0.82.3: security updates (#358)

Author: rentallect

.github/workflows/build.yml

@@ -26,7 +26,21 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+
+      - name: Enable Corepack
+        run: corepack enable
+
+      - name: Prepare Yarn 4
+        run: corepack prepare yarn@4.0.2 --activate
+
+      - name: Verify Yarn version
+        run: yarn -v
+
+      - name: Set up Node.js with Corepack
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22   # Or another supported version
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1

.yarnrc.yml

@@ -0,0 +1 @@
+nodeLinker: node-modules

Dockerfile

@@ -1,10 +1,11 @@
-FROM node:18-bookworm-slim AS build
+# Stage 1: Install dependencies
+FROM node:22-slim AS build
 
 LABEL maintainer="OpenZiti <openziti@netfoundry.io>"
 
 # Install useful tools
 RUN apt-get update
-RUN apt-get install -y python3 build-essential
+RUN apt-get install -y python3 build-essential curl
 
 # Create directory for the Ziti BrowZer Bootstrapper, and explicitly set the owner of that new directory to the node user
 RUN mkdir /home/node/ziti-browzer-bootstrapper
@@ -14,28 +15,31 @@ WORKDIR /home/node/ziti-browzer-bootstrapper
 COPY --chown=node:node package.json ./
 COPY --chown=node:node yarn.lock ./
 
-# Install the dependencies for the Ziti BrowZer Bootstrapper according to yarn.lock (ci) without
-# devDepdendencies (--production), then uninstall npm which isn't needed.
-RUN  yarn install \
- && npm cache clean --force --loglevel=error 
+# Install Yarn 4 globally
+RUN corepack enable && corepack prepare yarn@4.0.2 --activate && yarn config set nodeLinker node-modules
 
 # Bring in the source of the Ziti BrowZer Bootstrapper to the working folder
 COPY --chown=node:node index.js .
 COPY --chown=node:node zha-docker-entrypoint .
 COPY --chown=node:node lib ./lib/
 COPY --chown=node:node assets ./assets/
 
-FROM node:18-bookworm-slim
+# Install dependencies (ensuring node_modules remains)
+RUN yarn install
 
-RUN apt-get update && apt-get install curl -y
+RUN ls -l
 
+# Stage 2: Production-ready image
+FROM node:22-slim
+
+WORKDIR /home/node/ziti-browzer-bootstrapper
+
+# Copy installed node_modules from build stage
 COPY --from=build /home/node/ziti-browzer-bootstrapper /home/node/ziti-browzer-bootstrapper
 
 RUN chown -R node:node /home/node/ziti-browzer-bootstrapper
 USER node
 
-WORKDIR /home/node/ziti-browzer-bootstrapper
-
 # Expose the Ziti BrowZer Bootstrapper for traffic to be proxied (8000) and the
 # REST API where it can be configured (8001)
 EXPOSE 8000

package.json

@@ -1,6 +1,6 @@
 {
   "name": "ziti-browzer-bootstrapper",
-  "version": "0.82.2",
+  "version": "0.82.3",
   "compatibleControllerVersion": ">=0.27.9",
   "description": "Ziti BrowZer Bootstrapper -- providing Ziti network access into Dark web server",
   "main": "index.js",
@@ -20,8 +20,8 @@
   "license": "Apache-2.0",
   "dependencies": {
     "@openziti/ziti-browzer-edge-client": "^0.6.2",
-    "@openziti/ziti-browzer-runtime": "^0.98.0",
-    "@openziti/ziti-browzer-sw": "^0.75.0",
+    "@openziti/ziti-browzer-runtime": "^0.101.0",
+    "@openziti/ziti-browzer-sw": "^0.78.0",
     "acme-http-01-standalone": "^3.0.5",
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1",
@@ -65,7 +65,7 @@
     "serve-favicon": "^2.5.0",
     "trumpet": "^1.7.2",
     "urlon": "^3.1.0",
-    "uuid": "^9.0.1",
+    "uuid": "^11.1.0",
     "vhost": "^3.0.2",
     "winston": "~3.13.0"
   },
@@ -79,5 +79,6 @@
     "semver": "^7.3.7",
     "sse": "0.0.8",
     "xmlhttprequest-ssl": ">=1.6.2"
-  }
+  },
+  "packageManager": "yarn@4.0.2+sha512.4e502bea682e7d8004561f916f1da2dfbe6f718024f6aa50bf8cd86f38ea3a94a7f1bf854a9ca666dd8eafcfb8d44baaa91bf5c7876e79a7aeac952c332f0e88"
 }