From 52b6566119c5308c8ef101f224b60ceaedf68212 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 6 Dec 2023 07:26:14 +0000 Subject: [PATCH] dep updates Update zoeyvid/nginx-quic Docker tag to v229 Update zoeyvid/certbot-docker Docker tag to v17 Update zoeyvid/nginx-quic Docker tag to v228 Update alpine Docker tag to v3.19.0 Update caddy Docker tag to v2.7.6 Update dependency knex to v3.1.0 Update zoeyvid/nginx-quic Docker tag to v225 Update dependency sass-loader to v10.5.0 Update zoeyvid/certbot-docker Docker tag to v15 Update zoeyvid/nginx-quic Docker tag to v230 Signed-off-by: Zoey --- .github/workflows/caddy-fmt.yml | 2 +- Caddy.Dockerfile | 5 ++++- Dockerfile | 24 +++++++++++++----------- backend/package.json | 2 +- frontend/package.json | 2 +- 5 files changed, 20 insertions(+), 15 deletions(-) diff --git a/.github/workflows/caddy-fmt.yml b/.github/workflows/caddy-fmt.yml index 9321df53..05cc8432 100644 --- a/.github/workflows/caddy-fmt.yml +++ b/.github/workflows/caddy-fmt.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v4 - name: Read version id: version - run: echo "version=$(cat Caddy.Dockerfile | grep -wE "FROM caddy:*" | head -1 | sed "s|FROM caddy:||g")" >> $GITHUB_OUTPUT + run: echo "version=$(cat Caddy.Dockerfile | grep -wE "FROM caddy:*" | head -1 | sed "s|FROM caddy:\([0-9.]\+\).*|\1|g")" >> $GITHUB_OUTPUT - name: caddy-fmt run: | docker run --rm -v ${{ github.workspace }}/Caddyfile:/etc/caddy/Caddyfile caddy:${{ steps.version.outputs.version }} caddy fmt --overwrite /etc/caddy/Caddyfile diff --git a/Caddy.Dockerfile b/Caddy.Dockerfile index 0eb3c9e2..7e1516ff 100644 --- a/Caddy.Dockerfile +++ b/Caddy.Dockerfile @@ -1,3 +1,6 @@ -FROM caddy:2.7.5 +FROM caddy:2.7.6 as caddy + +FROM alpine:3.19.0 RUN apk add --no-cache ca-certificates tzdata +COPY --from=caddy /usr/bin/caddy /usr/bin/caddy COPY Caddyfile /etc/caddy/Caddyfile diff --git a/Dockerfile b/Dockerfile index e086d8a3..d867680e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform="$BUILDPLATFORM" alpine:3.18.5 as frontend +FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as frontend COPY frontend /build/frontend COPY global/certbot-dns-plugins.js /build/frontend/certbot-dns-plugins.js ARG NODE_ENV=production \ @@ -12,7 +12,7 @@ COPY darkmode.css /build/frontend/dist/css/darkmode.css COPY security.txt /build/frontend/dist/.well-known/security.txt -FROM --platform="$BUILDPLATFORM" alpine:3.18.5 as backend +FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as backend SHELL ["/bin/ash", "-eo", "pipefail", "-c"] COPY backend /build/backend COPY global/certbot-dns-plugins.js /build/backend/certbot-dns-plugins.js @@ -30,10 +30,13 @@ RUN apk add --no-cache ca-certificates nodejs-current yarn && \ yarn cache clean --all -FROM --platform="$BUILDPLATFORM" alpine:3.18.5 as crowdsec +FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as crowdsec + +ARG CSNB_VER=v1.0.5 + WORKDIR /src RUN apk add --no-cache ca-certificates git build-base && \ - git clone --recursive https://github.com/crowdsecurity/cs-nginx-bouncer /src && \ + git clone --recursive https://github.com/crowdsecurity/cs-nginx-bouncer --branch "$CSNB_VER" /src && \ make && \ tar xzf crowdsec-nginx-bouncer.tgz && \ mv crowdsec-nginx-bouncer-* crowdsec-nginx-bouncer && \ @@ -45,10 +48,13 @@ RUN apk add --no-cache ca-certificates git build-base && \ sed -i "s|BAN_TEMPLATE_PATH=.*|BAN_TEMPLATE_PATH=/data/etc/crowdsec/ban.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \ sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf -FROM zoeyvid/certbot-docker:14 as certbot +FROM zoeyvid/certbot-docker:17 as certbot -FROM zoeyvid/nginx-quic:219 +FROM zoeyvid/nginx-quic:230 SHELL ["/bin/ash", "-eo", "pipefail", "-c"] + +ARG CRS_VER=v4.0/dev + COPY rootfs / RUN apk add --no-cache ca-certificates tzdata tini \ lua5.1-lzlib \ @@ -56,11 +62,7 @@ RUN apk add --no-cache ca-certificates tzdata tini \ openssl apache2-utils \ coreutils grep jq curl shadow sudo \ luarocks5.1 wget lua5.1-dev build-base git yarn && \ - wget -q https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended -O /usr/local/nginx/conf/conf.d/include/modsecurity.conf.example && \ - wget -q https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/unicode.mapping -O /usr/local/nginx/conf/conf.d/include/unicode.mapping && \ - sed -i "s|SecRuleEngine.*|SecRuleEngine On|g" /usr/local/nginx/conf/conf.d/include/modsecurity.conf.example && \ - sed -i "s|unicode.mapping|/usr/local/nginx/conf/conf.d/include/unicode.mapping|g" /usr/local/nginx/conf/conf.d/include/modsecurity.conf.example && \ - git clone https://github.com/coreruleset/coreruleset /tmp/coreruleset && \ + git clone https://github.com/coreruleset/coreruleset --branch "$CRS_VER" /tmp/coreruleset && \ mkdir -v /usr/local/nginx/conf/conf.d/include/coreruleset && \ mv -v /tmp/coreruleset/crs-setup.conf.example /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example && \ mv -v /tmp/coreruleset/rules /usr/local/nginx/conf/conf.d/include/coreruleset/rules && \ diff --git a/backend/package.json b/backend/package.json index 8d4d9134..ab7570d5 100644 --- a/backend/package.json +++ b/backend/package.json @@ -15,7 +15,7 @@ "express-fileupload": "1.4.3", "gravatar": "1.8.2", "jsonwebtoken": "9.0.2", - "knex": "3.0.1", + "knex": "3.1.0", "liquidjs": "10.9.4", "lodash": "4.17.21", "moment": "2.29.4", diff --git a/frontend/package.json b/frontend/package.json index 38b160dd..65b4681c 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -30,7 +30,7 @@ "node-sass": "7.0.3", "nodemon": "3.0.2", "numeral": "2.0.6", - "sass-loader": "10.4.1", + "sass-loader": "10.5.0", "style-loader": "3.3.3", "tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813", "underscore": "1.13.6",