chore: security updates

.gitignore

@@ -151,7 +151,6 @@ dist
 
 # yarn v2
 .yarn/*
-!.yarn/releases
 !.yarn/plugins
 !.yarn/patches
 !.yarn/versions

.yarnrc.yml

@@ -1,5 +1,3 @@
 compressionLevel: mixed
 
 enableGlobalCache: false
-
-yarnPath: .yarn/releases/yarn-4.5.0.cjs

Dockerfile

@@ -20,21 +20,20 @@ ARG DIR
 
 WORKDIR ${DIR}
 
-COPY ./.yarn ${DIR}.yarn
 COPY ./package.json ./yarn.lock ./.yarnrc.yml ${DIR}/
 
-RUN yarn workspaces focus --all --production
+RUN corepack yarn workspaces focus --all --production
 
 FROM install AS build
 ARG DIR
 
 # Install dev deps too
-RUN yarn install --immutable
+RUN corepack yarn install --immutable
 
 COPY . ${DIR}
 
 # Build code and remove dev deps
-RUN yarn build --verbose && rm -rfv .yarn .pnp*
+RUN corepack yarn build --verbose && rm -rfv .yarn .pnp*
 
 FROM node:$NODE_VER AS production
 ARG DIR
@@ -53,5 +52,5 @@ COPY --from=build ${DIR} ${DIR}
 
 # Launch entrypoint with dumb-init
 # Remap SIGTERM to SIGINT https://github.com/Yelp/dumb-init#signal-rewriting
-ENTRYPOINT ["/usr/bin/dumb-init", "--rewrite", "15:2", "--", "yarn", "run"]
+ENTRYPOINT ["/usr/bin/dumb-init", "--rewrite", "15:2", "--", "corepack", "yarn", "run"]
 CMD ["start"]

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qlever-llc/unfisk",
-  "version": "2.2.3",
+  "version": "2.3.0",
   "description": "OADA uservice to \"unflatten\" a list into a list of links",
   "author": "Alex Layton <[email protected]>",
   "license": "Apache-2.0",
@@ -47,26 +47,26 @@
     ]
   },
   "dependencies": {
-    "@oada/client": "^5.2.3",
-    "@oada/lib-prom": "^4.0.0",
+    "@oada/client": "^5.2.4",
+    "@oada/lib-prom": "^4.0.1",
     "@oada/pino-debug": "^4.0.1",
     "convict": "^6.2.4",
     "debug": "^4.3.7",
     "dotenv": "^16.4.5",
     "moment": "^2.30.1",
-    "tslib": "^2.7.0"
+    "tslib": "^2.8.1"
   },
   "devDependencies": {
     "@ava/typescript": "^5.0.0",
     "@tsconfig/node22": "^22.0.0",
     "@types/convict": "^6.1.6",
     "@types/debug": "^4.1.12",
-    "@types/node": "^22.7.5",
+    "@types/node": "^22.9.1",
     "@types/prettier": "^3.0.0",
     "@typescript-eslint/eslint-plugin": "^7.18.0",
     "@typescript-eslint/parser": "^7.18.0",
     "@yarnpkg/sdks": "^3.2.0",
-    "ava": "6.1.3",
+    "ava": "6.2.0",
     "c8": "^10.1.2",
     "eslint": "^8.57.1",
     "eslint-config-prettier": "^9.1.0",
@@ -76,28 +76,31 @@
     "eslint-import-resolver-node": "^0.3.9",
     "eslint-plugin-array-func": "^5.0.2",
     "eslint-plugin-ava": "^15.0.1",
-    "eslint-plugin-escompat": "^3.11.3",
+    "eslint-plugin-escompat": "^3.11.4",
     "eslint-plugin-eslint-comments": "^3.2.0",
     "eslint-plugin-filenames": "^1.3.2",
     "eslint-plugin-github": "^5.0.2",
     "eslint-plugin-i18n-text": "^1.0.1",
     "eslint-plugin-import": "^2.31.0",
     "eslint-plugin-no-constructor-bind": "^2.0.4",
     "eslint-plugin-no-only-tests": "^3.3.0",
-    "eslint-plugin-no-secrets": "^1.0.2",
+    "eslint-plugin-no-secrets": "^1.1.2",
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-notice": "^1.0.0",
     "eslint-plugin-optimize-regex": "^1.2.1",
     "eslint-plugin-prettier": "^5.2.1",
     "eslint-plugin-promise": "^6.6.0",
-    "eslint-plugin-regexp": "^2.6.0",
+    "eslint-plugin-regexp": "^2.7.0",
     "eslint-plugin-security": "^3.0.1",
     "eslint-plugin-sonarjs": "^1.0.4",
     "eslint-plugin-unicorn": "^54.0.0",
     "prettier": "^3.3.3",
     "typescript": "^5.6.3"
   },
-  "packageManager": "[email protected]",
+  "resolutions": {
+    "cross-spawn": "^7.0.6"
+  },
+  "packageManager": "[email protected]",
   "volta": {
     "node": "22.9.0"
   }