From db496142f958aa7addba3e27798cbcc808d9eca8 Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst Date: Mon, 27 Feb 2023 11:15:45 +0100 Subject: [PATCH 01/24] framework: esi, fragments not used so disable --- config/packages/framework.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml index 52cb9d4a..0dfb7d7f 100644 --- a/config/packages/framework.yaml +++ b/config/packages/framework.yaml @@ -10,7 +10,7 @@ framework: cookie_secure: auto cookie_samesite: lax assets: ~ - #esi: true + esi: false fragments: false php_errors: log: "%kernel.debug%" From 6bd988241caa6b978c15114a4e7b20b23e4758c2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Mar 2023 10:05:57 +0000 Subject: [PATCH 02/24] Bump webpack from 5.75.0 to 5.76.0 Bumps [webpack](https://github.com/webpack/webpack) from 5.75.0 to 5.76.0. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0) --- updated-dependencies: - dependency-name: webpack dependency-type: direct:development ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index d2d511cb..4e79babf 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ "ts-jest": "^27", "ts-loader": "^9.0", "typescript": "^4", - "webpack": "^5.75.0", + "webpack": "^5.76.0", "webpack-cli": "^5.0.0", "webpack-import-glob-loader": "^1.6.3" }, diff --git a/yarn.lock b/yarn.lock index 91b119ff..5bbfc562 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6879,10 +6879,10 @@ webpack-sources@^3.2.3: resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.2.3.tgz#2d4daab8451fd4b240cc27055ff6a0c2ccea0cde" integrity sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w== -webpack@^5.75.0: - version "5.75.0" - resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.75.0.tgz#1e440468647b2505860e94c9ff3e44d5b582c152" - integrity sha512-piaIaoVJlqMsPtX/+3KTTO6jfvrSYgauFVdt8cr9LTHKmcq/AMd4mhzsiP7ZF/PGRNPGA8336jldh9l2Kt2ogQ== +webpack@^5.76.0: + version "5.76.0" + resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.76.0.tgz#f9fb9fb8c4a7dbdcd0d56a98e56b8a942ee2692c" + integrity sha512-l5sOdYBDunyf72HW8dF23rFtWq/7Zgvt/9ftMof71E/yUb1YLOBmTgA2K4vQthB3kotMrSj609txVE0dnr2fjA== dependencies: "@types/eslint-scope" "^3.7.3" "@types/estree" "^0.0.51" From 8f25d748197e7bdce40c58b29a26b6826a075ad4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Apr 2023 21:19:57 +0000 Subject: [PATCH 03/24] Bump guzzlehttp/psr7 from 1.9.0 to 1.9.1 Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/guzzle/psr7/releases) - [Changelog](https://github.com/guzzle/psr7/blob/1.9.1/CHANGELOG.md) - [Commits](https://github.com/guzzle/psr7/compare/1.9.0...1.9.1) --- updated-dependencies: - dependency-name: guzzlehttp/psr7 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- composer.lock | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/composer.lock b/composer.lock index eb2d5f3b..fa0d6f33 100644 --- a/composer.lock +++ b/composer.lock @@ -627,16 +627,16 @@ }, { "name": "guzzlehttp/psr7", - "version": "1.9.0", + "version": "1.9.1", "source": { "type": "git", "url": "https://github.com/guzzle/psr7.git", - "reference": "e98e3e6d4f86621a9b75f623996e6bbdeb4b9318" + "reference": "e4490cabc77465aaee90b20cfc9a770f8c04be6b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/psr7/zipball/e98e3e6d4f86621a9b75f623996e6bbdeb4b9318", - "reference": "e98e3e6d4f86621a9b75f623996e6bbdeb4b9318", + "url": "https://api.github.com/repos/guzzle/psr7/zipball/e4490cabc77465aaee90b20cfc9a770f8c04be6b", + "reference": "e4490cabc77465aaee90b20cfc9a770f8c04be6b", "shasum": "" }, "require": { @@ -655,11 +655,6 @@ "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses" }, "type": "library", - "extra": { - "branch-alias": { - "dev-master": "1.9-dev" - } - }, "autoload": { "files": [ "src/functions_include.php" @@ -717,7 +712,7 @@ ], "support": { "issues": "https://github.com/guzzle/psr7/issues", - "source": "https://github.com/guzzle/psr7/tree/1.9.0" + "source": "https://github.com/guzzle/psr7/tree/1.9.1" }, "funding": [ { @@ -733,7 +728,7 @@ "type": "tidelift" } ], - "time": "2022-06-20T21:43:03+00:00" + "time": "2023-04-17T16:00:37+00:00" }, { "name": "kairos/phpqrcode", @@ -1127,25 +1122,25 @@ }, { "name": "psr/http-message", - "version": "1.0.1", + "version": "1.1", "source": { "type": "git", "url": "https://github.com/php-fig/http-message.git", - "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363" + "reference": "cb6ce4845ce34a8ad9e68117c10ee90a29919eba" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363", - "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363", + "url": "https://api.github.com/repos/php-fig/http-message/zipball/cb6ce4845ce34a8ad9e68117c10ee90a29919eba", + "reference": "cb6ce4845ce34a8ad9e68117c10ee90a29919eba", "shasum": "" }, "require": { - "php": ">=5.3.0" + "php": "^7.2 || ^8.0" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "1.0.x-dev" + "dev-master": "1.1.x-dev" } }, "autoload": { @@ -1174,9 +1169,9 @@ "response" ], "support": { - "source": "https://github.com/php-fig/http-message/tree/master" + "source": "https://github.com/php-fig/http-message/tree/1.1" }, - "time": "2016-08-06T14:39:51+00:00" + "time": "2023-04-04T09:50:52+00:00" }, { "name": "psr/log", From 7a184d846f421e102baddda61b18b5e767644139 Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst Date: Tue, 25 Apr 2023 10:23:05 +0200 Subject: [PATCH 04/24] Trivial translation typo fix --- translations/error/messages.nl.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translations/error/messages.nl.yml b/translations/error/messages.nl.yml index 97be1129..7e8a13fb 100644 --- a/translations/error/messages.nl.yml +++ b/translations/error/messages.nl.yml @@ -1,7 +1,7 @@ stepup.error.page_not_found: title: Pagina niet gevonden text: De pagina die je zocht kan niet gevonden worden. -stepup.error.support_page.text: Bezoek de support pagina als dit je probleem niet oplost. Op deze pagina vind je meer informatie over de mogelijk oorzaken en hoe je contact kan opnemen met het supportteam. +stepup.error.support_page.text: Bezoek de support pagina als dit je probleem niet oplost. Op deze pagina vind je meer informatie over de mogelijke oorzaken en hoe je contact kan opnemen met het supportteam. stepup.error.generic_error: title: Oeps! description: Er is iets mis gegaan. Probeer het opnieuw. From 9700643b5f02dd60882f476547679fe76fb72826 Mon Sep 17 00:00:00 2001 From: Pieter van der Meulen Date: Wed, 10 May 2023 11:49:18 +0200 Subject: [PATCH 05/24] Set COMPOSER_VERSION=2 --- component_info | 1 + 1 file changed, 1 insertion(+) diff --git a/component_info