search

celo-org / social-connect

Protocol mapping social identifiers to blockchain addresses
https://socialconnect.xyz
Apache License 2.0
7 stars 7 forks source link

Reduce CVEs: Update dockerfile and dependencies #203

Closed jcortejoso closed 11 months ago

jcortejoso commented 11 months ago

Description

Update dockerfiles and npm dependencies. Goal is reducing CVEs and also reduce dependencies/size (for system/image dependencies).

Results (example with signer)

Before

## Overview

                    │                                 Analyzed Image
────────────────────┼──────────────────────────────────────────────────────────────────────────────────
  Target            │  us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer:odis-signer-3.1.1
    digest          │  0fda3ba03742
    platform        │ linux/amd64
    provenance      │ https://github.com/celo-org/social-connect
                    │  1670dc0ec4919e582f287f682dbe7c373d9cd868
    vulnerabilities │    5C    12H    28M    78L     1?
    size            │ 1.2 GB
    packages        │ 2429
                    │
  Base image        │  node:18
                    │  117e3f020487

After

## Overview

                    │           Analyzed Image
────────────────────┼─────────────────────────────────────
  Target            │  signer:latest
    digest          │  c3ebea052be1
    platform        │ linux/amd64
    vulnerabilities │    0C     1H    14M     1L     1?
    size            │ 875 MB
    packages        │ 1889

We need to test on Alfajores

Dependencies updated:

crypto-js: 3.3.0 -> 4.2.0 flat: 4.1.1 -> 5.0.1 protobufjs: 6.11.3/7.2.3 -> 7.2.4 @babel/traverse: 7.21.4 -> 7.23.2 node-fetch: 2.6.0 -> 2.6.7 get-func-name: 2.0.0 -> 2.0.1 minimatch: 3.0.4 -> 3.0.5 async: 2.6.3 -> 2.6.4 browserify-sign: 4.2.1 -> 4.2.2

changeset-bot[bot] commented 11 months ago

🦋 Changeset detected

Latest commit: a290524a81a8bcd818fd9d678037b4f9390136a5

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 7 packages | Name | Type | | ----------------------------------- | ----- | | @celo/phone-number-privacy-combiner | Patch | | @celo/phone-number-privacy-monitor | Patch | | @celo/phone-number-privacy-signer | Patch | | @celo/phone-number-privacy-common | Patch | | @celo/encrypted-backup | Patch | | @celo/identity | Patch | | @celo/odis-identifiers | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR