@ "safe-buffer": "^5.1.1" } }, - "parse-cache-control": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/parse-cache-control/-/parse-cache-control-1.0.1.tgz", - "integrity": "sha1-juqz5U+laSD+Fro493+iGqzC104=", - "dev": true - }, "parse-filepath": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/parse-filepath/-/parse-filepath-1.0.2.tgz", @@ -4541,15 +4474,6 @@ "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==", "dev": true }, - "promise": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/promise/-/promise-8.1.0.tgz", - "integrity": "sha512-W04AqnILOL/sPRXziNicCjSNRruLAuIHEOVBazepu0545DDNGYHz7ar9ZgZ1fMU8/MA4mVxp5rkBWRi6OXIy3Q==", - "dev": true, - "requires": { - "asap": "~2.0.6" - } - }, "prr": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/prr/-/prr-1.0.1.tgz", @@ -5441,33 +5365,6 @@ "integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=", "dev": true }, - "then-request": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/then-request/-/then-request-6.0.2.tgz", - "integrity": "sha512-3ZBiG7JvP3wbDzA9iNY5zJQcHL4jn/0BWtXIkagfz7QgOL/LqjCEOBQuJNZfu0XYnv5JhKh+cDxCPM4ILrqruA==", - "dev": true, - "requires": { - "@types/concat-stream": "^1.6.0", - "@types/form-data": "0.0.33", - "@types/node": "^8.0.0", - "@types/qs": "^6.2.31", - "caseless": "~0.12.0", - "concat-stream": "^1.6.0", - "form-data": "^2.2.0", - "http-basic": "^8.1.1", - "http-response-object": "^3.0.1", - "promise": "^8.0.0", - "qs": "^6.4.0" - }, - "dependencies": { - "@types/node": { - "version": "8.10.66", - "resolved": "https://registry.npmjs.org/@types/node/-/node-8.10.66.tgz", - "integrity": "sha512-tktOkFUA4kXx2hhhrB8bIFb5TbwzS4uOhKEmwiD+NoiL0qtP2OQ9mFldbgD4dV1djrlBYP6eBuQZiWjuHUpqFw==", - "dev": true - } - } - }, "through": { "version": "2.3.8", "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", @@ -5622,9 +5519,9 @@ "dev": true }, "uglify-js": { - "version": "3.13.4", - "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.13.4.tgz", - "integrity": "sha512-kv7fCkIXyQIilD5/yQy8O+uagsYIOt5cZvs890W40/e/rvjMSzJw81o9Bg0tkURxzZBROtDQhW2LFjOGoK3RZw==", + "version": "3.13.6", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.13.6.tgz", + "integrity": "sha512-rRprLwl8RVaS+Qvx3Wh5hPfPBn9++G6xkGlUupya0s5aDmNjI7z3lnRLB3u7sN4OmbB0pWgzhM9BEJyiWAwtAA==", "dev": true }, "ultron": { From 676772437077e1d9231c346577abc1815f1762f5 Mon Sep 17 00:00:00 2001 From: Mihael Pranjic Date: Tue, 11 May 2021 12:25:00 +0200 Subject: [PATCH 2/6] webd: npm audit --- src/tools/webd/package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/tools/webd/package-lock.json b/src/tools/webd/package-lock.json index 88139403d8f..898e03e59cf 100644 --- a/src/tools/webd/package-lock.json +++ b/src/tools/webd/package-lock.json @@ -3577,9 +3577,9 @@ } }, "hosted-git-info": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.6.0.tgz", - "integrity": "sha512-lIbgIIQA3lz5XaB6vxakj6sDHADJiZadYEJB+FgA+C4nubM1NwcuvUr9EJPmnH1skZqpqUzWborWo8EIUi0Sdw==", + "version": "2.8.9", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==", "dev": true }, "http-errors": { @@ -3975,9 +3975,9 @@ } }, "lodash": { - "version": "4.17.19", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz", - "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==", + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", "dev": true }, "longest": { From 93b2c78e57e5725681607608a521e59f6f536629 Mon Sep 17 00:00:00 2001 From: Mihael Pranjic Date: Tue, 11 May 2021 12:27:39 +0200 Subject: [PATCH 3/6] doc: add release notes --- doc/news/_preparation_next_release.