Merge pull request #94 from sergiitk/chore/dependencies-update

[SECURITY CVE-2019-5737] Upgrade node in Docker to 10.15.3 and refresh npm dependencies
sergiitk · Mar 10, 2019 · 5eacded · 5eacded
2 parents 740e905 + 1e977ca
commit 5eacded
Show file tree

Hide file tree

Showing 8 changed files with 1,088 additions and 1,074 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -5,7 +5,7 @@ jobs:
   build:
     <<: &docker_node
       docker:
-        - image: circleci/node:10.15.1-stretch
+        - image: circleci/node:10.15.2-stretch
     working_directory: ~/repo
     steps:
       - checkout

diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # https://hub.docker.com/_/node/
-FROM node:10.15.1-alpine
+FROM node:10.15.3-alpine
 ARG VCS_REF=not_ci
 LABEL org.label-schema.description="PagerDuty on-call dashboard widget" \
       org.label-schema.name="PagerBeauty" \

diff --git a/Dockerfile-dev b/Dockerfile-dev
@@ -1,5 +1,5 @@
 # https://hub.docker.com/_/node/
-FROM node:10.15.1-alpine
+FROM node:10.15.3-alpine
 ARG VCS_REF=not_ci
 LABEL org.label-schema.description="PagerDuty on-call dashboard widget" \
       org.label-schema.name="PagerBeauty" \

diff --git a/Dockerfile-test-acceptance b/Dockerfile-test-acceptance
@@ -1,5 +1,5 @@
 # https://hub.docker.com/_/node/
-FROM node:10.15.1-alpine
+FROM node:10.15.3-alpine
 ARG VCS_REF=not_ci
 LABEL org.label-schema.description="PagerDuty on-call dashboard widget" \
       org.label-schema.name="PagerBeauty" \
@@ -34,15 +34,12 @@ RUN yarn install --frozen-lockfile
 # ---------- Acceptance test image from here
 # https://github.com/GoogleChrome/puppeteer/blob/master/docs/troubleshooting.md
 
-# Installs latest Chromium (71) package:
-# https://pkgs.alpinelinux.org/package/edge/community/x86_64/chromium
+# Installs latest Chromium 72.0.3626.121-r0 available in Apline 3.9:
+# Alpine: https://github.com/nodejs/docker-node/blob/170ed2/10/alpine/Dockerfile
+# Chromium: https://pkgs.alpinelinux.org/package/v3.9/community/x86_64/chromium
 RUN apk update && apk upgrade && \
-    echo @edge http://nl.alpinelinux.org/alpine/edge/community >> /etc/apk/repositories && \
-    echo @edge http://nl.alpinelinux.org/alpine/edge/main >> /etc/apk/repositories && \
     apk add --no-cache \
-      chromium@edge \
-      harfbuzz@edge \
-      nss@edge
+      chromium
 
 # TODO: create a user and omit no-sandbox
 

diff --git a/docker-compose.circleci.yaml b/docker-compose.circleci.yaml
@@ -57,8 +57,6 @@ services:
     command: ['yarn', 'run', 'mock:pagerduty_api', '-p', '8090']
     ports:
       - "8090:8090"
-    volumes:
-      - node_modules:/usr/src/app/node_modules
 
