fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-8482416
Create docker.yml
2024-12-08 06:56:05 +00:00 · 2021-06-09 15:33:41 +02:00 · 2021-03-30 10:54:04 +02:00 · 2021-03-30 08:53:20 +00:00 · 2021-01-24 10:46:24 +01:00 · 2021-01-21 02:54:29 +00:00
5 changed files with 442 additions and 426 deletions
@@ -0,0 +1,34 @@
 name: Docker
 on: ["push", "pull_request"]
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      - name: Cache Docker layers
        uses: actions/cache@v2
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-
      - name: Build
        uses: docker/build-push-action@v2
        with:
          context: ./
          file: ./Dockerfile
          builder: ${{ steps.buildx.outputs.name }}
          push: false
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new
      - name: Move cache
        run: |
          rm -rf /tmp/.buildx-cache
          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
      - name: Image digest
        run: echo ${{ steps.docker_build.outputs.digest }}
@@ -0,0 +1,18 @@
 FROM node:14
 # Create app directory
 WORKDIR /usr/src/app
 # Install app dependencies
 # A wildcard is used to ensure both package.json AND package-lock.json are copied
 # where available (npm@5+)
 COPY package*.json ./
 RUN npm install
 # If you are building your code for production
 # RUN npm ci --only=production
 # Bundle app source
 COPY . .
 CMD [ "sh", "-c", "node server.js" ]
@@ -1,3 +1,4 @@
 [![Scc Count Badge](https://sloc.xyz/github/klemek/snex.io/?category=code)](https://github.com/boyter/scc/#badges-beta)
 [![Language grade: JavaScript](https://img.shields.io/lgtm/grade/javascript/g/Klemek/snex.io.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/Klemek/snex.io/context:javascript)
 [![Total alerts](https://img.shields.io/lgtm/alerts/g/Klemek/snex.io.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/Klemek/snex.io/alerts/)
@@ -4,7 +4,7 @@
  "description": "my first socket.io app",
  "dependencies": {
    "color-convert": "^1.9.3",
-    "express": "^4.16.4",
+    "express": "^4.21.2",
-    "socket.io": "^2.3.0"
+    "socket.io": "^3.0.0"
  }
 }
Author	SHA1	Message	Date
snyk-bot	98daa5b413	fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-8482416	2024-12-08 06:56:05 +00:00
Klemek	6c44e5d911	Create docker.yml	2021-06-09 15:33:41 +02:00
Klemek	006f550f33	Merge pull request #6 from Klemek/snyk-fix-3b093f428d75a4c3435020e302401964 [Snyk] Security upgrade socket.io from 2.4.0 to 3.0.0	2021-03-30 10:54:04 +02:00
snyk-bot	739ae0e8c9	fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749	2021-03-30 08:53:20 +00:00
Klemek	c9d486529b	Merge pull request #5 from Klemek/dependabot/npm_and_yarn/socket.io-2.4.0 Bump socket.io from 2.3.0 to 2.4.0	2021-01-24 10:46:24 +01:00
dependabot[bot]	6cf3ca1ee6	Bump socket.io from 2.3.0 to 2.4.0 Bumps [socket.io](https://github.com/socketio/socket.io) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/2.4.0/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/2.3.0...2.4.0) Signed-off-by: dependabot[bot] <support@github.com>	2021-01-21 02:54:29 +00:00
klemek	09d492fb0e	Dockerfile support	2021-01-20 19:08:53 +01:00
Klemek	81bd82831e	Merge pull request #1 from Klemek/snyk-upgrade-ab468e9091690a243249aa5d25b8fbb2 [Snyk] Upgrade express from 4.16.4 to 4.17.1	2019-10-01 19:19:33 +02:00
Klemek	aa7c21b64e	Merge branch 'master' into snyk-upgrade-ab468e9091690a243249aa5d25b8fbb2	2019-10-01 19:09:20 +02:00
Klemek	d475f58911	Merge pull request #2 from Klemek/snyk-upgrade-963e357ab499e0fcea98beec809d5065 [Snyk] Upgrade socket.io from 2.1.1 to 2.3.0	2019-10-01 19:08:53 +02:00
Klemek	e964e97ce0	Update README.md	2019-10-01 09:06:32 +02:00
snyk-bot	e726840985	chore: upgrade express from 4.16.4 to 4.17.1 Snyk has created this PR to upgrade express from 4.16.4 to 4.17.1. See this package in NPM: https://www.npmjs.com/package/express See this project in Snyk: https://app.snyk.io/org/klemek/project/cedd5eae-8053-409b-b6e9-d7e490570c4e?utm_source=github&utm_medium=upgrade-pr	2019-09-30 23:42:46 +00:00