b/component_info index 7e273ad3..b63d8eb7 100644 --- a/component_info +++ b/component_info @@ -3,3 +3,4 @@ SYMFONY_VERSION=4 ENCORE=yes ASSETIC=no NODE_VERSION=14 +COMPOSER_VERSION=2 From 01611944bd30818dfa0cfd3a4584bb5a82643136 Mon Sep 17 00:00:00 2001 From: Dan Date: Tue, 20 Jun 2023 15:58:50 +0300 Subject: [PATCH 06/24] Adding the github actions pipelines for this app --- .github/workflows/build-push-docker-image.yml | 58 +++++++++++++++++++ .github/workflows/tag-release.yml | 11 +++- 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/build-push-docker-image.yml diff --git a/.github/workflows/build-push-docker-image.yml b/.github/workflows/build-push-docker-image.yml new file mode 100644 index 00000000..97207eef --- /dev/null +++ b/.github/workflows/build-push-docker-image.yml @@ -0,0 +1,58 @@ +name: build-push-docker-image + +#on: workflow_dispatch +on: + push: + branches: feature/docker_configs + workflow_dispatch: + +jobs: + build-push-docker-image: + runs-on: ubuntu-latest + permissions: + packages: write + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Get the latest release + id: release + uses: robinraju/release-downloader@v1.7 + with: + latest: true + fileName: "*.tar.bz2" + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push the Production image + uses: docker/build-push-action@v4 + with: + context: . + file: docker/Dockerfile.prod + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ghcr.io/openconext/stepup-tiqr/stepup-tiqr:prod + ghcr.io/openconext/stepup-tiqr/stepup-tiqr:${{ github.sha }} + ghcr.io/openconext/stepup-tiqr/stepup-tiqr:${{ steps.release.outputs.tag_name }} + + - name: Build and push the Development image + uses: docker/build-push-action@v4 + with: + context: . + file: docker/Dockerfile.dev + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ghcr.io/openconext/stepup-tiqr/stepup-tiqr:dev diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml index a8b8d531..fdffb2ac 100644 --- a/.github/workflows/tag-release.yml +++ b/.github/workflows/tag-release.yml @@ -60,4 +60,13 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - release_id: ${{ steps.create_release.outputs.id }} \ No newline at end of file + release_id: ${{ steps.create_release.outputs.id }} + + after_build: + needs: build + runs-on: ubuntu-latest + steps: + - name: Trigger Docker container build + uses: benc-uk/workflow-dispatch@v1 + with: + workflow: build-push-docker-image.yml From 8a784de4694ac095f142a5c3bb9e95895da98c28 Mon Sep 17 00:00:00 2001 From: Dan Date: Tue, 20 Jun 2023 16:01:27 +0300 Subject: [PATCH 07/24] Adding the Dockerfiles for this app --- docker/Dockerfile.dev | 10 ++++++++++ docker/Dockerfile.prod | 18 ++++++++++++++++++ docker/conf/tiqr-apache2.conf | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 62 insertions(+) create mode 100644 docker/Dockerfile.dev create mode 100644 docker/Dockerfile.prod create mode 100644 docker/conf/tiqr-apache2.conf diff --git a/docker/Dockerfile.dev b/docker/Dockerfile.dev new file mode 100644 index 00000000..4cc232be --- /dev/null +++ b/docker/Dockerfile.dev @@ -0,0 +1,10 @@ +FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2-node14-composer2:latest + +RUN rm -rf /etc/apache2/sites-enabled/* +COPY ./docker/conf/tiqr-apache2.conf /etc/apache2/sites-enabled/tiqr.conf +EXPOSE 80 + +# Set the default workdir +WORKDIR /var/www/html + +CMD ["apache2-foreground"] diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod new file mode 100644 index 00000000..fe5319f8 --- /dev/null +++ b/docker/Dockerfile.prod @@ -0,0 +1,18 @@ +FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2:latest AS php-build +COPY *.tar.bz2 /tmp/ +RUN tar -xvjf /tmp/*.tar.bz2 -C /var/www/html/ && \ + rm -rf /tmp/*.tar.bz2 + +# Add the application configuration files +COPY .env .env +COPY config/legacy/parameters.yaml.dist config/legacy/parameters.yaml + +# Add the config files for Apache2 +RUN rm -rf /etc/apache2/sites-enabled/* +COPY ./docker/conf/tiqr-apache2.conf /etc/apache2/sites-enabled/tiqr.conf +EXPOSE 80 + +# Set the default workdir +WORKDIR /var/www/html + +CMD ["apache2-foreground"] diff --git a/docker/conf/tiqr-apache2.conf b/docker/conf/tiqr-apache2.conf new file mode 100644 index 00000000..c331a8fc --- /dev/null +++ b/docker/conf/tiqr-apache2.conf @@ -0,0 +1,34 @@ + + ServerName tiqr + ServerAdmin admin@surf.nl + + DocumentRoot /var/www/html/public + + SetEnv APP_ENV prod + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + + + Require all granted + + Options -MultiViews + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^(.*)$ index.php [QSA,L] + + + Require all granted + + + Header always set X-Content-Type-Options "nosniff" + + # Set the php application handler so mod_php interpets the files + + SetHandler application/x-httpd-php + + + ExpiresActive on + ExpiresByType font/* "access plus 1 year" + ExpiresByType image/* "access plus 6 months" + ExpiresByType text/css "access plus 1 year" + ExpiresByType text/js "access plus 1 year" + From 192b22b1c1900f81e2556118160b39216e835d9d Mon Sep 17 00:00:00 2001 From: Dan Date: Tue, 20 Jun 2023 16:07:43 +0300 Subject: [PATCH 08/24] We do not need this --- docker/Dockerfile.prod | 1 - 1 file changed, 1 deletion(-) diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index fe5319f8..723a618f 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -4,7 +4,6 @@ RUN tar -xvjf /tmp/*.tar.bz2 -C /var/www/html/ && \ rm -rf /tmp/*.tar.bz2 # Add the application configuration files -COPY .env .env COPY config/legacy/parameters.yaml.dist config/legacy/parameters.yaml # Add the config files for Apache2 From 4467724e6bd1a071c302c83713676a934f91325f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jul 2023 01:15:55 +0000 Subject: [PATCH 09/24] Bump tough-cookie from 4.1.2 to 4.1.3 Bumps [tough-cookie](https://github.com/salesforce/tough-cookie) from 4.1.2 to 4.1.3. - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](https://github.com/salesforce/tough-cookie/compare/v4.1.2...v4.1.3) --- updated-dependencies: - dependency-name: tough-cookie dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 5bbfc562..53119524 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6534,9 +6534,9 @@ token-stream@1.0.0: integrity sha512-VSsyNPPW74RpHwR8Fc21uubwHY7wMDeJLys2IX5zJNih+OnAnaifKHo+1LHT7DAdloQ7apeaaWg8l7qnf/TnEg== tough-cookie@^4.0.0: - version "4.1.2" - resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-4.1.2.tgz#e53e84b85f24e0b65dd526f46628db6c85f6b874" - integrity sha512-G9fqXWoYFZgTc2z8Q5zaHy/vJMjm+WV0AkAeHxVCQiEB1b+dGvWzFW6QV07cY5jQ5gRkeid2qIkzkxUnmoQZUQ== + version "4.1.3" + resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-4.1.3.tgz#97b9adb0728b42280aa3d814b6b999b2ff0318bf" + integrity sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw== dependencies: psl "^1.1.33" punycode "^2.1.1" From 6a977fb66367121c626b0aada6457a4fa79b31b2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Jul 2023 00:59:15 +0000 Subject: [PATCH 10/24] Bump semver from 6.3.0 to 6.3.1 Bumps [semver](https://github.com/npm/node-semver) from 6.3.0 to 6.3.1. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v6.3.0...v6.3.1) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/yarn.lock b/yarn.lock index 5bbfc562..adda1e8a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6068,16 +6068,16 @@ selfsigned@^2.1.1: node-forge "^1" semver@7.x, semver@^7.2.1, semver@^7.3.2, semver@^7.3.4, semver@^7.3.5, semver@^7.3.8: - version "7.3.8" - resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.8.tgz#07a78feafb3f7b32347d725e33de7e2a2df67798" - integrity sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A== + version "7.5.4" + resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e" + integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== dependencies: lru-cache "^6.0.0" semver@^6.0.0, semver@^6.1.1, semver@^6.1.2, semver@^6.3.0: - version "6.3.0" - resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d" - integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw== + version "6.3.1" + resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" + integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== send@0.18.0: version "0.18.0" From 983830153c6d90c1014bbdaff983194758d92868 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Jul 2023 00:14:49 +0000 Subject: [PATCH 11/24] Bump word-wrap from 1.2.3 to 1.2.4 Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4) --- updated-dependencies: - dependency-name: word-wrap dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 5bbfc562..d6e3150b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6978,9 +6978,9 @@ with@^7.0.0: babel-walk "3.0.0-canary-5" word-wrap@^1.2.3, word-wrap@~1.2.3: - version "1.2.3" - resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c" - integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ== + version "1.2.4" + resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.4.tgz#cb4b50ec9aca570abd1f52f33cd45b6c61739a9f" + integrity sha512-2V81OA4ugVo5pRo46hAoD2ivUJx8jXmWXfUkY4KFNw0hEptvN0QfH3K4nHiwzGeKl5rFKedV48QVoqYavy4YpA== wrap-ansi@^7.0.0: version "7.0.0" From 46c528090184b9f944e28a1e0d86da7edc006d23 Mon Sep 17 00:00:00 2001 From: Peter Havekes Date: Wed, 26 Jul 2023 09:00:49 +0200 Subject: [PATCH 12/24] Update daily check GHA --- .github/workflows/daily-security-check.yml | 102 +++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 .github/workflows/daily-security-check.yml diff --git a/.github/workflows/daily-security-check.yml b/.github/workflows/daily-security-check.yml new file mode 100644 index 00000000..36b2deb8 --- /dev/null +++ b/.github/workflows/daily-security-check.yml @@ -0,0 +1,102 @@ +--- +name: Daily security check +on: + schedule: + - cron: '0 0 * * *' + workflow_dispatch: + +jobs: + security: + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: Checkout repo + uses: actions/checkout@v2 + + # PHP checks + - name: Check for php composer project + id: check_composer + uses: andstor/file-existence-action@v2 + with: + files: "composer.lock" + - name: Run php local security checker + if: steps.check_composer.outputs.files_exists == 'true' + uses: symfonycorp/security-checker-action@v4 + + # node-yarn checks + - name: Check for node-yarn project + id: check_node_yarn + uses: andstor/file-existence-action@v2 + with: + files: "yarn.lock" + - name: Setup node + if: steps.check_node_yarn.outputs.files_exists == 'true' + uses: actions/setup-node@v3 + with: + node-version: 14 + - name: Yarn Audit + if: steps.check_node_yarn.outputs.files_exists == 'true' + run: yarn audit --level high --groups dependencies optionalDependencies + + # node-npm checks + - name: Check for node-npm project + id: check_node_npm + uses: andstor/file-existence-action@v2 + with: + files: "package.lock" + - name: Setup node + if: steps.check_node_npm.outputs.files_exists == 'true' + uses: actions/setup-node@v3 + with: + node-version: 14 + - name: npm audit + if: steps.check_node_npm.outputs.files_exists == 'true' + run: npm audit --audit-level=high + + # python checks + - name: Check for python project + id: check_python + uses: andstor/file-existence-action@v2 + with: + files: "requirements.txt" + - name: Safety checks Python dependencies + if: steps.check_python.outputs.files_exists == 'true' + uses: pyupio/safety@2.3.5 + + # java checks + - name: Check for java maven project + id: check_maven + uses: andstor/file-existence-action@v2 + with: + files: "pom.xml" + - name: Setup java if needed + if: steps.check_maven.outputs.files_exists == 'true' + uses: actions/setup-java@v3 + with: + java-version: 11 + distribution: 'temurin' + cache: 'maven' + - name: Set up maven cache if needed + if: steps.check_maven.outputs.files_exists == 'true' + uses: actions/cache@v1 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + - name: Check java + if: steps.check_maven.outputs.files_exists == 'true' + run: mvn org.owasp:dependency-check-maven:check + + # Send results + - name: Send to Slack if something failed + if: failure() + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_CHANNEL: surfconext-nightly-check + SLACK_COLOR: ${{ job.status }} + SLACK_ICON: https://static.surfconext.nl/logos/idp/surfnet.png + SLACK_MESSAGE: 'Dependency check failed :crying_cat_face:' + SLACK_TITLE: Dependency check wants attention + SLACK_USERNAME: NightlySecurityCheck + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} \ No newline at end of file From eef7610f48a21984a7870b3ed7162e7e06b0e83c Mon Sep 17 00:00:00 2001 From: Pieter van der Meulen Date: Tue, 8 Aug 2023 11:46:50 +0200 Subject: [PATCH 13/24] Move Stepup-tiqr specific documentation from tiqr-server-libphp --- README.md | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 72 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4555bf0a..886e51c3 100644 --- a/README.md +++ b/README.md @@ -186,8 +186,78 @@ tiqr_library_options: # Release strategy Please read: https://github.com/OpenConext/Stepup-Deploy/wiki/Release-Management fro more information on the release strategy used in Stepup projects. +# How