1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-11-01 19:07:38 +01:00
Commit Graph

23 Commits

Author SHA1 Message Date
renovate[bot]
e96f0c22af
chore(deps): update node.js to v18.19.1 (#6287)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [node](https://togithub.com/nodejs/node) | final | patch |
`18.19.0-alpine` -> `18.19.1-alpine` |
| [node](https://togithub.com/nodejs/node) | stage | patch |
`18.19.0-alpine` -> `18.19.1-alpine` |

---

### Release Notes

<details>
<summary>nodejs/node (node)</summary>

###
[`v18.19.1`](https://togithub.com/nodejs/node/releases/tag/v18.19.1):
2024-02-14, Version 18.19.1 &#x27;Hydrogen&#x27; (LTS),
@&#8203;RafaelGSS prepared by @&#8203;marco-ippolito

[Compare
Source](https://togithub.com/nodejs/node/compare/v18.19.0...v18.19.1)

##### Notable changes

This is a security release.

##### Notable changes

- CVE-2024-21892 - Code injection and privilege escalation through Linux
capabilities- (High)
- CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded
chunk extension allows DoS attacks- (High)
- CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing
variant of the Bleichenbacher attack against
[PKCS#1](https://togithub.com/PKCS/node/issues/1) v1.5 padding) -
(Medium)
- CVE-2024-22025 - Denial of Service by resource exhaustion in fetch()
brotli decoding - (Medium)
-   undici version 5.28.3
-   npm version 10.2.4

