From bfd0ce8ea4e239ed448a209bee85387757f3b90c Mon Sep 17 00:00:00 2001 From: Javier Cortejoso Date: Fri, 15 Dec 2023 12:14:06 +0100 Subject: [PATCH 1/9] Update vscode settings (automatic change) --- .vscode/settings.json | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 9c9ed1c99..ed8cd1865 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -14,12 +14,12 @@ "typescript.preferences.importModuleSpecifier": "non-relative", "typescript.updateImportsOnFileMove.enabled": "always", "editor.codeActionsOnSave": { - "source.organizeImports": false + "source.organizeImports": "never" }, "[javascript]": { "editor.formatOnSave": true, "editor.codeActionsOnSave": { - "source.organizeImports": false + "source.organizeImports": "never" } }, "[javascriptreact]": { @@ -43,5 +43,10 @@ "javascript.format.enable": false, "editor.tabSize": 2, "editor.detectIndentation": false, - "typescript.tsdk": "node_modules/typescript/lib" + "typescript.tsdk": "node_modules/typescript/lib", + "[javascriptreact][typescript][typescriptreact]": { + "editor.codeActionsOnSave": { + "source.organizeImports": "explicit" + } + } } From 51927055e42cbb4b2a4bdb6f91c1d7e688f74a67 Mon Sep 17 00:00:00 2001 From: Javier Cortejoso Date: Fri, 15 Dec 2023 15:41:27 +0000 Subject: [PATCH 2/9] Update dockerfiles to alpine --- dockerfiles/Dockerfile-combiner | 6 +++++- dockerfiles/Dockerfile-loadtest | 6 +++++- dockerfiles/Dockerfile-signer | 7 ++++++- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/dockerfiles/Dockerfile-combiner b/dockerfiles/Dockerfile-combiner index de42d96de..30c602473 100644 --- a/dockerfiles/Dockerfile-combiner +++ b/dockerfiles/Dockerfile-combiner @@ -13,9 +13,13 @@ COPY packages/identity packages/identity COPY packages/odis-identifiers packages/odis-identifiers ##### Main stage -FROM node:18 +FROM node:18-alpine3.19 LABEL org.opencontainers.image.authors="devops@clabs.co" +# Install dependencies and upgrade OS packages +RUN apk add --no-cache python3 git && \ + apk upgrade --no-cache + WORKDIR /celo-phone-number-privacy/ # Copy monorepo settings diff --git a/dockerfiles/Dockerfile-loadtest b/dockerfiles/Dockerfile-loadtest index 45177aef6..74841fd8d 100644 --- a/dockerfiles/Dockerfile-loadtest +++ b/dockerfiles/Dockerfile-loadtest @@ -12,9 +12,13 @@ COPY packages/identity packages/identity COPY packages/odis-identifiers packages/odis-identifiers ##### Main stage -FROM node:18 +FROM node:18-alpine3.19 LABEL org.opencontainers.image.authors="devops@clabs.co" +# Upgrade OS packages +RUN apk add --no-cache python3 git && \ + apk upgrade --no-cache + WORKDIR /celo-phone-number-privacy/ # Copy monorepo settings diff --git a/dockerfiles/Dockerfile-signer b/dockerfiles/Dockerfile-signer index 3ef23bc29..b2d58a74b 100644 --- a/dockerfiles/Dockerfile-signer +++ b/dockerfiles/Dockerfile-signer @@ -12,9 +12,13 @@ COPY packages/identity packages/identity COPY packages/odis-identifiers packages/odis-identifiers ##### Main stage -FROM node:18 +FROM node:18-alpine3.19 LABEL org.opencontainers.image.authors="devops@clabs.co" +# Upgrade OS packages +RUN apk add --no-cache python3 git && \ + apk upgrade --no-cache + WORKDIR /celo-phone-number-privacy/ # Copy monorepo settings @@ -28,6 +32,7 @@ ARG PACKAGE_SELECTOR=signer COPY --from=packages celo-phone-number-privacy/apps/${PACKAGE_SELECTOR} apps/${PACKAGE_SELECTOR} # COMMENT OUT THIS LINE TO USE PUBLISHED DEPENDENCIES COPY --from=packages celo-phone-number-privacy/packages packages + # Install dependencies and build. need dev deps too so we can build (tsc) RUN yarn install --network-timeout 100000 --inline-builds && yarn cache clean RUN yarn workspaces list From a5853f5dad8617910be3bb640c759702deab7312 Mon Sep 17 00:00:00 2001 From: Javier Cortejoso Date: Mon, 18 Dec 2023 12:00:58 +0100 Subject: [PATCH 3/9] Update dependencies to reduce CVEs --- package.json | 12 ++++- yarn.lock | 