the Stepup-tiqr uses the Tiqr library +The Tiqr server's purpose is to facilitate Tiqr authentications. In doing so communicating with the Tiqr app. Details about this communication flow can be found in the flow above. Here you will find a communication diagram for enrollment and authentication. + +The following code examples show some of the concepts that are used during authentication from the web frontend. It does not include the communication with the Tiqr client (app). + +```php +# 1. The name id (username) of the user is used to identify that specific user in Tiqr. +# In the case of Stepup-Tiqr (SAML based) we get the NameId from the SAML 2.0 AuthnRequest +# +# Example below is pseudocode you might write in your controller dealing with an authentication request +$nameId = $this->authenticationService->getNameId(); + +# The request id of the SAML AuthnRequest message, used to match the originating authentication request with the Tiqr authentication +$requestId = $this->authenticationService->getRequestId(); +``` + +```php +# 2. Next you can do some verifications on the user, is it found in tiqr-server user storage? +# Is it not locked out temporarily? +# +# Example below is pseudocode you might write in your controller dealing with an authentication request +$user = $this->userRepository->getUser($nameId); +if ($this->authenticationRateLimitService->isBlockedTemporarily($user)) { + throw new Exception('You are locked out of the system'); +} + +$this->startAuthentication($nameId, $requestId) +public function startAuthentication($nameId, $requestId) +{ + # Authentication is started by providing the NameId and the PHP session id + $sessionKey = $this->tiqrService->startAuthenticationSession($nameId, $this->session->getId()); + # The Service (Tiqr_Service) generates a session key which is stored in the state storage, but also returned to + # persist in the Tiqr server implementation. + $this->session->set('sessionKey', $sessionKey); + $this->storeRequestIdForNameId($sessionKey, $requestId); + # Creates an authentication challenge URL. It links directly to the application + return $this->tiqrService->generateAuthURL($sessionKey); +} +``` + +```php +# 3. The tiqr server implementation now must wait for the Tiqr App to finalize its authentication with the user. +# In the Stepup-Tiqr implementation, we do this by polling the tiqr server for the atuthentication status. +# Example below is pseudocode + +# Javascript +function pollTiqrStatus() { + getTiqrStatus() + setTimeout(refresh, 5000); +} +pollTiqrStatus(); + +# In the PHP application: +$isAuthenticated = $this->tiqrService->getAuthenticatedUser($this->session->getId()); +if ($isAuthenticated) { + # Your controller can now go to the next action, maybe send back a successful SamlResponse, or signal otherwise + # that the authentication succeeded. + return $successResponse; +} +# And deal with the non happy flow + +if ($isExpired) { + return $errorResponse; +} + +if ($otherErrorConddition) { + # ... +} +``` + Other resources -====================== +=============== - [Developer documentation](docs/index.md) - [Issue tracker](https://www.pivotaltracker.com/n/projects/1163646) @@ -195,3 +265,4 @@ Other resources - [Tiqr library](https://github.com/SURFnet/tiqr-server-libphp) - [Library documentation](https://tiqr.org/documentation/) - [Tiqr config parameters](https://github.com/SURFnet/simplesamlphp-module-authtiqr) + From abb3782f1495fb20fd323f30d2b22511b0fb0d6c Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Thu, 17 Aug 2023 16:59:29 +0200 Subject: [PATCH 14/24] Docker: Add default config parameters in order to work with the other apps in the docker development environment --- config/legacy/parameters.yaml.dist | 19 +++++++++---------- docker/Dockerfile.prod | 5 ++++- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/config/legacy/parameters.yaml.dist b/config/legacy/parameters.yaml.dist index 7cee6227..3fcef45c 100644 --- a/config/legacy/parameters.yaml.dist +++ b/config/legacy/parameters.yaml.dist @@ -12,18 +12,17 @@ parameters: - en_GB # SAML configuration - saml_idp_publickey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer' - saml_idp_privatekey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem' - saml_metadata_publickey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer' - saml_metadata_privatekey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem' - saml_remote_sp_entity_id: 'https://pieter.aai.surfnet.nl/simplesamlphp/module.php/saml/sp/metadata.php/default-sp' - saml_remote_sp_sso_url: '"https://pieter.aai.surfnet.nl/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp"' - saml_remote_sp_certificate: '%kernel.root_dir%/../vendor/surfnet/stepup-gssp-bundle/src/Resources/keys/pieter.aai.surfnet.nl.pem' - saml_remote_sp_acs: 'https://pieter.aai.surfnet.nl/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp' + saml_idp_publickey: '/config/tiqr/tiqr_idp.crt' + saml_idp_privatekey: '/config/tiqr/tiqr_idp.key' + saml_metadata_publickey: '/config/tiqr/tiqr_idp.crt' + saml_metadata_privatekey: '/config/tiqr/tiqr_idp.key' + saml_remote_sp_entity_id: 'https://gateway.dev.openconext.local/gssp/tiqr/metadata' + saml_remote_sp_certificate: '/config/gateway/gateway_gssp_sp.crt' + saml_remote_sp_acs: 'https://gateway.dev.openconext.local/gssp/tiqr/consume-assertion' # Hosting settings (own URL) - base_url: 'https://tiqr.stepup.example.com' - tiqr_identity: 'tiqr.stepup.example.com' + base_url: 'https://tiqr.dev.openconext.local' + tiqr_identity: 'tiqr.dev.openconext.local' # View parameters, 'en' entry was added as this is the default used by Translator. Was unable to configure it to # use en_GB. TODO: look into configuring this the right way. diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index 723a618f..5ba00cc8 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -1,11 +1,14 @@ FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2:latest AS php-build COPY *.tar.bz2 /tmp/ RUN tar -xvjf /tmp/*.tar.bz2 -C /var/www/html/ && \ - rm -rf /tmp/*.tar.bz2 + rm -rf /tmp/*.tar.bz2 # Add the application configuration files COPY config/legacy/parameters.yaml.dist config/legacy/parameters.yaml +# TIQR needs some assests to be installed +RUN bin/console assets:install + # Add the config files for Apache2 RUN rm -rf /etc/apache2/sites-enabled/* COPY ./docker/conf/tiqr-apache2.conf /etc/apache2/sites-enabled/tiqr.conf From b8b4662eb40615a714223d61c4f88e1fde69a973 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Mon, 21 Aug 