   test-acceptance:
     build:
@@ -74,14 +72,8 @@ services:
       PAGERBEAUTY_HTTP_PASSWORD: basic_password_ci
       PAGERBEAUTY_HTTP_ACCESS_TOKEN: 9A37F64B-931B-4767-94D3-E41B92991F7C
     volumes:
-      # Uncomment for verifying service locally.
-      # - .:/usr/src/app/
-      - node_modules:/usr/src/app/node_modules
+      # Test reports
       - ./tmp:/usr/src/app/tmp
     depends_on:
       - pagerbeauty-ci
       - pagerbeauty-ci-with-auth
-
-# Use shared node_modules
-volumes:
-  node_modules:
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -24,9 +24,13 @@ services:
     ports:
       - ${PAGERBEAUTY_HTTP_PORT:-8080}:${PAGERBEAUTY_HTTP_PORT:-8080}
     volumes:
-      - .:/usr/src/app/
-      - node_modules:/usr/src/app/node_modules
+      - ./src/:/usr/src/app/src/:ro
+      - ./assets/:/usr/src/app/assets/:ro
+      - ./package.json:/usr/src/app/package.json:ro
+      - ./yarn.lock:/usr/src/app/yarn.lock:ro
+      - node-modules-shared:/usr/src/app/node_modules:nocopy
     depends_on:
+      - yarn
       - mock-pagerduty-api
       - pagerbeauty-dev-assets
 
@@ -52,9 +56,13 @@ services:
     ports:
       - ${PAGERBEAUTY_WITH_AUTH_HTTP_PORT:-8081}:${PAGERBEAUTY_WITH_AUTH_HTTP_PORT:-8081}
     volumes:
-      - .:/usr/src/app/
-      - node_modules:/usr/src/app/node_modules
+      - ./src/:/usr/src/app/src/:ro
+      - ./assets/:/usr/src/app/assets/:ro
+      - ./package.json:/usr/src/app/package.json:ro
+      - ./yarn.lock:/usr/src/app/yarn.lock:ro
+      - node-modules-shared:/usr/src/app/node_modules:nocopy
     depends_on:
+      - yarn
       - mock-pagerduty-api
       - pagerbeauty-dev-assets
 
@@ -64,8 +72,15 @@ services:
       dockerfile: ./Dockerfile-dev
     command: ['yarn', 'run', 'build:watch']
     volumes:
-      - .:/usr/src/app/
-      - node_modules:/usr/src/app/node_modules
+      - ./src/:/usr/src/app/src/:ro
+      - ./assets/:/usr/src/app/assets/:rw
+      - ./package.json:/usr/src/app/package.json:ro
+      - ./yarn.lock:/usr/src/app/yarn.lock:ro
+      - ./webpack.common.js:/usr/src/app/webpack.common.js:ro
+      - ./webpack.dev.js:/usr/src/app/webpack.dev.js:ro
+      - node-modules-shared:/usr/src/app/node_modules:nocopy
+    depends_on:
+      - yarn
 
   mock-pagerduty-api:
     build:
@@ -80,8 +95,12 @@ services:
     ports:
       - ${PAGERBEAUTY_PD_API_MOCK_PORT:-8090}:${PAGERBEAUTY_PD_API_MOCK_PORT:-8090}
     volumes:
-      - .:/usr/src/app/
-      - node_modules:/usr/src/app/node_modules
+      - ./test/mocks/:/usr/src/app/test/mocks/
+      - ./package.json:/usr/src/app/package.json:ro
+      - ./yarn.lock:/usr/src/app/yarn.lock:ro
+      - node-modules-shared:/usr/src/app/node_modules:nocopy
+    depends_on:
+      - yarn
 
   test-acceptance:
     build:
@@ -97,9 +116,13 @@ services:
       PAGERBEAUTY_HTTP_ACCESS_TOKEN: >-
         ${PAGERBEAUTY_HTTP_ACCESS_TOKEN:-803651A9-E3B7-4153-9566-6E54F5F0CEAB}
     volumes:
-      - .:/usr/src/app/
-      - node_modules:/usr/src/app/node_modules
+      - ./src/:/usr/src/app/src/:ro
+      - ./test/:/usr/src/app/test/:ro
+      - ./package.json:/usr/src/app/package.json:ro
+      - ./yarn.lock:/usr/src/app/yarn.lock:ro
+      - node-modules-shared:/usr/src/app/node_modules:nocopy
     depends_on:
+      - yarn
       - pagerbeauty-dev
       - pagerbeauty-dev-with-auth
 
