Merge pull request #132 from pact-foundation/snyk-fix-4f29b86c268c5e9…

…bc21ef68bdcfeed94 [Snyk] Security upgrade alpine from 3.19 to 3
pact-foundation · Jun 25, 2024 · 3a5b063 · 3a5b063
2 parents 6717a43 + 61886d6
commit 3a5b063
Show file tree

Hide file tree

Showing 9 changed files with 42 additions and 28 deletions.
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -22,7 +22,7 @@ jobs:
       DOCKER_TARGET_PLATFORM: ${{ matrix.DOCKER_TARGET_PLATFORM }}
       TAG: latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Prepare Docker multi-arch builder for ${{ matrix.DOCKER_TARGET_PLATFORM }}
         if: ${{ matrix.DOCKER_TARGET_PLATFORM }} == 'linux/arm' || 'linux/arm64'
         run: ./script/release-workflow/docker-prepare.sh

diff --git a/.github/workflows/release_image.yml b/.github/workflows/release_image.yml
@@ -35,7 +35,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -8,7 +8,7 @@ jobs:
     env:
       DOCKER_IMAGE_ORG_AND_NAME: pactfoundation/pact-cli
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Integration tests
         run: script/test.sh
@@ -22,7 +22,7 @@ jobs:
       matrix:
         node: [ 16, 18, 20 ]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
 
       - name: Login to Docker Hub

diff --git a/.github/workflows/update-gems.yml b/.github/workflows/update-gems.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
     - uses: ruby/setup-ruby@v1

diff --git a/.ruby-version b/.ruby-version
@@ -1 +1 @@
-3.2
+3.3.3
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 
 LABEL maintainer="Beth Skurrie <[email protected]>"
 
@@ -9,33 +9,34 @@ ADD docker/gemrc /root/.gemrc
 ADD docker/pact /usr/local/bin/pact
 
 RUN apk update \
-  && apk add ruby=3.2.4-r0 \
-             ruby-io-console=3.2.4-r0 \
+  && apk add ruby=3.3.3-r0 \
+             ruby-io-console=3.3.3-r0 \
              ca-certificates=20240226-r0 \
              libressl \
              less \
              git \
   && apk add --virtual "build-dependencies" \
              build-base=0.5-r3 \
-             ruby-dev=3.2.4-r0 \
+             ruby-dev=3.3.3-r0 \
              libressl-dev \
-             ruby-rdoc=3.2.4-r0 \
+             ruby-rdoc=3.3.3-r0 \
   && gem install bundler -v "~>2.5" \
   && bundler -v \
   && bundle config build.nokogiri --use-system-libraries \
   && bundle config git.allow_insecure true \
-  && gem update --system \
+  && gem update --system 3.5.14 \
   && gem install json -v "~>2.3" \
   && gem install bigdecimal -v "~>3.1" \
+  && gem install racc -v "~>1.8" \
   && gem cleanup \
   && apk del build-dependencies \
   && rm -rf /usr/lib/ruby/gems/*/cache/* \
             /var/cache/apk/* \
             /tmp/* \
             /var/tmp/*
 
-ENV HOME /pact
-ENV DOCKER true
+ENV HOME=/pact
+ENV DOCKER=true
 ENV BUNDLE_GEMFILE=$HOME/Gemfile
 WORKDIR $HOME
 
@@ -46,7 +47,7 @@ ADD lib/pact/cli/version.rb ./lib/pact/cli/version.rb
 RUN bundle config set without 'test development' \
     bundle config set deployment 'true' \
       && bundle install \
-      && find /usr/lib/ruby/gems/3.2.0/gems -name Gemfile.lock -maxdepth 2 -delete
+      && find /usr/lib/ruby/gems/3.3.0/gems -name Gemfile.lock -maxdepth 2 -delete
 ADD docker/entrypoint.sh $HOME/entrypoint.sh
 ADD bin ./bin
 ADD lib ./lib

diff --git a/Dockerfile-bundle-base b/Dockerfile-bundle-base
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 
 ENV NOKOGIRI_USE_SYSTEM_LIBRARIES=1
 ENV BUNDLE_SILENCE_ROOT_WARNING=1
@@ -20,12 +20,13 @@ RUN apk update \
              ruby-rdoc \
   && bundle config build.nokogiri --use-system-libraries \
   && bundle config git.allow_insecure true \
-  && gem update --system \
+  && gem update --system 3.5.14 \
   && gem install json \
-  && gem install bigdecimal
+  && gem install bigdecimal \
+  && gem install racc
 
