Update packages, node.js version and Dockerfile #84

tripleawwy · 2021-06-03T17:30:16Z

Since this repository is not being maintained, we had a look into it and updated some packages as well as optimized the Dockerfile
and updated to NODE.JS v12.

Misc:

drop dead code
add github actions to push Docker image to ghcr

…ded accidently

…set WORKDIR first and RUN commands relative to current dir

Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8. - [Release notes](https://github.com/isaacs/ini/releases) - [Commits](npm/ini@v1.3.5...v1.3.8) Signed-off-by: dependabot[bot] <[email protected]>

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.15...4.17.21) Signed-off-by: dependabot[bot] <[email protected]>

…-4.17.21 Bump lodash from 4.17.15 to 4.17.21

Bump ini from 1.3.5 to 1.3.8

…eprecation warning

Also delete the package-lock.json since I can't regenerate it at the moment

SRVUC-40: Solve issues with webhook bridge on newer Matrix Synapse versions

Bumps [css-what](https://github.com/fb55/css-what) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/fb55/css-what/releases) - [Commits](fb55/css-what@v5.0.0...v5.0.1) --- updated-dependencies: - dependency-name: css-what dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [nth-check](https://github.com/fb55/nth-check) from 2.0.0 to 2.0.1. - [Release notes](https://github.com/fb55/nth-check/releases) - [Commits](fb55/nth-check@v2.0.0...v2.0.1) --- updated-dependencies: - dependency-name: nth-check dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [i](https://github.com/pksunkara/inflect) from 0.3.6 to 0.3.7. - [Release notes](https://github.com/pksunkara/inflect/releases) - [Commits](pksunkara/inflect@v0.3.6...v0.3.7) --- updated-dependencies: - dependency-name: i dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Snyk has created this PR to upgrade db-migrate-sqlite3 from 0.3.1 to 0.4.0. See this package in npm: https://www.npmjs.com/package/db-migrate-sqlite3 See this project in Snyk: https://app.snyk.io/org/netresearch/project/836184be-d734-4cc5-9692-acedcd0d888f?utm_source=github&utm_medium=referral&page=upgrade-pr

Snyk has created this PR to upgrade mime from 2.5.2 to 2.6.0. See this package in npm: https://www.npmjs.com/package/mime See this project in Snyk: https://app.snyk.io/org/netresearch/project/836184be-d734-4cc5-9692-acedcd0d888f?utm_source=github&utm_medium=referral&page=upgrade-pr

Snyk has created this PR to upgrade node-emoji from 1.10.0 to 1.11.0. See this package in npm: https://www.npmjs.com/package/node-emoji See this project in Snyk: https://app.snyk.io/org/netresearch/project/836184be-d734-4cc5-9692-acedcd0d888f?utm_source=github&utm_medium=referral&page=upgrade-pr