##### Commits

- \[[`69e0a1dba8`](https://togithub.com/nodejs/node/commit/69e0a1dba8)]
- **crypto**: update root certificates to NSS 3.95 (Node.js GitHub Bot)
[#&#8203;50805](https://togithub.com/nodejs/node/pull/50805)
- \[[`d3d357ab09`](https://togithub.com/nodejs/node/commit/d3d357ab09)]
- **crypto**: disable [PKCS#1](https://togithub.com/PKCS/node/issues/1)
padding for privateDecrypt (Michael Dawson)
[nodejs-private/node-private#525](https://togithub.com/nodejs-private/node-private/pull/525)
- \[[`3d27175c42`](https://togithub.com/nodejs/node/commit/3d27175c42)]
- **deps**: fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno)
[#&#8203;51614](https://togithub.com/nodejs/node/pull/51614)
- \[[`331558b8ab`](https://togithub.com/nodejs/node/commit/331558b8ab)]
- **deps**: update archs files for openssl-3.0.13+quic1 (Node.js GitHub
Bot) [#&#8203;51614](https://togithub.com/nodejs/node/pull/51614)
- \[[`99b77dfb9c`](https://togithub.com/nodejs/node/commit/99b77dfb9c)]
- **deps**: upgrade openssl sources to quictls/openssl-3.0.13+quic1
(Node.js GitHub Bot)
[#&#8203;51614](https://togithub.com/nodejs/node/pull/51614)
- \[[`6cdc71bff1`](https://togithub.com/nodejs/node/commit/6cdc71bff1)]
- **deps**: upgrade npm to 10.2.4 (npm team)
[#&#8203;50751](https://togithub.com/nodejs/node/pull/50751)
- \[[`911cb33cda`](https://togithub.com/nodejs/node/commit/911cb33cda)]
- **http**: add maximum chunk extension size (Paolo Insogna)
[nodejs-private/node-private#520](https://togithub.com/nodejs-private/node-private/pull/520)
- \[[`f48b89689d`](https://togithub.com/nodejs/node/commit/f48b89689d)]
- **lib**: update undici to v5.28.3 (Matteo Collina)
[nodejs-private/node-private#536](https://togithub.com/nodejs-private/node-private/pull/536)
- \[[`e6b4c105e0`](https://togithub.com/nodejs/node/commit/e6b4c105e0)]
- **src**: fix HasOnly(capability) in node::credentials (Tobias Nießen)
[nodejs-private/node-private#505](https://togithub.com/nodejs-private/node-private/pull/505)
- \[[`97c49076cd`](https://togithub.com/nodejs/node/commit/97c49076cd)]
- **test**: skip test-child-process-stdio-reuse-readable-stdio on
Windows (Joyee Cheung)
[#&#8203;49621](https://togithub.com/nodejs/node/pull/49621)
- \[[`60affdde8e`](https://togithub.com/nodejs/node/commit/60affdde8e)]
- **tools**: add macOS notarization verification step (Ulises Gascón)
[#&#8203;50833](https://togithub.com/nodejs/node/pull/50833)
- \[[`ccc676a327`](https://togithub.com/nodejs/node/commit/ccc676a327)]
- **tools**: use macOS keychain to notarize the releases (Ulises Gascón)
[#&#8203;50715](https://togithub.com/nodejs/node/pull/50715)
- \[[`31f1ceb380`](https://togithub.com/nodejs/node/commit/31f1ceb380)]
- **tools**: remove unused file (Ulises Gascon)
[#&#8203;50622](https://togithub.com/nodejs/node/pull/50622)
- \[[`bd5f6fb92a`](https://togithub.com/nodejs/node/commit/bd5f6fb92a)]
- **tools**: add macOS notarization stapler (Ulises Gascón)
[#&#8203;50625](https://togithub.com/nodejs/node/pull/50625)
- \[[`4168c4f71b`](https://togithub.com/nodejs/node/commit/4168c4f71b)]
- **tools**: improve macOS notarization process output readability
(Ulises Gascón)
[#&#8203;50389](https://togithub.com/nodejs/node/pull/50389)
- \[[`4622f775aa`](https://togithub.com/nodejs/node/commit/4622f775aa)]
- **tools**: remove unused `version` function (Ulises Gascón)
[#&#8203;50390](https://togithub.com/nodejs/node/pull/50390)
- \[[`b90804b1e7`](https://togithub.com/nodejs/node/commit/b90804b1e7)]
- **win,tools**: upgrade Windows signing to smctl (Stefan Stojanovic)
[#&#8203;50956](https://togithub.com/nodejs/node/pull/50956)
- \[[`f31d47e135`](https://togithub.com/nodejs/node/commit/f31d47e135)]
- **zlib**: pause stream if outgoing buffer is full (Matteo Collina)
[nodejs-private/node-private#542](https://togithub.com/nodejs-private/node-private/pull/542)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am
every weekday" in timezone Europe/Madrid, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMDAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIwMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-21 00:57:34 +00:00
Ivar Conradi Østhus
1043efd89f
fix: use node v18.19.0 (#5662) 2023-12-18 19:57:24 +01:00
Christopher Kolstad
d013867f0f
Chore/bump dependencies (#5146)
We're getting security advisories against the node version we're using.
This PR bumps everything to 18.18.2/18.x again. And we'll trust our
excellent monitoring on detecting performance regressions again
2023-10-26 09:09:03 +02:00
Gard Rimestad
7cb471a0a4
chore: pin node version 18.17.1 (#4834)
We are pinning node to version 18.17.1 as we have seen some performance
degregation on node 18.18.0 on arm64. We will investigate this further
at a later point. This is to mitigate the issue.

Our next step in pinpointing the issue will be to compare between
running on musl vs libc on arm64.
2023-09-26 10:41:13 +02:00
Gastón Fournier
a53d50148b
fix: DigitalOcean template (#4287)
## About the changes
Instead of building from source (we require Node 18 but [DigitalOcean
buildpack currently does not support
it](https://www.digitalocean.com/community/questions/app-platform-node-build-pack-can-t-use-node-version-18)),
we're going to use our Docker image from DockerHub:
https://hub.docker.com/r/unleashorg/unleash-server