2023 16:01:33 +0200 Subject: [PATCH 15/24] Docker: Add monolog configuration when running as a container This will let the logs go to stdout when running as a container, which is the Docker way to send logs --- config/packages/prod/monolog.yaml.docker | 12 ++++++++++++ docker/Dockerfile.prod | 1 + 2 files changed, 13 insertions(+) create mode 100644 config/packages/prod/monolog.yaml.docker diff --git a/config/packages/prod/monolog.yaml.docker b/config/packages/prod/monolog.yaml.docker new file mode 100644 index 00000000..f1a1e7e9 --- /dev/null +++ b/config/packages/prod/monolog.yaml.docker @@ -0,0 +1,12 @@ +monolog: + handlers: + prod-signaler: + type: fingers_crossed + action_level: ERROR + passthru_level: NOTICE # this means that all message of level NOTICE or higher are always logged + handler: main_syslog + bubble: false # if we handle it, nothing else should + main_syslog: + type: stream + path: "php://stderr" + formatter: surfnet_stepup.monolog.json_formatter diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index 5ba00cc8..76169ba4 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -5,6 +5,7 @@ RUN tar -xvjf /tmp/*.tar.bz2 -C /var/www/html/ && \ # Add the application configuration files COPY config/legacy/parameters.yaml.dist config/legacy/parameters.yaml +COPY config/packages/prod/monolog.yaml.docker config/packages/prod/monolog.yaml # TIQR needs some assests to be installed RUN bin/console assets:install From a136680d0b04f70b9b883acb623d2448d47b2f10 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Mon, 21 Aug 2023 16:15:44 +0200 Subject: [PATCH 16/24] Docker: Clean and chown the cache dir --- docker/Dockerfile.prod | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index 76169ba4..3dac3f69 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -13,6 +13,7 @@ RUN bin/console assets:install # Add the config files for Apache2 RUN rm -rf /etc/apache2/sites-enabled/* COPY ./docker/conf/tiqr-apache2.conf /etc/apache2/sites-enabled/tiqr.conf +RUN rm -rf /var/www/html/var/cache/prod && chown -R www-data /var/www/html/var EXPOSE 80 # Set the default workdir From 8460a68ffc96bb01bf46aecd361d1f0d56438a00 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Sep 2023 17:08:59 +0000 Subject: [PATCH 17/24] Bump blamer from 1.0.1 to 1.0.4 Bumps [blamer](https://github.com/kucherenko/blamer) from 1.0.1 to 1.0.4. - [Changelog](https://github.com/kucherenko/blamer/blob/master/CHANGELOG.md) - [Commits](https://github.com/kucherenko/blamer/compare/v1.0.1...v1.0.4) --- updated-dependencies: - dependency-name: blamer dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 25 +++---------------------- 1 file changed, 3 insertions(+), 22 deletions(-) diff --git a/yarn.lock b/yarn.lock index 9560d7c7..b3ba4821 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2129,13 +2129,12 @@ binary-extensions@^2.0.0: integrity sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA== blamer@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/blamer/-/blamer-1.0.1.tgz#0453b2e94764fb71d2a913c198fff0335fe875aa" - integrity sha512-o6d0m9rcEEQXF3+L/wnFPxngqwc1Oxkr/WJ3IdpTfTb0HxOpRLkhC7RAfEEkHIzU66YFjG7N5oEstvE72cnQNQ== + version "1.0.4" + resolved "https://registry.yarnpkg.com/blamer/-/blamer-1.0.4.tgz#b2890983a8e2fae3caf7fc9d3f0393725845220d" + integrity sha512-wKUEcMmhVUVjrpXKMROJY/O7EUNzQVAcE4jrVwLw/EcMVRS+xzgRpLOEQ/LRXBp1WGtl7uDMHcNzSeJWCRg0Tg== dependencies: execa "^4.0.0" which "^2.0.2" - xml2js "^0.4.23" body-parser@1.20.1: version "1.20.1" @@ -6010,11 +6009,6 @@ sass@^1.43.4: immutable "^4.0.0" source-map-js ">=0.6.2 <2.0.0" -sax@>=0.6.0: - version "1.2.4" - resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9" - integrity sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw== - saxes@^5.0.1: version "5.0.1" resolved "https://registry.yarnpkg.com/saxes/-/saxes-5.0.1.tgz#eebab953fa3b7608dbe94e5dadb15c888fa6696d" @@ -7021,19 +7015,6 @@ xml-name-validator@^3.0.0: resolved "https://registry.yarnpkg.com/xml-name-validator/-/xml-name-validator-3.0.0.tgz#6ae73e06de4d8c6e47f9fb181f78d648ad457c6a" integrity sha512-A5CUptxDsvxKJEU3yO6DuWBSJz/qizqzJKOMIfUJHETbBw/sFaDxgd6fxm1ewUaM0jZ444Fc5vC5ROYurg/4Pw== -xml2js@^0.4.23: - version "0.4.23" - resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.23.tgz#a0c69516752421eb2ac758ee4d4ccf58843eac66" - integrity sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug== - dependencies: - sax ">=0.6.0" - xmlbuilder "~11.0.0" - -xmlbuilder@~11.0.0: - version "11.0.1" - resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-11.0.1.tgz#be9bae1c8a046e76b31127726347d0ad7002beb3" - integrity sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA== - xmlchars@^2.2.0: version "2.2.0" resolved "https://registry.yarnpkg.com/xmlchars/-/xmlchars-2.2.0.tgz#060fe1bcb7f9c76fe2a17db86a9bc3ab894210cb" From afdd520bd52557842ffb0b9c909c2cdb52a0d631 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Oct 2023 09:45:35 +0000 Subject: [PATCH 18/24] Bump postcss from 8.4.20 to 8.4.31 Bumps [postcss](https://github.com/postcss/postcss) from 8.4.20 to 8.4.31. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.4.20...8.4.31) --- updated-dependencies: - dependency-name: postcss dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/package.json b/package.json index 4e79babf..395409a6 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "dependencies": { "bootstrap": "^3", "jquery": "^3.5.0", - "postcss": ">=8.2.13", + "postcss": ">=8.4.31", "select2": "^4.0.3" } } diff --git a/yarn.lock b/yarn.lock index b3ba4821..056e7577 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4961,10 +4961,10 @@ multicast-dns@^7.2.5: dns-packet "^5.2.2" thunky "^1.0.2" -nanoid@^3.3.4: - version "3.3.4" - resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.4.tgz#730b67e3cd09e2deacf03c027c81c9d9dbc5e8ab" - integrity sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw== +nanoid@^3.3.6: + version "3.3.6" + resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.6.tgz#443380c856d6e9f9824267d960b4236ad583ea4c" + integrity sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA== natural-compare@^1.4.0: version "1.4.0" @@ -5522,12 +5522,12 @@ postcss-value-parser@^4.1.0, postcss-value-parser@^4.2.0: resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz#723c09920836ba6d3e5af019f92bc0971c02e514" integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ== -postcss@>=8.2.13, postcss@^8.2.14, postcss@^8.2.15, postcss@^8.4.17, postcss@^8.4.19: - version "8.4.20" - resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.20.tgz#64c52f509644cecad8567e949f4081d98349dc56" - integrity sha512-6Q04AXR1212bXr5fh03u8aAwbLxAQNGQ/Q1LNa0VfOI06ZAlhPHtQvE4OIdpj4kLThXilalPnmDSOD65DcHt+g== +postcss@>=8.4.31, postcss@^8.2.14, postcss@^8.2.15, postcss@^8.4.17, postcss@^8.4.19: + version "8.4.31" + resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.31.tgz#92b451050a9f914da6755af352bdc0192508656d" + integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ== dependencies: - nanoid "^3.3.4" + nanoid "^3.3.6" picocolors "^1.0.0" source-map-js "^1.0.2" From 9edb81318bebe91f8a93ae5571e98ed72b9f0619 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Oct 2023 21:02:19 +0000 Subject: [PATCH 19/24] Bump @babel/traverse from 7.20.5 to 7.23.2 Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.20.5 to 7.23.2. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 131 ++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 118 insertions(+), 13 deletions(-) diff --git a/yarn.lock b/yarn.lock index 056e7577..76cdd541 100644 --- a/yarn.lock +++ b/yarn.lock @@ -24,6 +24,14 @@ dependencies: "@babel/highlight" "^7.18.6" +"@babel/code-frame@^7.22.13": + version "7.22.13" + resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.22.13.tgz#e3c1c099402598483b7a8c46a721d1038803755e" + integrity sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w== + dependencies: + "@babel/highlight" "^7.22.13" + chalk "^2.4.2" + "@babel/compat-data@^7.17.7", "@babel/compat-data@^7.20.0", "@babel/compat-data@^7.20.1": version "7.20.5" resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.20.5.tgz#86f172690b093373a933223b4745deeb6049e733" @@ -59,6 +67,16 @@ "@jridgewell/gen-mapping" "^0.3.2" jsesc "^2.5.1" +"@babel/generator@^7.23.0": + version "7.23.0" + resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.23.0.tgz#df5c386e2218be505b34837acbcb874d7a983420" + integrity sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g== + dependencies: + "@babel/types" "^7.23.0" + "@jridgewell/gen-mapping" "^0.3.2" + "@jridgewell/trace-mapping" "^0.3.17" + jsesc "^2.5.1" + "@babel/helper-annotate-as-pure@^7.18.6": version "7.18.6" resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.18.6.tgz#eaa49f6f80d5a33f9a5dd2276e6d6e451be0a6bb" @@ -122,6 +140,11 @@ resolved "https://registry.yarnpkg.com/@babel/helper-environment-visitor/-/helper-environment-visitor-7.18.9.tgz#0c0cee9b35d2ca190478756865bb3528422f51be" integrity sha512-3r/aACDJ3fhQ/EVgFy0hpj8oHyHpQc+LPtJoY9SzTThAsStm4Ptegq92vqKoE3vD706ZVFWITnMnxucw+S9Ipg== +"@babel/helper-environment-visitor@^7.22.20": + version "7.22.20" + resolved "https://registry.yarnpkg.com/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz#96159db61d34a29dba454c959f5ae4a649ba9167" + integrity sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA== + "@babel/helper-explode-assignable-expression@^7.18.6": version "7.18.6" resolved "https://registry.yarnpkg.com/@babel/helper-explode-assignable-expression/-/helper-explode-assignable-expression-7.18.6.tgz#41f8228ef0a6f1a036b8dfdfec7ce94f9a6bc096" @@ -137,6 +160,14 @@ "@babel/template" "^7.18.10" "@babel/types" "^7.19.0" +"@babel/helper-function-name@^7.23.0": + version "7.23.0" + resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz#1f9a3cdbd5b2698a670c30d2735f9af95ed52759" + integrity sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw== + dependencies: + "@babel/template" "^7.22.15" + "@babel/types" "^7.23.0" + "@babel/helper-hoist-variables@^7.18.6": version "7.18.6" resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.18.6.tgz#d4d2c8fb4baeaa5c68b99cc8245c56554f926678" @@ -144,6 +175,13 @@ dependencies: "@babel/types" "^7.18.6" +"@babel/helper-hoist-variables@^7.22.5": + version "7.22.5" + resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz#c01a007dac05c085914e8fb652b339db50d823bb" + integrity sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw== + dependencies: + "@babel/types" "^7.22.5" + "@babel/helper-member-expression-to-functions@^7.18.9": version "7.18.9" resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.18.9.tgz#1531661e8375af843ad37ac692c132841e2fd815" @@ -226,16 +264,33 @@ dependencies: "@babel/types" "^7.18.6" +"@babel/helper-split-export-declaration@^7.22.6": + version "7.22.6" + resolved "https://registry.yarnpkg.com/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz#322c61b7310c0997fe4c323955667f18fcefb91c" + integrity sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g== + dependencies: + "@babel/types" "^7.22.5" + "@babel/helper-string-parser@^7.19.4": version "7.19.4" resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.19.4.tgz#38d3acb654b4701a9b77fb0615a96f775c3a9e63" integrity sha512-nHtDoQcuqFmwYNYPz3Rah5ph2p8PFeFCsZk9A/48dPc/rGocJ5J3hAAZ7pb76VWX3fZKu+uEr/FhH5jLx7umrw== +"@babel/helper-string-parser@^7.22.5": + version "7.22.5" + resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz#533f36457a25814cf1df6488523ad547d784a99f" + integrity sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw== + "@babel/helper-validator-identifier@^7.18.6", "@babel/helper-validator-identifier@^7.19.1": version "7.19.1" resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.19.1.tgz#7eea834cf32901ffdc1a7ee555e2f9c27e249ca2" integrity sha512-awrNfaMtnHUr653GgGEs++LlAvW6w+DcPrOliSMXWCKo597CwL5Acf/wWdNkf/tfEQE3mjkeD1YOVZOUV/od1w== +"@babel/helper-validator-identifier@^7.22.20": + version "7.22.20" + resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz#c4ae002c61d2879e724581d96665583dbc1dc0e0" + integrity sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A== + "@babel/helper-validator-option@^7.18.6": version "7.18.6" resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.18.6.tgz#bf0d2b5a509b1f336099e4ff36e1a63aa5db4db8" @@ -269,11 +324,25 @@ chalk "^2.0.0" js-tokens "^4.0.0" +"@babel/highlight@^7.22.13": + version "7.22.20" + resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.22.20.tgz#4ca92b71d80554b01427815e06f2df965b9c1f54" + integrity sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg== + dependencies: + "@babel/helper-validator-identifier" "^7.22.20" + chalk "^2.4.2" + js-tokens "^4.0.0" + "@babel/parser@^7.1.0", "@babel/parser@^7.14.7", "@babel/parser@^7.18.10", "@babel/parser@^7.20.5", "@babel/parser@^7.6.0", "@babel/parser@^7.9.6": version "7.20.5" resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.20.5.tgz#7f3c7335fe417665d929f34ae5dceae4c04015e8" integrity sha512-r27t/cy/m9uKLXQNWWebeCUHgnAZq0CpG1OwKRxzJMP1vpSU4bSIK2hq+/cp0bQxetkXx38n09rNu8jVkcK/zA== +"@babel/parser@^7.22.15", "@babel/parser@^7.23.0": + version "7.23.0" + resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.23.0.tgz#da950e622420bf96ca0d0f2909cdddac3acd8719" + integrity sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw== + "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.18.6": version "7.18.6" resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.18.6.tgz#da5b8f9a580acdfbe53494dba45ea389fb09a4d2" @@ -903,19 +972,28 @@ "@babel/parser" "^7.18.10" "@babel/types" "^7.18.10" -"@babel/traverse@^7.19.1", "@babel/traverse@^7.20.1", "@babel/traverse@^7.20.5", "@babel/traverse@^7.7.2": - version "7.20.5" - resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.20.5.tgz#78eb244bea8270fdda1ef9af22a5d5e5b7e57133" - integrity sha512-WM5ZNN3JITQIq9tFZaw1ojLU3WgWdtkxnhM1AegMS+PvHjkM5IXjmYEGY7yukz5XS4sJyEf2VzWjI8uAavhxBQ== +"@babel/template@^7.22.15": + version "7.22.15" + resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.22.15.tgz#09576efc3830f0430f4548ef971dde1350ef2f38" + integrity sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w== dependencies: - "@babel/code-frame" "^7.18.6" - "@babel/generator" "^7.20.5" - "@babel/helper-environment-visitor" "^7.18.9" - "@babel/helper-function-name" "^7.19.0" - "@babel/helper-hoist-variables" "^7.18.6" - "@babel/helper-split-export-declaration" "^7.18.6" - "@babel/parser" "^7.20.5" - "@babel/types" "^7.20.5" + "@babel/code-frame" "^7.22.13" + "@babel/parser" "^7.22.15" + "@babel/types" "^7.22.15" + +"@babel/traverse@^7.19.1", "@babel/traverse@^7.20.1", "@babel/traverse@^7.20.5", "@babel/traverse@^7.7.2": + version "7.23.2" + resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.23.2.tgz#329c7a06735e144a506bdb2cad0268b7f46f4ad8" + integrity sha512-azpe59SQ48qG6nu2CzcMLbxUudtN+dOM9kDbUqGq3HXUJRlo7i8fvPoxQUzYgLZ4cMVmuZgm8vvBpNeRhd6XSw== + dependencies: + "@babel/code-frame" "^7.22.13" + "@babel/generator" "^7.23.0" + "@babel/helper-environment-visitor" "^7.22.20" + "@babel/helper-function-name" "^7.23.0" + "@babel/helper-hoist-variables" "^7.22.5" + "@babel/helper-split-export-declaration" "^7.22.6" + "@babel/parser" "^7.23.0" + "@babel/types" "^7.23.0" debug "^4.1.0" globals "^11.1.0" @@ -928,6 +1006,15 @@ "@babel/helper-validator-identifier" "^7.19.1" to-fast-properties "^2.0.0" +"@babel/types@^7.22.15", "@babel/types@^7.22.5", "@babel/types@^7.23.0": + version "7.23.0" + resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.23.0.tgz#8c1f020c9df0e737e4e247c0619f58c68458aaeb" + integrity sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg== + dependencies: + "@babel/helper-string-parser" "^7.22.5" + "@babel/helper-validator-identifier" "^7.22.20" + to-fast-properties "^2.0.0" + "@bcoe/v8-coverage@^0.2.3": version "0.2.3" resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39" @@ -1198,6 +1285,11 @@ resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz#2203b118c157721addfe69d47b70465463066d78" integrity sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w== +"@jridgewell/resolve-uri@^3.1.0": + version "3.1.1" + resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.1.tgz#c08679063f279615a3326583ba3a90d1d82cc721" + integrity sha512-dSYZh7HhCDtCKm4QakX0xFpsRDqjjtZf/kjI/v3T3Nwt5r8/qz/M19F9ySyOqU94SXBmeG9ttTul+YnR4LOxFA== + "@jridgewell/set-array@^1.0.0", "@jridgewell/set-array@^1.0.1": version "1.1.2" resolved "https://registry.yarnpkg.com/@jridgewell/set-array/-/set-array-1.1.2.tgz#7c6cf998d6d20b914c0a55a91ae928ff25965e72" @@ -1216,6 +1308,11 @@ resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz#add4c98d341472a289190b424efbdb096991bb24" integrity sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw== +"@jridgewell/sourcemap-codec@^1.4.14": + version "1.4.15" + resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz#d7c6e6755c78567a951e04ab52ef0fd26de59f32" + integrity sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg== + "@jridgewell/trace-mapping@^0.3.14", "@jridgewell/trace-mapping@^0.3.9": version "0.3.17" resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.17.tgz#793041277af9073b0951a7fe0f0d8c4c98c36985" @@ -1224,6 +1321,14 @@ "@jridgewell/resolve-uri" "3.1.0" "@jridgewell/sourcemap-codec" "1.4.14" +"@jridgewell/trace-mapping@^0.3.17": + version "0.3.20" + resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.20.tgz#72e45707cf240fa6b081d0366f8265b0cd10197f" + integrity sha512-R8LcPeWZol2zR8mmH3JeKQ6QRCFb7XgUhV9ZlGhHLGyg4wpPiPZNQOOWhFZhxKw8u//yTbNGI42Bx/3paXEQ+Q== + dependencies: + "@jridgewell/resolve-uri" "^3.1.0" + "@jridgewell/sourcemap-codec" "^1.4.14" + "@jscpd/core@^3.5.0": version "3.5.0" resolved "https://registry.yarnpkg.com/@jscpd/core/-/core-3.5.0.tgz#7895a667ec70704730f44a64246bcd68a8ceac00" @@ -2271,7 +2376,7 @@ caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001400: resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001439.tgz#ab7371faeb4adff4b74dad1718a6fd122e45d9cb" integrity sha512-1MgUzEkoMO6gKfXflStpYgZDlFM7M/ck/bgfVCACO5vnAf0fXoNVHdWtqGU+MYca+4bL9Z5bpOVmR33cWW9G2A== -chalk@^2.0.0, chalk@^2.3.2: +chalk@^2.0.0, chalk@^2.3.2, chalk@^2.4.2: version "2.4.2" resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424" integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ== From 7de3265fa00e7333075d740a29a04b8af981eda0 Mon Sep 17 00:00:00 2001 From: Peter Havekes Date: Fri, 27 Oct 2023 09:48:55 +0200 Subject: [PATCH 20/24] Add repo name to slack notification --- .github/workflows/daily-security-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/daily-security-check.yml b/.github/workflows/daily-security-check.yml index 36b2deb8..51d7d58b 100644 --- a/.github/workflows/daily-security-check.yml +++ b/.github/workflows/daily-security-check.yml @@ -97,6 +97,6 @@ jobs: SLACK_COLOR: ${{ job.status }} SLACK_ICON: https://static.surfconext.nl/logos/idp/surfnet.png SLACK_MESSAGE: 'Dependency check failed :crying_cat_face:' - SLACK_TITLE: Dependency check wants attention + SLACK_TITLE: ${{ github.repository }} wants attention SLACK_USERNAME: NightlySecurityCheck SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} \ No newline at end of file From c63234ad52717baca09334492b6637d2fb900ce5 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Mon, 6 Nov 2023 21:08:58 +0100 Subject: [PATCH 21/24] Docker: Remove APP_ENV from Apache. It is not overrideable when set by Apache --- docker/conf/tiqr-apache2.