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/news/_preparation_next_release.md b/doc/news/_preparation_next_release.md index 4ef58bfd6ec..d0da17b8aea 100644 --- a/doc/news/_preparation_next_release.md +++ b/doc/news/_preparation_next_release.md @@ -150,6 +150,7 @@ you up to date with the multi-language support provided by Elektra. - Update specmount error message _(@a-kraschitzer)_ - Update `elektraMemDup` to `void *` and update the documentation. _(Mihael Pranjić)_ - There have been a few bugfixes for elektrad. _(Klemens Böswirth)_ +- Update `lodash` and `hosted-git-info` dependencies of `webd` due to security update. _(Mihael Pranjić)_ - <> - <> @@ -247,6 +248,7 @@ plugins, bindings and tools are always up to date. Furthermore, we changed: - Catch errors when code highlighting fails. _(Mihael Pranjić)_ - Get rid of unused code: authentication, backend, users, snippets and conversion service. _(Mihael Pranjić)_ - Fix docsearch sourcemap error. _(Mihael Pranjić)_ +- Update `lodash` dependency due to security update. _(Mihael Pranjić)_ - <> - <> From 002f13a4bdb7231c0cbafaf4e993dfa8490c5629 Mon Sep 17 00:00:00 2001 From: Mihael Pranjic Date: Tue, 11 May 2021 12:34:20 +0200 Subject: [PATCH 4/6] web-base: fix Dockerfile --- scripts/docker/webui/base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/docker/webui/base/Dockerfile b/scripts/docker/webui/base/Dockerfile index fdb6c709e80..0b9eed91de5 100644 --- a/scripts/docker/webui/base/Dockerfile +++ b/scripts/docker/webui/base/Dockerfile @@ -31,7 +31,7 @@ WORKDIR /home/elektra/libelektra ADD . /home/elektra/libelektra/ # build & install libelektra -RUN mkdir /home/elektra/libelektra/build +RUN mkdir -p /home/elektra/libelektra/build WORKDIR /home/elektra/libelektra/build RUN cmake .. -DTOOLS="kdb;web" && make -j ${PARALLEL} && make install From 8d63450c701faf34245a856bf8b02a8e4de2f271 Mon Sep 17 00:00:00 2001 From: Mihael Pranjic Date: Tue, 11 May 2021 12:42:37 +0200 Subject: [PATCH 5/6] webui: fix webd start command --- scripts/docker/webui/web/Dockerfile | 2 +- scripts/docker/webui/webd/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/docker/webui/web/Dockerfile b/scripts/docker/webui/web/Dockerfile index de8daea9ab0..66ca88fa0a8 100644 --- a/scripts/docker/webui/web/Dockerfile +++ b/scripts/docker/webui/web/Dockerfile @@ -6,7 +6,7 @@ WORKDIR /home/elektra USER elektra # create start script -RUN printf "#!/bin/bash\nkdb run-elektrad &\nkdb run-web" > start +RUN printf "#!/bin/bash\nkdb run-elektrad &\nkdb run-webd" > start RUN chmod +x start # run elektrad and webd in one container diff --git a/scripts/docker/webui/webd/Dockerfile b/scripts/docker/webui/webd/Dockerfile index dca83f2eceb..de419ef3a89 100644 --- a/scripts/docker/webui/webd/Dockerfile +++ b/scripts/docker/webui/webd/Dockerfile @@ -7,4 +7,4 @@ USER elektra # run webd (serves client) EXPOSE 33334 -CMD ["kdb","run-web"] +CMD ["kdb","run-webd"] From 424c1da3f4a1e6c383e2e97f87adada37a3dc533 Mon Sep 17 00:00:00 2001 From: Mihael Pranjic Date: Tue, 11 May 2021 12:46:27 +0200 Subject: [PATCH 6/6] website: fix Dockerfile --- scripts/docker/website/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/docker/website/Dockerfile b/scripts/docker/website/Dockerfile index 2f674d25a2a..334f6363318 100644 --- a/scripts/docker/website/Dockerfile +++ b/scripts/docker/website/Dockerfile @@ -26,7 +26,7 @@ ARG PARALLEL=8 ENV C_FLAGS="-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-protector-strong -Wstack-protector -fPIE -pie" WORKDIR /app/kdb ADD . /app/kdb/ -RUN mkdir build \ +RUN mkdir -p build \ && cd build \ && cmake -DBUILD_FULL=OFF -DBUILD_SHARED=ON \ -DBUILD_STATIC=OFF -DBUILD_DOCUMENTATION=OFF \