@@ -108,10 +131,11 @@ services:
       context: .
       dockerfile: ./Dockerfile-dev
     entrypoint: ['yarn']
-    command: []
+    command: ['help']
     volumes:
-      - .:/usr/src/app/
-      - node_modules:/usr/src/app/node_modules
+      - ./package.json:/usr/src/app/package.json:rw
+      - ./yarn.lock:/usr/src/app/yarn.lock:rw
+      - node-modules-shared:/usr/src/app/node_modules
 
   # Grafana
   # admin/admin
@@ -129,4 +153,4 @@ services:
 
 # Use shared node_modules
 volumes:
-  node_modules:
+  node-modules-shared:
diff --git a/package.json b/package.json
@@ -42,57 +42,56 @@
     "koa-route": "^3.2.0",
     "koa-static": "^5.0.0",
     "koa-views": "^6.1.4",
-    "luxon": "^1.11.0",
+    "luxon": "^1.11.4",
     "node-fetch": "^2.2.0",
-    "nunjucks": "^3.1.7",
+    "nunjucks": "^3.2.0",
     "tsscmp": "^1.0.6",
     "winston": "^3.2.1"
   },
   "devDependencies": {
-    "@babel/core": "^7.1.2",
-    "@babel/preset-env": "^7.3.1",
+    "@babel/core": "^7.3.4",
+    "@babel/preset-env": "^7.3.4",
     "@babel/preset-react": "^7.0.0",
     "@semantic-release/changelog": "^3.0.2",
     "@semantic-release/git": "^7.0.8",
-    "ava": "^1.2.0",
+    "ava": "^1.3.1",
     "babel-loader": "^8.0.5",
     "babel-polyfill": "^6.26.0",
     "chai": "^4.2.0",
     "chai-as-promised": "^7.1.1",
-    "codecov": "^3.1.0",
+    "codecov": "^3.2.0",
     "conventional-changelog-ember": "^2.0.2",
-    "css-loader": "^2.1.0",
-    "eslint": "^5.13.0",
+    "css-loader": "^2.1.1",
+    "eslint": "^5.15.1",
     "eslint-config-airbnb": "^17.1.0",
     "eslint-config-airbnb-base": "^13.1.0",
     "eslint-plugin-ava": "^5.1.1",
     "eslint-plugin-import": "^2.16.0",
     "eslint-plugin-jsx-a11y": "^6.2.1",
     "eslint-plugin-react": "^7.12.4",
-    "esm": "^3.2.0",
     "faucet": "^0.0.1",
     "mini-css-extract-plugin": "^0.5.0",
     "mockserver": "^3.0.0",
     "node-sass": "^4.10.0",
-    "nodemon": "^1.18.5",
-    "nyc": "^13.1.0",
+    "nodemon": "^1.18.10",
+    "nyc": "^13.3.0",
     "optimize-css-assets-webpack-plugin": "^5.0.1",
-    "prop-types": "^15.6.2",
-    "puppeteer": "1.11.0",
-    "react": "^16.6.0",
-    "react-dom": "^16.6.0",
+    "prop-types": "^15.7.2",
+    "puppeteer": "1.13.0",
+    "react": "^16.8.4",
+    "react-dom": "^16.8.4",
     "sass-loader": "^7.1.0",
     "semantic-release": "^15.13.3",
-    "sinon": "^7.2.3",
+    "sinon": "^7.2.7",
     "sinon-chai": "^3.3.0",
     "style-loader": "^0.23.1",
     "tap-xunit": "^2.3.0",
-    "webpack": "^4.29.0",
-    "webpack-cli": "^3.2.1",
+    "webpack": "^4.29.6",
+    "webpack-cli": "^3.2.3",
     "webpack-merge": "^4.2.1"
   },
   "resolutions": {
-    "terser": "3.14.1"
+    "esm": "3.2.9"
   },
   "nodemonConfig": {
     "verbose": true,