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SQLITE3-2388645

Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3. - [Release notes](https://github.com/ljharb/qs/releases) - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) --- updated-dependencies: - dependency-name: qs dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [moment-timezone](https://github.com/moment/moment-timezone) from 0.5.33 to 0.5.40. - [Release notes](https://github.com/moment/moment-timezone/releases) - [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md) - [Commits](moment/moment-timezone@0.5.33...0.5.40) --- updated-dependencies: - dependency-name: moment-timezone dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [express](https://github.com/expressjs/express) from 4.17.1 to 4.17.3. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.1...4.17.3) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Removes [matrix-js-sdk](https://github.com/matrix-org/matrix-js-sdk). It's no longer used after updating ancestor dependency [matrix-appservice-bridge](https://github.com/matrix-org/matrix-appservice-bridge). These dependencies need to be updated together. Removes `matrix-js-sdk` Updates `matrix-appservice-bridge` from 2.6.1 to 8.0.0 - [Release notes](https://github.com/matrix-org/matrix-appservice-bridge/releases) - [Changelog](https://github.com/matrix-org/matrix-appservice-bridge/blob/develop/CHANGELOG.md) - [Commits](matrix-org/matrix-appservice-bridge@2.6.1...8.0.0) --- updated-dependencies: - dependency-name: matrix-js-sdk dependency-type: indirect - dependency-name: matrix-appservice-bridge dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.7. - [Release notes](https://github.com/minimistjs/minimist/releases) - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.7) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v5.0.0...v5.0.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [json-schema](https://github.com/kriszyp/json-schema) and [jsprim](https://github.com/joyent/node-jsprim). These dependencies needed to be updated together. Updates `json-schema` from 0.2.3 to 0.4.0 - [Release notes](https://github.com/kriszyp/json-schema/releases) - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `jsprim` from 1.4.1 to 1.4.2 - [Release notes](https://github.com/joyent/node-jsprim/releases) - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: json-schema dependency-type: indirect - dependency-name: jsprim dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [ssh2](https://github.com/mscdex/ssh2) and [tunnel-ssh](https://github.com/agebrock/tunnel-ssh). These dependencies needed to be updated together. Updates `ssh2` from 0.5.4 to 1.4.0 - [Release notes](https://github.com/mscdex/ssh2/releases) - [Commits](mscdex/ssh2@v0.5.4...v1.4.0) Updates `tunnel-ssh` from 4.1.4 to 4.1.6 - [Release notes](https://github.com/agebrock/tunnel-ssh/releases) - [Commits](https://github.com/agebrock/tunnel-ssh/commits) --- updated-dependencies: - dependency-name: ssh2 dependency-type: indirect - dependency-name: tunnel-ssh dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [validator](https://github.com/validatorjs/validator.js) to 13.7.0 and updates ancestor dependency [sequelize](https://github.com/sequelize/sequelize). These dependencies need to be updated together. Updates `validator` from 10.11.0 to 13.7.0 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@10.11.0...13.7.0) Updates `sequelize` from 4.44.4 to 6.28.0 - [Release notes](https://github.com/sequelize/sequelize/releases) - [Commits](sequelize/sequelize@v4.44.4...v6.28.0) --- updated-dependencies: - dependency-name: validator dependency-type: indirect - dependency-name: sequelize dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](kornelski/http-cache-semantics@v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [sequelize](https://github.com/sequelize/sequelize) from 6.28.0 to 6.29.0. - [Release notes](https://github.com/sequelize/sequelize/releases) - [Commits](sequelize/sequelize@v6.28.0...v6.29.0) --- updated-dependencies: - dependency-name: sequelize dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [sqlite3](https://github.com/TryGhost/node-sqlite3) from 5.0.3 to 5.1.5. - [Release notes](https://github.com/TryGhost/node-sqlite3/releases) - [Commits](TryGhost/node-sqlite3@v5.0.3...v5.1.5) --- updated-dependencies: - dependency-name: sqlite3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [dottie](https://github.com/mickhansen/dottie.js) from 2.0.3 to 2.0.4. - [Release notes](https://github.com/mickhansen/dottie.js/releases) - [Commits](mickhansen/dottie.js@v2.0.3...v2.0.4) --- updated-dependencies: - dependency-name: dottie dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [semver](https://github.com/npm/node-semver) from 5.7.1 to 5.7.2. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [postcss](https://github.com/postcss/postcss) from 8.4.20 to 8.4.31. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.20...8.4.31) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [ip](https://github.com/indutny/node-ip) from 2.0.0 to 2.0.1. - [Commits](indutny/node-ip@v2.0.0...v2.0.1) --- updated-dependencies: - dependency-name: ip dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [tar](https://github.com/isaacs/node-tar) to 6.2.1 and updates ancestor dependency [db-migrate-sqlite3](https://github.com/db-migrate/sqlite). These dependencies need to be updated together. Updates `tar` from 6.1.13 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.13...v6.2.1) Updates `db-migrate-sqlite3` from 0.4.0 to 0.5.0 - [Changelog](https://github.com/db-migrate/sqlite/blob/master/CHANGELOG.md) - [Commits](db-migrate/sqlite@v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: tar dependency-type: indirect - dependency-name: db-migrate-sqlite3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [express](https://github.com/expressjs/express) from 4.17.3 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.3...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.2 to 1.15.6. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html) from 2.8.0 to 2.12.1. - [Changelog](https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md) - [Commits](apostrophecms/sanitize-html@2.8.0...2.12.1) --- updated-dependencies: - dependency-name: sanitize-html dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [qs](https://github.com/ljharb/qs) to 6.11.0 and updates ancestor dependency [body-parser](https://github.com/expressjs/body-parser). These dependencies need to be updated together. Updates `qs` from 6.7.0 to 6.11.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.7.0...v6.11.0) Updates `body-parser` from 1.19.0 to 1.20.2 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.19.0...1.20.2) --- updated-dependencies: - dependency-name: qs dependency-type: indirect - dependency-name: body-parser dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

