Merge pull request #517 from idaholab/fix/vulns

Fix/vulns

Author: browjm4

Dockerfile

@@ -1,4 +1,4 @@
-FROM rust:alpine as build
+FROM rust:alpine:latest as build
 
 ENV RUSTFLAGS="-C target-feature=-crt-static"
 ENV RUN_MODE="build"
@@ -46,7 +46,7 @@ WORKDIR /srv/deeplynx/server
 RUN yarn install;
 RUN yarn run build;
 
-FROM node:alpine as production
+FROM node:alpine:latest as production
 ENV DEVELOPMENT_MODE=false
 
 RUN apk update && apk add --no-cache supervisor openssl

Dockerfile.dev

@@ -1,4 +1,4 @@
-FROM rust:alpine as build
+FROM rust:alpine:latest as build
 
 ENV RUSTFLAGS="-C target-feature=-crt-static"
 ENV RUN_MODE="build"
@@ -52,7 +52,7 @@ WORKDIR /srv/deeplynx/server
 RUN yarn install;
 RUN yarn run build;
 
-FROM node:alpine as production
+FROM node:alpine:latest as production
 ENV DEVELOPMENT_MODE=false
 
 # Add missing packages

server/NodeLibraries/deeplynx/package.json

@@ -1,6 +1,6 @@
 {
     "name": "deeplynx",
-    "version": "1.7.5",
+    "version": "1.7.6",
     "main": "index.js",
     "types": "index.d.ts",
     "napi": {

server/package-lock.json

@@ -1,6 +1,6 @@
 {
     "name": "deep-lynx",
-    "version": "1.7.5",
+    "version": "1.7.6",
     "description": "DeepLynx allows for an integrated platform during design and operations of mega projects.",
     "main": "./dist/main.js",
     "author": "John Darrington and Christopher Ritter",
@@ -44,7 +44,7 @@
         "@types/express-session": "^1.18.0",
         "@types/faker": "^4.1.12",
         "@types/gremlin": "^3.6.7",
-        "@types/helmet": "0.0.43",
+        "@types/helmet": "^0.0.48",
         "@types/ioredis": "^4.28.10",
         "@types/jsonwebtoken": "^9.0.6",
         "@types/mocha": "^10.0.7",
@@ -132,7 +132,7 @@
         "csv-stringify": "^6.5.1",
         "csvtojson": "^2.0.10",
         "date-fns": "^2.30.0",
-        "deeplynx": "^1.7.5",
+        "deeplynx": "^1.7.6",
         "dev-null": "^0.1.1",
         "digest-stream": "^2.0.0",
         "dot-prop": "^5.3.0",
@@ -159,8 +159,10 @@
         "minimist": "^1.2.8",
         "minio": "^7.1.3",
         "ms": "^2.1.3",
+        "nanoid": "^3.3.8",
         "node-cache": "^5.1.2",
         "nodemailer": "^6.9.14",
+        "on-headers": "^1.1.0",
         "p-all": "^3.0.0",
         "p-limit": "^3.1.0",
         "p-map": "^4.0.0",
@@ -178,7 +180,7 @@
         "pg-format": "^1.0.4",
         "pg-large-object": "^2.0.0",
         "pg-query-stream": "^4.6.0",
-        "postcss": "^8.4.41",
+        "postcss": "^8.5.6",
         "reflect-metadata": "^0.1.14",
         "semver": "^7.6.3",
         "short-uuid": "^4.2.2",
@@ -198,5 +200,14 @@
         "*.js": "eslint --cache --fix",
         "*.{js,css,md}": "prettier --write"
     },
-    "packageManager": "[email protected]"
+    "packageManager": "[email protected]",
+    "resolutions": {
+        "lodash": "^4.17.12",
+        "postcss": "^8.4.31",
+        "webpack-dev-server": "^5.2.1",
+        "dompurify": "^3.2.4",
+        "cookie": "^0.7.0",
+        "serialize-javascript": "^6.0.2",
+        "on-headers": "^1.1.0"
+    }
 }