-ENV HOME /pact
-ENV DOCKER true
+ENV HOME=/pact
+ENV DOCKER=true
 WORKDIR $HOME
 
 ADD pact-cli.gemspec Gemfile Gemfile.lock $HOME/

diff --git a/Dockerfile-node b/Dockerfile-node
@@ -1,5 +1,5 @@
 ARG NODE_VERSION=18
-FROM node:${NODE_VERSION}-alpine3.19
+FROM node:${NODE_VERSION}-alpine3.20
 
 LABEL maintainer="Beth Skurrie <[email protected]>"
 
@@ -32,16 +32,18 @@ RUN apk update \
   && bundler -v \
   && bundle config build.nokogiri --use-system-libraries \
   && bundle config git.allow_insecure true \
-  && gem update --system \
+  && gem update --system 3.5.14 \
   && gem install json -v "~>2.3" \
+  && gem install bigdecimal -v "~>3.1" \
+  && gem install racc -v "~>1.8" \
   && gem cleanup \
   && rm -rf /usr/lib/ruby/gems/*/cache/* \
             /var/cache/apk/* \
             /tmp/* \
             /var/tmp/*
 
-ENV HOME /pact
-ENV DOCKER true
+ENV HOME=/pact
+ENV DOCKER=true
 ENV BUNDLE_GEMFILE=$HOME/Gemfile
 WORKDIR $HOME
 
@@ -50,7 +52,7 @@ ADD Gemfile .
 ADD Gemfile.lock .
 ADD lib/pact/cli/version.rb ./lib/pact/cli/version.rb
 RUN  bundle install --without test development --deployment true \
-      && find /usr/lib/ruby/gems/3.2.0/gems -name Gemfile.lock -maxdepth 2 -delete
+      && find /usr/lib/ruby/gems/3.3.0/gems -name Gemfile.lock -maxdepth 2 -delete
 ADD docker/entrypoint.sh $HOME/entrypoint.sh
 ADD bin ./bin
 ADD lib ./lib

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -29,7 +29,7 @@ GEM
     dig_rb (1.0.1)
     expgen (0.1.1)
       parslet
-    faraday (2.9.1)
+    faraday (2.9.2)
       faraday-net_http (>= 2.0, < 3.2)
     faraday-net_http (3.1.0)
       net-http
@@ -43,6 +43,8 @@ GEM
     json (2.7.2)
     method_source (1.1.0)
     mini_mime (1.1.5)
+    mize (0.4.1)
+      protocol (~> 2.0)
     multi_xml (0.7.1)
       bigdecimal (~> 3.1)
     net-http (0.4.1)
@@ -91,9 +93,12 @@ GEM
       term-ansicolor (~> 1.7)
       thor (>= 0.20, < 2.0)
     parslet (2.0.0)
+    protocol (2.0.0)
+      ruby_parser (~> 3.0)
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
+    racc (1.8.0)
     rack (2.2.9)
     rack-proxy (0.7.7)
       rack
@@ -119,9 +124,14 @@ GEM
     rspec-support (3.13.1)
     rspec_junit_formatter (0.6.0)
       rspec-core (>= 2, < 4, != 2.12.0)
+    ruby_parser (3.21.0)
+      racc (~> 1.5)
+      sexp_processor (~> 4.16)
+    sexp_processor (4.17.1)
     sync (0.5.0)
     table_print (1.5.7)
-    term-ansicolor (1.8.0)
+    term-ansicolor (1.10.2)
+      mize
       tins (~> 1.0)
     thor (1.3.1)
     tins (1.33.0)
@@ -142,4 +152,4 @@ DEPENDENCIES
   rspec (~> 3.0)
 
 BUNDLED WITH
-   2.5.10
+   2.5.14