1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-10-28 19:06:12 +01:00
unleash.unleash/Dockerfile
renovate[bot] e96f0c22af
chore(deps): update node.js to v18.19.1 (#6287)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [node](https://togithub.com/nodejs/node) | final | patch |
`18.19.0-alpine` -> `18.19.1-alpine` |
| [node](https://togithub.com/nodejs/node) | stage | patch |
`18.19.0-alpine` -> `18.19.1-alpine` |

---

### Release Notes

<details>
<summary>nodejs/node (node)</summary>

###
[`v18.19.1`](https://togithub.com/nodejs/node/releases/tag/v18.19.1):
2024-02-14, Version 18.19.1 &#x27;Hydrogen&#x27; (LTS),
@&#8203;RafaelGSS prepared by @&#8203;marco-ippolito

[Compare
Source](https://togithub.com/nodejs/node/compare/v18.19.0...v18.19.1)

##### Notable changes

This is a security release.

##### Notable changes

- CVE-2024-21892 - Code injection and privilege escalation through Linux
capabilities- (High)
- CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded
chunk extension allows DoS attacks- (High)
- CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing
variant of the Bleichenbacher attack against
[PKCS#1](https://togithub.com/PKCS/node/issues/1) v1.5 padding) -
(Medium)
- CVE-2024-22025 - Denial of Service by resource exhaustion in fetch()
brotli decoding - (Medium)
-   undici version 5.28.3
-   npm version 10.2.4

##### Commits

- \[[`69e0a1dba8`](https://togithub.com/nodejs/node/commit/69e0a1dba8)]
- **crypto**: update root certificates to NSS 3.95 (Node.js GitHub Bot)
[#&#8203;50805](https://togithub.com/nodejs/node/pull/50805)
- \[[`d3d357ab09`](https://togithub.com/nodejs/node/commit/d3d357ab09)]
- **crypto**: disable [PKCS#1](https://togithub.com/PKCS/node/issues/1)
padding for privateDecrypt (Michael Dawson)
[nodejs-private/node-private#525](https://togithub.com/nodejs-private/node-private/pull/525)
- \[[`3d27175c42`](https://togithub.com/nodejs/node/commit/3d27175c42)]
- **deps**: fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno)
[#&#8203;51614](https://togithub.com/nodejs/node/pull/51614)
- \[[`331558b8ab`](https://togithub.com/nodejs/node/commit/331558b8ab)]
- **deps**: update archs files for openssl-3.0.13+quic1 (Node.js GitHub
Bot) [#&#8203;51614](https://togithub.com/nodejs/node/pull/51614)
- \[[`99b77dfb9c`](https://togithub.com/nodejs/node/commit/99b77dfb9c)]
- **deps**: upgrade openssl sources to quictls/openssl-3.0.13+quic1
(Node.js GitHub Bot)
[#&#8203;51614](https://togithub.com/nodejs/node/pull/51614)
- \[[`6cdc71bff1`](https://togithub.com/nodejs/node/commit/6cdc71bff1)]
- **deps**: upgrade npm to 10.2.4 (npm team)
[#&#8203;50751](https://togithub.com/nodejs/node/pull/50751)
- \[[`911cb33cda`](https://togithub.com/nodejs/node/commit/911cb33cda)]
- **http**: add maximum chunk extension size (Paolo Insogna)
[nodejs-private/node-private#520](https://togithub.com/nodejs-private/node-private/pull/520)
- \[[`f48b89689d`](https://togithub.com/nodejs/node/commit/f48b89689d)]
- **lib**: update undici to v5.28.3 (Matteo Collina)
[nodejs-private/node-private#536](https://togithub.com/nodejs-private/node-private/pull/536)
- \[[`e6b4c105e0`](https://togithub.com/nodejs/node/commit/e6b4c105e0)]
- **src**: fix HasOnly(capability) in node::credentials (Tobias Nießen)
[nodejs-private/node-private#505](https://togithub.com/nodejs-private/node-private/pull/505)
- \[[`97c49076cd`](https://togithub.com/nodejs/node/commit/97c49076cd)]
- **test**: skip test-child-process-stdio-reuse-readable-stdio on
Windows (Joyee Cheung)
[#&#8203;49621](https://togithub.com/nodejs/node/pull/49621)
- \[[`60affdde8e`](https://togithub.com/nodejs/node/commit/60affdde8e)]
- **tools**: add macOS notarization verification step (Ulises Gascón)
[#&#8203;50833](https://togithub.com/nodejs/node/pull/50833)
- \[[`ccc676a327`](https://togithub.com/nodejs/node/commit/ccc676a327)]
- **tools**: use macOS keychain to notarize the releases (Ulises Gascón)
[#&#8203;50715](https://togithub.com/nodejs/node/pull/50715)
- \[[`31f1ceb380`](https://togithub.com/nodejs/node/commit/31f1ceb380)]
- **tools**: remove unused file (Ulises Gascon)
[#&#8203;50622](https://togithub.com/nodejs/node/pull/50622)
- \[[`bd5f6fb92a`](https://togithub.com/nodejs/node/commit/bd5f6fb92a)]
- **tools**: add macOS notarization stapler (Ulises Gascón)
[#&#8203;50625](https://togithub.com/nodejs/node/pull/50625)
- \[[`4168c4f71b`](https://togithub.com/nodejs/node/commit/4168c4f71b)]
- **tools**: improve macOS notarization process output readability
(Ulises Gascón)
[#&#8203;50389](https://togithub.com/nodejs/node/pull/50389)
- \[[`4622f775aa`](https://togithub.com/nodejs/node/commit/4622f775aa)]
- **tools**: remove unused `version` function (Ulises Gascón)
[#&#8203;50390](https://togithub.com/nodejs/node/pull/50390)
- \[[`b90804b1e7`](https://togithub.com/nodejs/node/commit/b90804b1e7)]
- **win,tools**: upgrade Windows signing to smctl (Stefan Stojanovic)
[#&#8203;50956](https://togithub.com/nodejs/node/pull/50956)
- \[[`f31d47e135`](https://togithub.com/nodejs/node/commit/f31d47e135)]
- **zlib**: pause stream if outgoing buffer is full (Matteo Collina)
[nodejs-private/node-private#542](https://togithub.com/nodejs-private/node-private/pull/542)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am
every weekday" in timezone Europe/Madrid, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMDAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIwMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-21 00:57:34 +00:00

39 lines
813 B
Docker

ARG NODE_VERSION=18.19.1-alpine
FROM node:$NODE_VERSION as builder
WORKDIR /unleash
COPY . /unleash
RUN yarn config set network-timeout 300000
RUN yarn install --frozen-lockfile --ignore-scripts && yarn prepare:backend && yarn local:package
# frontend/build should already exist (it needs to be built in the local filesystem but in case of a fresh build we'll build it here)
RUN yarn build:frontend:if-needed
RUN mkdir -p /unleash/build/frontend && mv /unleash/frontend/build /unleash/build/frontend/build
WORKDIR /unleash/docker
RUN yarn install --frozen-lockfile --production=true
FROM node:$NODE_VERSION
ENV NODE_ENV production
ENV TZ UTC
WORKDIR /unleash
COPY --from=builder /unleash/docker /unleash
RUN rm -rf /usr/local/lib/node_modules/npm/
EXPOSE 4242
USER node
CMD ["node", "index.js"]