Removes [axios](https://github.com/axios/axios). It's no longer used after updating ancestor dependency [matrix-appservice-bridge](https://github.com/matrix-org/matrix-appservice-bridge). These dependencies need to be updated together. Removes `axios` Updates `matrix-appservice-bridge` from 8.0.0 to 10.3.1 - [Release notes](https://github.com/matrix-org/matrix-appservice-bridge/releases) - [Changelog](https://github.com/matrix-org/matrix-appservice-bridge/blob/develop/CHANGELOG.md) - [Commits](matrix-org/matrix-appservice-bridge@8.0.0...10.3.1) --- updated-dependencies: - dependency-name: axios dependency-type: indirect - dependency-name: matrix-appservice-bridge dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [body-parser](https://github.com/expressjs/body-parser) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together. Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `express` from 4.19.2 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.19.2...4.21.1) --- updated-dependencies: - dependency-name: body-parser dependency-type: direct:production - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

CybotTM and others added 30 commits February 13, 2020 15:39

update packages

cd7efad

use stages in Dockerfile

c50160a

update shebang line; set execute bit for script file;

d4bbc57

complete .dockerignore

3bab85b

replace docker-start.sh with docker-entrypoint.sh

5c21601

explizitly name files to COPY into container image - prevent files ad…

78fa77b

…ded accidently

tweak build stage: move RUNs which most likely change to the bottom, …

3f78802

…set WORKDIR first and RUN commands relative to current dir

update to node 13

2cce8cd

drop dead code

e5b1a93

drop obsolete packages

82ce416

Bump ini from 1.3.5 to 1.3.8

31f4ce5

Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8. - [Release notes](https://github.com/isaacs/ini/releases) - [Commits](npm/ini@v1.3.5...v1.3.8) Signed-off-by: dependabot[bot] <[email protected]>

Bump lodash from 4.17.15 to 4.17.21

b9fc6aa

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.15...4.17.21) Signed-off-by: dependabot[bot] <[email protected]>

Merge branch 'turt2live:master' into master

7491e9f

Merge pull request #3 from netresearch/dependabot/npm_and_yarn/lodash…

75630f3

…-4.17.21 Bump lodash from 4.17.15 to 4.17.21

Merge pull request #2 from netresearch/dependabot/npm_and_yarn/ini-1.3.8

02b7291

Bump ini from 1.3.5 to 1.3.8

SRVUC-40: update package.json and package.json.lock

af22d3d

SRVUC-40: update operateAliases to use a non boolean input to avoid d…

f7ffbc0

…eprecation warning

SRVUC-40: Update Dockerfile to use python3 instead of python package

afa0aa4

SRVUC-40: Downgrade dependencies to their original versions

7f87b43

Also delete the package-lock.json since I can't regenerate it at the moment

SRVUC-40: Downgrade to Node.JS v12 since it's LTS

f9415d8

SRVUC-40: Generate package-lock.json

6cae922

SRVUC-40: Add workflows to build Docker images

ff421f3

use indent spaces:2 and remove workflow publish-when-pushed

6b74b93

add github workflow badge

d7202e3

Merge pull request #4 from netresearch/SRVUC-40

bf04cda

SRVUC-40: Solve issues with webhook bridge on newer Matrix Synapse versions

SRVUC-40: remove pushing to DockerHub in GitHub workflows

7156115

add additional step to get the actual tag

7b96aa8

Merge branch 'master' of github.com:turt2live/matrix-appservice-webhooks

cdff7bb

adjust GitHub workflow to use variable to push to ghcr

376ac1c

dependabot bot and others added 30 commits December 24, 2021 11:35

fix: package.json & package-lock.json to reduce vulnerabilities

974a5c5

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SQLITE3-2388645

Bump ip from 2.0.0 to 2.0.1

54764fd

Bumps [ip](https://github.com/indutny/node-ip) from 2.0.0 to 2.0.1. - [Commits](indutny/node-ip@v2.0.0...v2.0.1) --- updated-dependencies: - dependency-name: ip dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update packages, node.js version and Dockerfile #84

Update packages, node.js version and Dockerfile #84

tripleawwy commented Jun 3, 2021

Update packages, node.js version and Dockerfile #84

Are you sure you want to change the base?

Update packages, node.js version and Dockerfile #84

Conversation

tripleawwy commented Jun 3, 2021