149 ++++----------------------------------------------- 2 files changed, 22 insertions(+), 139 deletions(-) diff --git a/package.json b/package.json index bb546d04b..857273302 100644 --- a/package.json +++ b/package.json @@ -67,7 +67,17 @@ "blind-threshold-bls": "npm:@celo/blind-threshold-bls@1.0.0-beta", "ganache": "npm:@celo/ganache@7.8.0-unofficial.0", "@types/bn.js": "4.11.6", - "bignumber.js": "9.0.0" + "bignumber.js": "9.0.0", + "//": "For reduce CVEs", + "crypto-js": "4.2.0", + "flat": "5.0.1", + "protobufjs": "7.2.4", + "@babel/traverse": "7.23.2", + "node-fetch": "2.6.7", + "get-func-name": "2.0.1", + "minimatch": "3.0.5", + "async": "2.6.4", + "browserify-sign": "4.2.2" }, "packageManager": "yarn@4.0.0" } diff --git a/yarn.lock b/yarn.lock index ed76dadcf..e47508ce9 100644 --- a/yarn.lock +++ b/yarn.lock @@ -498,16 +498,6 @@ __metadata: languageName: node linkType: hard -"@babel/helper-function-name@npm:^7.21.0": - version: 7.21.0 - resolution: "@babel/helper-function-name@npm:7.21.0" - dependencies: - "@babel/template": "npm:^7.20.7" - "@babel/types": "npm:^7.21.0" - checksum: 33d6e1eca48741f86f7073dc5e38220f7fef310ad5bda3354bea322b2a9a2d89a029fa82fac62514dfc16e3f57053fc9f29f11a32d9c2688d914e3a60692b4a5 - languageName: node - linkType: hard - "@babel/helper-function-name@npm:^7.22.5, @babel/helper-function-name@npm:^7.23.0": version: 7.23.0 resolution: "@babel/helper-function-name@npm:7.23.0" @@ -518,15 +508,6 @@ __metadata: languageName: node linkType: hard -"@babel/helper-hoist-variables@npm:^7.18.6": - version: 7.18.6 - resolution: "@babel/helper-hoist-variables@npm:7.18.6" - dependencies: - "@babel/types": "npm:^7.18.6" - checksum: fd9c35bb435fda802bf9ff7b6f2df06308a21277c6dec2120a35b09f9de68f68a33972e2c15505c1a1a04b36ec64c9ace97d4a9e26d6097b76b4396b7c5fa20f - languageName: node - linkType: hard - "@babel/helper-hoist-variables@npm:^7.22.5": version: 7.22.5 resolution: "@babel/helper-hoist-variables@npm:7.22.5" @@ -1553,7 +1534,7 @@ __metadata: languageName: node linkType: hard -"@babel/traverse@npm:^7.20.0, @babel/traverse@npm:^7.23.2": +"@babel/traverse@npm:7.23.2": version: 7.23.2 resolution: "@babel/traverse@npm:7.23.2" dependencies: @@ -1571,24 +1552,6 @@ __metadata: languageName: node linkType: hard -"@babel/traverse@npm:^7.21.0, @babel/traverse@npm:^7.21.2, @babel/traverse@npm:^7.21.4": - version: 7.21.4 - resolution: "@babel/traverse@npm:7.21.4" - dependencies: - "@babel/code-frame": "npm:^7.21.4" - "@babel/generator": "npm:^7.21.4" - "@babel/helper-environment-visitor": "npm:^7.18.9" - "@babel/helper-function-name": "npm:^7.21.0" - "@babel/helper-hoist-variables": "npm:^7.18.6" - "@babel/helper-split-export-declaration": "npm:^7.18.6" - "@babel/parser": "npm:^7.21.4" - "@babel/types": "npm:^7.21.4" - debug: "npm:^4.1.0" - globals: "npm:^11.1.0" - checksum: 22f3bf1d2acad9f7e85842361afff219f406408f680304be8f78348351a27f90fb66aef2afb03263d3f2b79d12462728e19de571ed19b646bdfb458c6ca5e25b - languageName: node - linkType: hard - "@babel/types@npm:^7.0.0, @babel/types@npm:^7.18.6, @babel/types@npm:^7.20.2, @babel/types@npm:^7.20.7, @babel/types@npm:^7.21.0, @babel/types@npm:^7.21.2, @babel/types@npm:^7.21.4, @babel/types@npm:^7.3.0, @babel/types@npm:^7.3.3": version: 7.21.4 resolution: "@babel/types@npm:7.21.4" @@ -9664,10 +9627,10 @@ __metadata: languageName: node linkType: hard -"crypto-js@npm:^3.1.9-1": - version: 3.3.0 - resolution: "crypto-js@npm:3.3.0" - checksum: d7e11f3a387fb143be834e1a25ecf57ead6f5765e90fbf3aed9cead680cc38b1d241718768b7bfec448a843f569374ea5b5870ac7a8165e4bfa1915f0b00c89c +"crypto-js@npm:4.2.0": + version: 4.2.0 + resolution: "crypto-js@npm:4.2.0" + checksum: c7bcc56a6e01c3c397e95aa4a74e4241321f04677f9a618a8f48a63b5781617248afb9adb0629824792e7ec20ca0d4241a49b6b2938ae6f973ec4efc5c53c924 languageName: node linkType: hard @@ -11761,14 +11724,12 @@ __metadata: languageName: node linkType: hard -"flat@npm:^4.1.0": - version: 4.1.1 - resolution: "flat@npm:4.1.1" - dependencies: - is-buffer: "npm:~2.0.3" +"flat@npm:5.0.1": + version: 5.0.1 + resolution: "flat@npm:5.0.1" bin: flat: cli.js - checksum: 95abffb1fe56c33bc7fd4098e7a9eceb5aaba0db0c1f7f240d0e220037a630ead91de83101ac9714b95756cf178c0164379fa89961c66091abb4febaf9dbd2ff + checksum: b778c28c2e49c9dc6ba9d758695b228565e7b244e57e2b28f380f56510f78021f92a5efcc1df005d638ec5279a117e57ea2ce42d394d321f3004512fb940afc5 languageName: node linkType: hard @@ -13468,7 +13429,7 @@ __metadata: languageName: node linkType: hard -"is-buffer@npm:^2.0.5, is-buffer@npm:~2.0.3": +"is-buffer@npm:^2.0.5": version: 2.0.5 resolution: "is-buffer@npm:2.0.5" checksum: 3261a8b858edcc6c9566ba1694bf829e126faa88911d1c0a747ea658c5d81b14b6955e3a702d59dabadd58fdd440c01f321aa71d6547105fd21d03f94d0597e7 @@ -18523,31 +18484,7 @@ __metadata: languageName: node linkType: hard -"protobufjs@npm:6.11.3": - version: 6.11.3 - resolution: "protobufjs@npm:6.11.3" - dependencies: - "@protobufjs/aspromise": "npm:^1.1.2" - "@protobufjs/base64": "npm:^1.1.2" - "@protobufjs/codegen": "npm:^2.0.4" - "@protobufjs/eventemitter": "npm:^1.1.0" - "@protobufjs/fetch": "npm:^1.1.0" - "@protobufjs/float": "npm:^1.0.2" - "@protobufjs/inquire": "npm:^1.1.0" - "@protobufjs/path": "npm:^1.1.2" - "@protobufjs/pool": "npm:^1.1.0" - "@protobufjs/utf8": "npm:^1.1.0" - "@types/long": "npm:^4.0.1" - "@types/node": "npm:>=13.7.0" - long: "npm:^4.0.0" - bin: - pbjs: bin/pbjs - pbts: bin/pbts - checksum: ab7efcdc4d2e43ffad92272cf8c7bed7b8abfa75b00d059024abe7af446e7151bf71c265347b06dc21136187682c86cd1214e1fcf057ed3fc8142c8a6c47b613 - languageName: node - linkType: hard - -"protobufjs@npm:7.2.4, protobufjs@npm:^7.2.3": +"protobufjs@npm:7.2.4": version: 7.2.4 resolution: "protobufjs@npm:7.2.4" dependencies: @@ -18567,70 +18504,6 @@ __metadata: languageName: node linkType: hard -"protobufjs@npm:^6.11.2, protobufjs@npm:^6.11.3": - version: 6.11.4 - resolution: "protobufjs@npm:6.11.4" - dependencies: - "@protobufjs/aspromise": "npm:^1.1.2" - "@protobufjs/base64": "npm:^1.1.2" - "@protobufjs/codegen": "npm:^2.0.4" - "@protobufjs/eventemitter": "npm:^1.1.0" - "@protobufjs/fetch": "npm:^1.1.0" - "@protobufjs/float": "npm:^1.0.2" - "@protobufjs/inquire": "npm:^1.1.0" - "@protobufjs/path": "npm:^1.1.2" - "@protobufjs/pool": "npm:^1.1.0" - "@protobufjs/utf8": "npm:^1.1.0" - "@types/long": "npm:^4.0.1" - "@types/node": "npm:>=13.7.0" - long: "npm:^4.0.0" - bin: - pbjs: bin/pbjs - pbts: bin/pbts - checksum: 6b7fd7540d74350d65c38f69f398c9995ae019da070e79d9cd464a458c6d19b40b07c9a026be4e10704c824a344b603307745863310c50026ebd661ce4da0663 - languageName: node - linkType: hard - -"protobufjs@npm:^7.0.0": - version: 7.2.3 - resolution: "protobufjs@npm:7.2.3" - dependencies: - "@protobufjs/aspromise": "npm:^1.1.2" - "@protobufjs/base64": "npm:^1.1.2" - "@protobufjs/codegen": "npm:^2.0.4" - "@protobufjs/eventemitter": "npm:^1.1.0" - "@protobufjs/fetch": "npm:^1.1.0" - "@protobufjs/float": "npm:^1.0.2" - "@protobufjs/inquire": "npm:^1.1.0" - "@protobufjs/path": "npm:^1.1.2" - "@protobufjs/pool": "npm:^1.1.0" - "@protobufjs/utf8": "npm:^1.1.0" - "@types/node": "npm:>=13.7.0" - long: "npm:^5.0.0" - checksum: 194e4246ae6167a9c7ca2a9dbbc228d0cf80626eb9070b2ee8e8b798c2b6f2ba216a56b56c121557235eebf46d1c345ce44bc5975a7f794e88946aef21886e93 - languageName: node - linkType: hard - -"protobufjs@npm:^7.2.2, protobufjs@npm:^7.2.5": - version: 7.2.5 - resolution: "protobufjs@npm:7.2.5" - dependencies: - "@protobufjs/aspromise": "npm:^1.1.2" - "@protobufjs/base64": "npm:^1.1.2" - "@protobufjs/codegen": "npm:^2.0.4" - "@protobufjs/eventemitter": "npm:^1.1.0" - "@protobufjs/fetch": "npm:^1.1.0" - "@protobufjs/float": "npm:^1.0.2" - "@protobufjs/inquire": "npm:^1.1.0" - "@protobufjs/path": "npm:^1.1.2" - "@protobufjs/pool": "npm:^1.1.0" - "@protobufjs/utf8": "npm:^1.1.0" - "@types/node": "npm:>=13.7.0" - long: "npm:^5.0.0" - checksum: 6c5aa62b61dff843f585f3acd9cb7a82d566de2dbf167a300b39afee91b04298c4b4aec61354b7c00308b40596f5f3f4b07d6246cfb4ee0abeaea25101033315 - languageName: node - linkType: hard - "proxy-addr@npm:~2.0.7": version: 2.0.7 resolution: "proxy-addr@npm:2.0.7" From d26a50072aea97b92989de05cdbe4ec3a5100505 Mon Sep 17 00:00:00 2001 From: Javier Cortejoso Date: Mon, 18 Dec 2023 12:03:38 +0100 Subject: [PATCH 4/9] Fix permissions --- .husky/pre-push | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 .husky/pre-push diff --git a/.husky/pre-push b/.husky/pre-push old mode 100644 new mode 100755 From 7c1db62943b9787c77f47592362a4786a8d22f73 Mon Sep 17 00:00:00 2001 From: Javier Cortejoso Date: Mon, 18 Dec 2023 12:14:15 +0100 Subject: [PATCH 5/9] Update dependencies: Reducing CVEs --- package.json | 1 - yarn.lock | 207 ++++++--------------------------------------------- 2 files changed, 23 insertions(+), 185 deletions(-) diff --git a/package.json b/package.json index 857273302..56f50902f 100644 --- a/package.json +++ b/package.json @@ -68,7 +68,6 @@ "ganache": "npm:@celo/ganache@7.8.0-unofficial.0", "@types/bn.js": "4.11.6", "bignumber.js": "9.0.0", - "//": "For reduce CVEs", "crypto-js": "4.2.0", "flat": "5.0.1", "protobufjs": "7.2.4", diff --git a/yarn.lock b/yarn.lock index e47508ce9..511796b5b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7463,23 +7463,7 @@ __metadata: languageName: node linkType: hard -"async@npm:3.2.3": - version: 3.2.3 - resolution: "async@npm:3.2.3" - checksum: 1265841be4f461fb17a8ed1c6ac1d427c57b33fea999cefdcee588f08f218886fd41d48da6943e4dca6a8ccd76d4536b6901a28927588ff671ce0ed61ac415a2 - languageName: node - linkType: hard - -"async@npm:^2.4.0": - version: 2.6.3 - resolution: "async@npm:2.6.3" - dependencies: - lodash: "npm:^4.17.14" - checksum: c6a04e7e5669fdda767a3eb9e3b1c40782bbc3cbb0a4297ad9f87e8b1b036b57c7e69a09f5541d3e2067f2f9d2a484f463231ad9890f24b2a628f8eb53c27e64 - languageName: node - linkType: hard - -"async@npm:^2.6.3, async@npm:^2.6.4": +"async@npm:2.6.4": version: 2.6.4 resolution: "async@npm:2.6.4" dependencies: @@ -7488,13 +7472,6 @@ __metadata: languageName: node linkType: hard -"async@npm:^3.2.2, async@npm:^3.2.3, async@npm:^3.2.4": - version: 3.2.4 - resolution: "async@npm:3.2.4" - checksum: bebb5dc2258c45b83fa1d3be179ae0eb468e1646a62d443c8d60a45e84041b28fccebe1e2d1f234bfc3dcad44e73dcdbf4ba63d98327c9f6556e3dbd47c2ae8b - languageName: node - linkType: hard - "asynckit@npm:^0.4.0": version: 0.4.0 resolution: "asynckit@npm:0.4.0" @@ -7981,7 +7958,7 @@ __metadata: languageName: node linkType: hard -"bn.js@npm:^5.0.0, bn.js@npm:^5.1.1, bn.js@npm:^5.1.2, bn.js@npm:^5.2.0, bn.js@npm:^5.2.1": +"bn.js@npm:^5.0.0, bn.js@npm:^5.1.2, bn.js@npm:^5.2.0, bn.js@npm:^5.2.1": version: 5.2.1 resolution: "bn.js@npm:5.2.1" checksum: 7a7e8764d7a6e9708b8b9841b2b3d6019cc154d2fc23716d0efecfe1e16921b7533c6f7361fb05471eab47986c4aa310c270f88e3507172104632ac8df2cfd84 @@ -8063,15 +8040,6 @@ __metadata: languageName: node linkType: hard -"brace-expansion@npm:^2.0.1": - version: 2.0.1 - resolution: "brace-expansion@npm:2.0.1" - dependencies: - balanced-match: "npm:^1.0.0" - checksum: a61e7cd2e8a8505e9f0036b3b6108ba5e926b4b55089eeb5550cd04a471fe216c96d4fe7e4c7f995c728c554ae20ddfc4244cad10aef255e72b62930afd233d1 - languageName: node - linkType: hard - "braces@npm:^3.0.2, braces@npm:~3.0.2": version: 3.0.2 resolution: "braces@npm:3.0.2" @@ -8141,7 +8109,7 @@ __metadata: languageName: node linkType: hard -"browserify-rsa@npm:^4.0.0, browserify-rsa@npm:^4.0.1": +"browserify-rsa@npm:^4.0.0, browserify-rsa@npm:^4.1.0": version: 4.1.0 resolution: "browserify-rsa@npm:4.1.0" dependencies: @@ -8151,20 +8119,20 @@ __metadata: languageName: node linkType: hard -"browserify-sign@npm:^4.0.0": - version: 4.2.1 - resolution: "browserify-sign@npm:4.2.1" +"browserify-sign@npm:4.2.2": + version: 4.2.2 + resolution: "browserify-sign@npm:4.2.2" dependencies: - bn.js: "npm:^5.1.1" - browserify-rsa: "npm:^4.0.1" + bn.js: "npm:^5.2.1" + browserify-rsa: "npm:^4.1.0" create-hash: "npm:^1.2.0" create-hmac: "npm:^1.1.7" - elliptic: "npm:^6.5.3" + elliptic: "npm:^6.5.4" inherits: "npm:^2.0.4" - parse-asn1: "npm:^5.1.5" - readable-stream: "npm:^3.6.0" - safe-buffer: "npm:^5.2.0" - checksum: bf3f9177587a4155bcd64cb4f56f3a0fd6f5aa590188a5f12c07b5dfb50815a1248e90abc8a1dbd75bd42cb825fec09c57ffc8dc7bfba8704875403b762312b4 + parse-asn1: "npm:^5.1.6" + readable-stream: "npm:^3.6.2" + safe-buffer: "npm:^5.2.1" + checksum: b622730c0fc183328c3a1c9fdaaaa5118821ed6822b266fa6b0375db7e20061ebec87301d61931d79b9da9a96ada1cab317fce3c68f233e5e93ed02dbb35544c languageName: node linkType: hard @@ -9714,13 +9682,6 @@ __metadata: languageName: node linkType: hard -"data-uri-to-buffer@npm:^4.0.0": - version: 4.0.1 - resolution: "data-uri-to-buffer@npm:4.0.1" - checksum: 0d0790b67ffec5302f204c2ccca4494f70b4e2d940fea3d36b09f0bb2b8539c2e86690429eb1f1dc4bcc9e4df0644193073e63d9ee48ac9fce79ec1506e4aa4c - languageName: node - linkType: hard - "data-uri-to-buffer@npm:^6.0.0": version: 6.0.1 resolution: "data-uri-to-buffer@npm:6.0.1" @@ -11424,16 +11385,6 @@ __metadata: languageName: node linkType: hard -"fetch-blob@npm:^3.1.2, fetch-blob@npm:^3.1.4": - version: 3.2.0 - resolution: "fetch-blob@npm:3.2.0" - dependencies: - node-domexception: "npm:^1.0.0" - web-streams-polyfill: "npm:^3.0.3" - checksum: 5264ecceb5fdc19eb51d1d0359921f12730941e333019e673e71eb73921146dceabcb0b8f534582be4497312d656508a439ad0f5edeec2b29ab2e10c72a1f86b - languageName: node - linkType: hard - "fetch-mock@npm:9.11.0": version: 9.11.0 resolution: "fetch-mock@npm:9.11.0" @@ -11865,15 +11816,6 @@ __metadata: languageName: node linkType: hard -"formdata-polyfill@npm:^4.0.10": - version: 4.0.10 - resolution: "formdata-polyfill@npm:4.0.10" - dependencies: - fetch-blob: "npm:^3.1.2" - checksum: 9b5001d2edef3c9449ac3f48bd4f8cc92e7d0f2e7c1a5c8ba555ad4e77535cc5cf621fabe49e97f304067037282dd9093b9160a3cb533e46420b446c4e6bc06f - languageName: node - linkType: hard - "formidable@npm:^2.1.2": version: 2.1.2 resolution: "formidable@npm:2.1.2" @@ -12187,10 +12129,10 @@ __metadata: languageName: node linkType: hard -"get-func-name@npm:^2.0.0": - version: 2.0.0 - resolution: "get-func-name@npm:2.0.0" - checksum: 8d82e69f3e7fab9e27c547945dfe5cc0c57fc0adf08ce135dddb01081d75684a03e7a0487466f478872b341d52ac763ae49e660d01ab83741f74932085f693c3 +"get-func-name@npm:2.0.1": + version: 2.0.1 + resolution: "get-func-name@npm:2.0.1" + checksum: 765efe7a6d1fe00cb642a522aa309f5cb3fac0e73dada5b27e3df69c523627cfdc1d3381f0e3e2b34e4aa01a961730756b67d59124d0aaa0a2e1c865b776d885 languageName: node linkType: hard @@ -16346,48 +16288,12 @@ __metadata: languageName: node linkType: hard -"minimatch@npm:2 || 3, minimatch@npm:^3.0.2, minimatch@npm:^3.0.4, minimatch@npm:^3.0.5, minimatch@npm:^3.1.1, minimatch@npm:^3.1.2": - version: 3.1.2 - resolution: "minimatch@npm:3.1.2" - dependencies: - brace-expansion: "npm:^1.1.7" - checksum: e0b25b04cd4ec6732830344e5739b13f8690f8a012d73445a4a19fbc623f5dd481ef7a5827fde25954cd6026fede7574cc54dc4643c99d6c6b653d6203f94634 - languageName: node - linkType: hard - -"minimatch@npm:3.0.4": - version: 3.0.4 - resolution: "minimatch@npm:3.0.4" +"minimatch@npm:3.0.5": + version: 3.0.5 + resolution: "minimatch@npm:3.0.5" dependencies: brace-expansion: "npm:^1.1.7" - checksum: 3b3f17f76582417dd139646505f1d1bb5f148ea5191eb98fe73cd41224a678dadb94cc674c7d06b36de4ab5c303f039cfd7cd2d089348d6f70d04db169cf3770 - languageName: node - linkType: hard - -"minimatch@npm:^5.0.1, minimatch@npm:^5.1.0": - version: 5.1.6 - resolution: "minimatch@npm:5.1.6" - dependencies: - brace-expansion: "npm:^2.0.1" - checksum: 126b36485b821daf96d33b5c821dac600cc1ab36c87e7a532594f9b1652b1fa89a1eebcaad4dff17c764dce1a7ac1531327f190fed5f97d8f6e5f889c116c429 - languageName: node - linkType: hard - -"minimatch@npm:^6.1.6": - version: 6.2.0 - resolution: "minimatch@npm:6.2.0" - dependencies: - brace-expansion: "npm:^2.0.1" - checksum: 17dcf5baf123d28e868810d8b03e4e14e88b6df0a1643628988f7eabcaf2d8d8c4baebfc9b7e082232b150139d0d1b15752d193cbb83d31eda1b1cf2aaf237a0 - languageName: node - linkType: hard - -"minimatch@npm:^9.0.1": - version: 9.0.3 - resolution: "minimatch@npm:9.0.3" - dependencies: - brace-expansion: "npm:^2.0.1" - checksum: c81b47d28153e77521877649f4bab48348d10938df9e8147a58111fe00ef89559a2938de9f6632910c4f7bf7bb5cd81191a546167e58d357f0cfb1e18cecc1c5 + checksum: 8f9707491183a07a9542b8cf45aacb3745ba9fe6c611173fb225d7bf191e55416779aee31e17673a516a178af02d8d3d71ddd36ae3d5cc2495f627977ad1a012 languageName: node linkType: hard @@ -16964,13 +16870,6 @@ __metadata: languageName: node linkType: hard -"node-domexception@npm:^1.0.0": - version: 1.0.0 - resolution: "node-domexception@npm:1.0.0" - checksum: e332522f242348c511640c25a6fc7da4f30e09e580c70c6b13cb0be83c78c3e71c8d4665af2527e869fc96848924a4316ae7ec9014c091e2156f41739d4fa233 - languageName: node - linkType: hard - "node-emoji@npm:^1.11.0": version: 1.11.0 resolution: "node-emoji@npm:1.11.0" @@ -16990,20 +16889,6 @@ __metadata: languageName: node linkType: hard -"node-fetch@npm:2.6.0": - version: 2.6.0 - resolution: "node-fetch@npm:2.6.0" - checksum: 49604f97b69a23dccaaf5552f19d8a5a4896b1fdf5b8e085c4a3bc5602ba9a50bb11463c380b8cd08611d9fd320f30e692b60bd06b480f9a65bf1822857ecea7 - languageName: node - linkType: hard - -"node-fetch@npm:2.6.1": - version: 2.6.1 - resolution: "node-fetch@npm:2.6.1" - checksum: 0b54e56681a99e1b511f8e94dc56b971104834c99c0368cdf5a9e43b3355d77e8aa92842602cf2c08e60654c32ae439d84946eccb38427e6dc2e9d7d90fc787c - languageName: node - linkType: hard - "node-fetch@npm:2.6.7": version: 2.6.7 resolution: "node-fetch@npm:2.6.7" @@ -17018,45 +16903,6 @@ __metadata: languageName: node linkType: hard -"node-fetch@npm:^2.2.0, node-fetch@npm:^2.6.0, node-fetch@npm:^2.6.12": - version: 2.7.0 - resolution: "node-fetch@npm:2.7.0" - dependencies: - whatwg-url: "npm:^5.0.0" - peerDependencies: - encoding: ^0.1.0 - peerDependenciesMeta: - encoding: - optional: true - checksum: b24f8a3dc937f388192e59bcf9d0857d7b6940a2496f328381641cb616efccc9866e89ec43f2ec956bbd6c3d3ee05524ce77fe7b29ccd34692b3a16f237d6676 - languageName: node - linkType: hard - -"node-fetch@npm:^2.6.1, node-fetch@npm:^2.6.7, node-fetch@npm:^2.6.9": - version: 2.6.9 - resolution: "node-fetch@npm:2.6.9" - dependencies: - whatwg-url: "npm:^5.0.0" - peerDependencies: - encoding: ^0.1.0 - peerDependenciesMeta: - encoding: - optional: true - checksum: 4d04273c97e3829b3fb070b9b2c14c9f6ecff9afd1d3d8043fb39d1d2440b23e2ddbdbab1b2f879bf71fa23275bf5711e777256e5784d1852333965a6cea38ab - languageName: node - linkType: hard - -"node-fetch@npm:^3.3.0": - version: 3.3.2 - resolution: "node-fetch@npm:3.3.2" - dependencies: - data-uri-to-buffer: "npm:^4.0.0" - fetch-blob: "npm:^3.1.4" - formdata-polyfill: "npm:^4.0.10" - checksum: 24207ca8c81231c7c59151840e3fded461d67a31cf3e3b3968e12201a42f89ce4a0b5fb7079b1fa0a4655957b1ca9257553200f03a9f668b45ebad265ca5593d - languageName: node - linkType: hard - "node-forge@npm:^1.3.1": version: 1.3.1 resolution: "node-forge@npm:1.3.1" @@ -17763,7 +17609,7 @@ __metadata: languageName: node linkType: hard -"parse-asn1@npm:^5.0.0, parse-asn1@npm:^5.1.5": +"parse-asn1@npm:^5.0.0, parse-asn1@npm:^5.1.6": version: 5.1.6 resolution: "parse-asn1@npm:5.1.6" dependencies: @@ -18978,7 +18824,7 @@ __metadata: languageName: node linkType: hard -"readable-stream@npm:^3.0.1, readable-stream@npm:^3.1.1, readable-stream@npm:^3.4.0, readable-stream@npm:^3.6.0": +"readable-stream@npm:^3.0.1, readable-stream@npm:^3.1.1, readable-stream@npm:^3.4.0, readable-stream@npm:^3.6.0, readable-stream@npm:^3.6.2": version: 3.6.2 resolution: "readable-stream@npm:3.6.2" dependencies: @@ -22036,13 +21882,6 @@ __metadata: languageName: node linkType: hard -"web-streams-polyfill@npm:^3.0.3": - version: 3.2.1 - resolution: "web-streams-polyfill@npm:3.2.1" - checksum: 08fcf97b7883c1511dd3da794f50e9bde75a660884783baaddb2163643c21a94086f394dc4bd20dff0f55c98d98d60c4bea05a5809ef5005bdf835b63ada8900 - languageName: node - linkType: hard - "web3-bzz@npm:1.10.0": version: 1.10.0 resolution: "web3-bzz@npm:1.10.0" From 9e5a18dcd4aacd2977f190b250f5663a194678ea Mon Sep 17 00:00:00 2001 From: Javier Cortejoso Date: Mon, 18 Dec 2023 12:29:19 +0100 Subject: [PATCH 6/9] Generate containers when yarn.lock is updated --- .github/workflows/odis-combiner-container.yml | 2 ++ .github/workflows/odis-loadtest-container.yml | 2 ++ .github/workflows/odis-signer-container.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/.github/workflows/odis-combiner-container.yml b/.github/workflows/odis-combiner-container.yml index 1261fd00b..a9816e285 100644 --- a/.github/workflows/odis-combiner-container.yml +++ b/.github/workflows/odis-combiner-container.yml @@ -6,6 +6,7 @@ on: paths: - 'dockerfiles/Dockerfile-combiner' - 'apps/combiner/**' + - 'yarn.lock' branches: - main tags: @@ -14,6 +15,7 @@ on: paths: - 'dockerfiles/Dockerfile-combiner' - 'apps/combiner/**' + - 'yarn.lock' workflow_dispatch: jobs: diff --git a/.github/workflows/odis-loadtest-container.yml b/.github/workflows/odis-loadtest-container.yml index 367972736..f60fdf662 100644 --- a/.github/workflows/odis-loadtest-container.yml +++ b/.github/workflows/odis-loadtest-container.yml @@ -6,6 +6,7 @@ on: paths: - 'dockerfiles/Dockerfile-loadtest' - 'apps/monitor/**' + - 'yarn.lock' branches: - main tags: @@ -14,6 +15,7 @@ on: paths: - 'dockerfiles/Dockerfile-loadtest' - 'apps/monitor/**' + - 'yarn.lock' workflow_dispatch: jobs: diff --git a/.github/workflows/odis-signer-container.yml b/.github/workflows/odis-signer-container.yml index 985ba0ed9..92b76c0d9 100644 --- a/.github/workflows/odis-signer-container.yml +++ b/.github/workflows/odis-signer-container.yml @@ -6,6 +6,7 @@ on: paths: - 'dockerfiles/Dockerfile-signer' - 'apps/signer/**' + - 'yarn.lock' branches: - main tags: @@ -14,6 +15,7 @@ on: paths: - 'dockerfiles/Dockerfile-signer' - 'apps/signer/**' + - 'yarn.lock' workflow_dispatch: jobs: From 2e07fd11b87cd3e198a2a535241881b05903439c Mon Sep 17 00:00:00 2001 From: Javier Cortejoso Date: Mon, 18 Dec 2023 15:15:16 +0100 Subject: [PATCH 7/9] added bash --- dockerfiles/Dockerfile-combiner | 2 +- dockerfiles/Dockerfile-loadtest | 2 +- dockerfiles/Dockerfile-signer | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dockerfiles/Dockerfile-combiner b/dockerfiles/Dockerfile-combiner index 30c602473..44efc43a6 100644 --- a/dockerfiles/Dockerfile-combiner +++ b/dockerfiles/Dockerfile-combiner @@ -17,7 +17,7 @@ FROM node:18-alpine3.19 LABEL org.opencontainers.image.authors="devops@clabs.co" # Install dependencies and upgrade OS packages -RUN apk add --no-cache python3 git && \ +RUN apk add --no-cache python3 git bash && \ apk upgrade --no-cache WORKDIR /celo-phone-number-privacy/ diff --git a/dockerfiles/Dockerfile-loadtest b/dockerfiles/Dockerfile-loadtest index 74841fd8d..a6d4de6de 100644 --- a/dockerfiles/Dockerfile-loadtest +++ b/dockerfiles/Dockerfile-loadtest @@ -16,7 +16,7 @@ FROM node:18-alpine3.19 LABEL org.opencontainers.image.authors="devops@clabs.co" # Upgrade OS packages -RUN apk add --no-cache python3 git && \ +RUN apk add --no-cache python3 git bash && \ apk upgrade --no-cache WORKDIR /celo-phone-number-privacy/ diff --git a/dockerfiles/Dockerfile-signer b/dockerfiles/Dockerfile-signer index b2d58a74b..ff9f139f3 100644 --- a/dockerfiles/Dockerfile-signer +++ b/dockerfiles/Dockerfile-signer @@ -16,7 +16,7 @@ FROM node:18-alpine3.19 LABEL org.opencontainers.image.authors="devops@clabs.co" # Upgrade OS packages -RUN apk add --no-cache python3 git && \ +RUN apk add --no-cache python3 git bash && \ apk upgrade --no-cache WORKDIR /celo-phone-number-privacy/ From 25bb0516feaefa28bf98f7a7ea112359982c2484 Mon Sep 17 00:00:00 2001 From: Javier Cortejoso Date: Mon, 18 Dec 2023 16:29:49 +0100 Subject: [PATCH 8/9] Update helm values for staging env to pre-release images --- .../kubernetes-deployment/combiner/values/values-staging.yaml | 4 ++-- .../signer/values/staging/values-signer0-staging.yaml | 4 ++-- .../signer/values/staging/values-signer1-staging.yaml | 4 ++-- .../signer/values/staging/values-signer2-staging.yaml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/kubernetes-deployment/combiner/values/values-staging.yaml b/docs/kubernetes-deployment/combiner/values/values-staging.yaml index 977abb499..e6dd961aa 100644 --- a/docs/kubernetes-deployment/combiner/values/values-staging.yaml +++ b/docs/kubernetes-deployment/combiner/values/values-staging.yaml @@ -12,12 +12,12 @@ replicaCount: 1 image: # -- Image repository - repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-combiner + repository: us-west1-docker.pkg.dev/devopsre/dev-images/odis-combiner # -- Image pullpolicy pullPolicy: Always # -- Image tag # Overrides the image tag whose default is the chart appVersion. - tag: "odis-combiner-3.3.2" + tag: latest # -- Image pull secrets imagePullSecrets: [] diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml index f5d22c075..803c0cc4e 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml @@ -46,8 +46,8 @@ env: fullnameOverride: "" image: pullPolicy: Always - repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer - tag: "odis-signer-3.1.1" + repository: us-west1-docker.pkg.dev/devopsre/dev-images/odis-signer + tag: latest imagePullSecrets: [] ingress: enabled: true diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml index 20cbbc7ac..a8907a3bd 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml @@ -46,8 +46,8 @@ env: fullnameOverride: "" image: pullPolicy: Always - repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer - tag: "odis-signer-3.1.1" + repository: us-west1-docker.pkg.dev/devopsre/dev-images/odis-signer + tag: latest imagePullSecrets: [] ingress: enabled: true diff --git a/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml b/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml index 9bcd36001..495c026c4 100644 --- a/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml +++ b/docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml @@ -46,8 +46,8 @@ env: fullnameOverride: "" image: pullPolicy: Always - repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer - tag: "odis-signer-3.1.1" + repository: us-west1-docker.pkg.dev/devopsre/dev-images/odis-signer + tag: latest imagePullSecrets: [] ingress: enabled: true From 3d18f262be046a4ff4080b03dfc8924d1a9dda64 Mon Sep 17 00:00:00 2001 From: Javier Cortejoso Date: Mon, 18 Dec 2023 16:30:34 +0100 Subject: [PATCH 9/9] Patch changeset with the changes of new dependency versions on yarn.lock --- .changeset/tender-tomatoes-protect.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .changeset/tender-tomatoes-protect.md diff --git a/.changeset/tender-tomatoes-protect.md b/.changeset/tender-tomatoes-protect.md new file mode 100644 index 000000000..e5a2bb9f1 --- /dev/null +++ b/.changeset/tender-tomatoes-protect.md @@ -0,0 +1,11 @@ +--- +'@celo/phone-number-privacy-combiner': patch +'@celo/phone-number-privacy-monitor': patch +'@celo/phone-number-privacy-signer': patch +'@celo/phone-number-privacy-common': patch +'@celo/encrypted-backup': patch +'@celo/identity': patch +'@celo/odis-identifiers': patch +--- + +Update package dependencies to reduce CVEs