Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TB - 84 Fix vulnerable packages/dependencies #1194

Merged
merged 20 commits into from
Jun 12, 2023
Merged
Show file tree
Hide file tree
Changes from 19 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
93d6bca
Update koa-passport and jsonwebtoken
nour-borgi May 30, 2023
b3cec8b
Update mongoose, mongodb, and agenda to later version
arran-standish Jun 1, 2023
ffc7441
Merge branch 'master' into TB-84-update-packages
nour-borgi Jun 1, 2023
720f1a3
Change channel audit log to use forked patch-history package instead
arran-standish Jun 1, 2023
68bc625
Revert bodyCull poll period change
arran-standish Jun 1, 2023
aaa59dc
Merge branch 'TB-84-update-packages' of github.com:jembi/openhim-core…
arran-standish Jun 1, 2023
563b9e5
Only mock passport injected session functions if not present
arran-standish Jun 1, 2023
0b2a712
Update node image version to be compatible with updated packages
arran-standish Jun 2, 2023
8624ae9
Move passport 0.6.x fix to logout method only
arran-standish Jun 2, 2023
a8bd868
Only install production npm packages on docker image
arran-standish Jun 2, 2023
47a9f29
Set NODE_ENV to production in the docker image so koa does not run in…
arran-standish Jun 5, 2023
69754c7
Try preserve the koa req session on logout
arran-standish Jun 5, 2023
3584286
Add blank eof lines
arran-standish Jun 5, 2023
a06aab3
Update travis to run on node v14 and v16 instead of v12 and v14
arran-standish Jun 5, 2023
771a8ae
Add test for coverage
arran-standish Jun 6, 2023
fb3cec9
Updated package-lock after npm audit fix
arran-standish Jun 9, 2023
ff50d4b
Update mongo session store to ignore the changed/rolling flags and ju…
arran-standish Jun 9, 2023
7c2bfbd
Add tests for improved coverage
arran-standish Jun 12, 2023
6fc27b1
Update version
arran-standish Jun 12, 2023
c9839df
Fix typo
bradsawadye Jun 12, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,19 @@
.github
.travis
.nyc_output
.vscode
.git
.gitignore
node_modules
lib/*
performance
packaging
infrastructure
test
.env.test
.eslintrc.json
.eslintignore
.npmignore
.nycrc.json
.prettierrc.yaml
.travis.yml
2 changes: 1 addition & 1 deletion .travis.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
language: node_js
node_js:
- "lts/erbium"
- "lts/fermium"
- "lts/gallium"
- "node"
matrix:
fast_finish: true
Expand Down
18 changes: 14 additions & 4 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,15 +1,25 @@
FROM node:14.17-alpine
FROM node:14.21.3-alpine as build

WORKDIR /build

COPY . .

RUN npm install && npm run build

FROM node:14.21.3-alpine

ENV NODE_ENV=production

RUN apk upgrade --update-cache --available && \
apk add openssl && \
rm -rf /var/cache/apk/*

WORKDIR /app

COPY . .
COPY --from=build ./build/lib ./lib

RUN npm install
COPY . .

RUN npm run build
RUN npm install --production

CMD ["node", "lib/server.js"]
7 changes: 4 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,13 @@ See the [development road-map](http://openhim.org/docs/introduction/roadmap) for

## Requirements

Last 2 versions of NodeJS LTS are supported
Currently supported versions of NodeJS LTS are

| NodeJS (LTS) | MongoDB |
| ------------ | -------------------------- |
| 10.x | >= 3.6 &#124;&#124; <= 4.2 |
| 12.x | >= 3.6 &#124;&#124; <= 4.2 |
| 14.2x.x | >= 3.6 &#124;&#124; <= 4.2 |
| 15.x | >= 3.6 &#124;&#124; <= 4.2 |


- [NodeJS Release Versions](https://github.com/nodejs/Release)
- [MongoDB NodeJS Driver Versions](https://mongodb.github.io/node-mongodb-native/)
Expand Down
7 changes: 7 additions & 0 deletions config/production.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"logger": {
"level": "warn",
"logToDB": true,
"capDBLogs": false
}
}
Loading