Additionally, I realized that our Dockerfile only works in our CI (or
performing a pre-build step which consists of building the frontend).
With this PR I've also made a change to build the frontend if needed.
That way our CI will continue to be optimal while anyone trying to build
it from source will be able to do it by just running `docker build .`

Closes #4261
2023-07-20 12:13:44 +00:00
Gastón Fournier
4599e5cc06
chore: Optimize docker build oss (#3951)
## About the changes
Reduce the build time of OSS docker image from
[~30m](https://github.com/Unleash/unleash/actions/workflows/docker_publish.yaml)
to [under
15m](https://github.com/Unleash/unleash/actions/runs/5222180536/jobs/9427342758)

1. Build frontend outside docker multiplatform.
2. Allow `frontend/build` to be copied to the image by removing this
from `.dockerignore`
3. Run with `--ignore-scripts` to avoid building the frontend on the
`prepare` script, but this requires us to run all the prepare scripts
manually (except the frontend build).
 
**Note:** we need to build frontend in the `prepare` script to be able
to have source code dependencies

## Manual Testing
Manually downloaded from
https://hub.docker.com/r/unleashorg/unleash-server/tags?page=1 and
compared both `unleash` folders from main and the version built with the
new process
https://github.com/Unleash/unleash/actions/runs/5223078089/jobs/9429430190#step:5:48

![Screenshot from 2023-06-10
21-11-33](https://github.com/Unleash/unleash/assets/455064/60a41739-904d-480d-8d80-bf17b7a70432)

No major difference was spotted (only expected changes due to
development done in main)

**Command used to extract the contents:** 

```
cd /tmp
mkdir main && cd main
docker pull unleashorg/unleash-server:main-edge-18-alpine
docker export $(docker create unleashorg/unleash-server:main-edge-18-alpine) > container.tar && tar xvf container.tar
mkdir ../new-process && cd ../new-process
docker pull unleashorg/unleash-server:sha-ccac902-18-alpine
docker export $(docker create unleashorg/unleash-server:sha-ccac902-18-alpine) > container.tar && tar xvf container.tar
meld ./unleash ../main/unleash
```
2023-06-12 09:15:09 +02:00
Gastón Fournier
a08c6f3c83
chore: remove unnecessary build (#3910)
## About the changes
This removes unnecessary build that's already triggered as part of the
prepare script
0efaa346c4/package.json (L41)

This should reduce the build time of this action:
https://github.com/Unleash/unleash/actions/workflows/docker_publish.yaml
(currently at 30m)

We can see the double execution from the log files of one execution:
```shell
$ grep " #14 " 1_build\ \(18-alpine\).txt  | grep "build:frontend" | grep built
2023-06-06T11:20:25.6513037Z #14 1198.7 [build:frontend] ✓ built in 7m 48s
2023-06-06T11:28:35.0518703Z #14 1688.1 [build:frontend] ✓ built in 7m 34s
```
_That is step 14 executing build:frontend twice_
2023-06-06 21:26:21 +02:00
Gastón Fournier
2f9da976e4
fix: use new build process (#3757)
## About the changes
This adapts the docker creation to the latest package.json changes
https://github.com/Unleash/unleash/pull/3736
2023-05-12 11:25:38 +00:00
Jaanus Sellin
d8d0261681
feat: set timezone to utc (#3666) 2023-05-03 10:25:56 +03:00
Gastón Fournier
0426dd505d
chore: update to node 18 (#3527)
## About the changes
This upgrades our main branch to use node 18 which is the active LTS
version and stops using node 14 which reaches the end of life in a few
weeks: https://nodejs.dev/en/about/releases/

This PR also adds `--no-experimental-fetch` for frontend tests and other
frontend commands. Related to:
https://github.com/node-fetch/node-fetch/issues/1566

More about the experimental fetch release:
https://nodejs.org/en/blog/announcements/v18-release-announce#fetch-experimental
2023-04-18 10:35:32 +02:00
Simon Hornby
3d0146cca7
Fix docker build (#2326)
* fix: patch stale docker lockfile
* fix: patch docker build to respect the fact that frontend now depends on some constants defined in unleash
2022-11-03 15:02:20 +01:00
sjaanus
c4da10b15f
Docker cross-compilation with buildx (#2003)
* Build docker test

* Change platform to build on amd64

* Put back buildplatform

* Run frontend as separate docker task

* Increase timeout

* Update docs
2022-08-30 12:39:28 +00:00
sjaanus
644fdc6709
Fix docker failing (#1993) 2022-08-29 13:00:04 +00:00
sjaanus
a1ce89bedc
Merge frontend with backend (#1962)
* fix: use the frontend dir from the backend

* Build is now working

* Fix workflows

* Fix workflows

* Fix build PRs

* Test coverage workflow

* Test coverage

* Test coverage run

* Fix jest report

* refactor: add missing frontend build

* refactor: ignore frontend dir for coverage

* refactor: run frontend build in PRs

* refactor: run backend tests in PRs

* Revert "refactor: run backend tests in PRs"

This reverts commit 22cabddfd1.

* refactor: remove unused frontend build file

* refactor: test workflows in PR

* refactor: use a prepare script for the frontend

* refactor: simplify yarn build scripts

* refactor: fix check-release script

* Revert "refactor: test workflows in PR"

This reverts commit 496ae19404.

* refactor: remove unused gitignore lines

* refactor: remove renovate config from the frontend repo

* refactor: remove frontend repo license

* refactor: remove frontend repo changelog

* refactor: update frontend repo readme

* refactor: add frontend node_modules to dockerignore

* refactor: update the docker yarn.lock snapshot

Co-authored-by: olav <mail@olav.io>
2022-08-26 07:25:31 +00:00
Gard Rimestad
e2082b4493
feat: slim down docker container (#1790)
* feat: slim down docker container

This changes the unleash-server node module to be as little as it can,
resulting in a much smaller docker container. From 383M -> 11M.
2022-07-05 16:08:06 +02:00
Gard Rimestad
5d5fc37dfd
Feat/docker container on main builds (#1762)
* feat: build docker containers when pushing to main

The intent here is to publish a docker container for every build of
main. This will make it easier to run the tip of main.
2022-06-28 16:13:00 +02:00
Ivar Conradi Østhus
77baaa5121 Introduce unleash-docker as a sperate submodule. (#136)
* Introduce unleash-docker as a sperate submodule.

this is related to #135 and will solve #126

* keep ide-user-settings out of repo

* Introduce unleash-docker as a sperate submodule.

this is related to #135 and will solve #126

* mv unleash-docker to packages/unleash-docker

* made docker work for now, by copying migrations

* minro cleanup

* docker on node:6

* minor cleanup
2020-02-20 08:30:26 +01:00
Ivar
5b4e14063e Upgrade to node 5.8 2020-02-20 08:30:24 +01:00
ivaosthu
94f10a3a4b upgrade node to 4.2.2. Closes #106 2020-02-20 08:30:24 +01:00
eirslett
4c9626b6a3 Remove envconsul from Dockerfile
The open source version of Unleash shouldn't depend on envconsul,
since that's an internal operations detail at FINN.no. Instead, we
accept configuration from environment variables passed through from
the "docker run" command, or via Marathon/Mesos.
2020-02-20 08:30:23 +01:00
Stig Kleppe-Jørgensen
0acee571f1 Use easier method for installing envconsul
Now when a bigger and more complete parent image is used, the curl and
tar tools are feature complete.
2020-02-20 08:30:23 +01:00
audstran
e800ad7a85 added docker container and vagrant 2020-02-20 08:30:23 +01:00
Stig Kleppe-Jørgensen
4854ca58e7 Add files for creating docker image
* Base on a small node image (alpine-node)
* Exclude some files from docker build to make the build go faster
2020-02-20 08:30:23 +01:00