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/docker/conf/tiqr-apache2.conf b/docker/conf/tiqr-apache2.conf index c331a8fc..c5e90392 100644 --- a/docker/conf/tiqr-apache2.conf +++ b/docker/conf/tiqr-apache2.conf @@ -4,7 +4,6 @@ DocumentRoot /var/www/html/public - SetEnv APP_ENV prod SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 From c24aadc4e1c4b46e4e210b90a33c0f8e3d5b530f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 12 Nov 2023 16:17:47 +0000 Subject: [PATCH 22/24] Bump symfony/twig-bridge from 4.4.44 to 4.4.51 Bumps [symfony/twig-bridge](https://github.com/symfony/twig-bridge) from 4.4.44 to 4.4.51. - [Release notes](https://github.com/symfony/twig-bridge/releases) - [Changelog](https://github.com/symfony/twig-bridge/blob/6.3/CHANGELOG.md) - [Commits](https://github.com/symfony/twig-bridge/compare/v4.4.44...v4.4.51) --- updated-dependencies: - dependency-name: symfony/twig-bridge dependency-type: indirect ... Signed-off-by: dependabot[bot] --- composer.lock | 82 +++++++++++++++++++++++++-------------------------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/composer.lock b/composer.lock index fa0d6f33..81e3b2d0 100644 --- a/composer.lock +++ b/composer.lock @@ -3638,16 +3638,16 @@ }, { "name": "symfony/polyfill-ctype", - "version": "v1.27.0", + "version": "v1.28.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-ctype.git", - "reference": "5bbc823adecdae860bb64756d639ecfec17b050a" + "reference": "ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/5bbc823adecdae860bb64756d639ecfec17b050a", - "reference": "5bbc823adecdae860bb64756d639ecfec17b050a", + "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb", + "reference": "ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb", "shasum": "" }, "require": { @@ -3662,7 +3662,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.27-dev" + "dev-main": "1.28-dev" }, "thanks": { "name": "symfony/polyfill", @@ -3700,7 +3700,7 @@ "portable" ], "support": { - "source": "https://github.com/symfony/polyfill-ctype/tree/v1.27.0" + "source": "https://github.com/symfony/polyfill-ctype/tree/v1.28.0" }, "funding": [ { @@ -3716,7 +3716,7 @@ "type": "tidelift" } ], - "time": "2022-11-03T14:55:06+00:00" + "time": "2023-01-26T09:26:14+00:00" }, { "name": "symfony/polyfill-intl-grapheme", @@ -3972,16 +3972,16 @@ }, { "name": "symfony/polyfill-mbstring", - "version": "v1.27.0", + "version": "v1.28.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534" + "reference": "42292d99c55abe617799667f454222c54c60e229" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/8ad114f6b39e2c98a8b0e3bd907732c207c2b534", - "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/42292d99c55abe617799667f454222c54c60e229", + "reference": "42292d99c55abe617799667f454222c54c60e229", "shasum": "" }, "require": { @@ -3996,7 +3996,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.27-dev" + "dev-main": "1.28-dev" }, "thanks": { "name": "symfony/polyfill", @@ -4035,7 +4035,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.27.0" + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.28.0" }, "funding": [ { @@ -4051,20 +4051,20 @@ "type": "tidelift" } ], - "time": "2022-11-03T14:55:06+00:00" + "time": "2023-07-28T09:04:16+00:00" }, { "name": "symfony/polyfill-php72", - "version": "v1.27.0", + "version": "v1.28.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php72.git", - "reference": "869329b1e9894268a8a61dabb69153029b7a8c97" + "reference": "70f4aebd92afca2f865444d30a4d2151c13c3179" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/869329b1e9894268a8a61dabb69153029b7a8c97", - "reference": "869329b1e9894268a8a61dabb69153029b7a8c97", + "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/70f4aebd92afca2f865444d30a4d2151c13c3179", + "reference": "70f4aebd92afca2f865444d30a4d2151c13c3179", "shasum": "" }, "require": { @@ -4073,7 +4073,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.27-dev" + "dev-main": "1.28-dev" }, "thanks": { "name": "symfony/polyfill", @@ -4111,7 +4111,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php72/tree/v1.27.0" + "source": "https://github.com/symfony/polyfill-php72/tree/v1.28.0" }, "funding": [ { @@ -4127,7 +4127,7 @@ "type": "tidelift" } ], - "time": "2022-11-03T14:55:06+00:00" + "time": "2023-01-26T09:26:14+00:00" }, { "name": "symfony/polyfill-php73", @@ -4210,16 +4210,16 @@ }, { "name": "symfony/polyfill-php80", - "version": "v1.27.0", + "version": "v1.28.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php80.git", - "reference": "7a6ff3f1959bb01aefccb463a0f2cd3d3d2fd936" + "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/7a6ff3f1959bb01aefccb463a0f2cd3d3d2fd936", - "reference": "7a6ff3f1959bb01aefccb463a0f2cd3d3d2fd936", + "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/6caa57379c4aec19c0a12a38b59b26487dcfe4b5", + "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5", "shasum": "" }, "require": { @@ -4228,7 +4228,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.27-dev" + "dev-main": "1.28-dev" }, "thanks": { "name": "symfony/polyfill", @@ -4273,7 +4273,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php80/tree/v1.27.0" + "source": "https://github.com/symfony/polyfill-php80/tree/v1.28.0" }, "funding": [ { @@ -4289,7 +4289,7 @@ "type": "tidelift" } ], - "time": "2022-11-03T14:55:06+00:00" + "time": "2023-01-26T09:26:14+00:00" }, { "name": "symfony/polyfill-php81", @@ -5437,16 +5437,16 @@ }, { "name": "symfony/twig-bridge", - "version": "v4.4.44", + "version": "v4.4.51", "source": { "type": "git", "url": "https://github.com/symfony/twig-bridge.git", - "reference": "53e4f5ed93901d857ec07e2440cc113537c1a489" + "reference": "83b021cd395053ed30327b9ee5d3fd60631f73f5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/twig-bridge/zipball/53e4f5ed93901d857ec07e2440cc113537c1a489", - "reference": "53e4f5ed93901d857ec07e2440cc113537c1a489", + "url": "https://api.github.com/repos/symfony/twig-bridge/zipball/83b021cd395053ed30327b9ee5d3fd60631f73f5", + "reference": "83b021cd395053ed30327b9ee5d3fd60631f73f5", "shasum": "" }, "require": { @@ -5534,7 +5534,7 @@ "description": "Provides integration for Twig with various Symfony components", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/twig-bridge/tree/v4.4.44" + "source": "https://github.com/symfony/twig-bridge/tree/v4.4.51" }, "funding": [ { @@ -5550,7 +5550,7 @@ "type": "tidelift" } ], - "time": "2022-07-20T09:59:04+00:00" + "time": "2023-11-09T21:17:38+00:00" }, { "name": "symfony/twig-bundle", @@ -6099,16 +6099,16 @@ }, { "name": "twig/twig", - "version": "v2.15.3", + "version": "v2.15.5", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "ab402673db8746cb3a4c46f3869d6253699f614a" + "reference": "fc02a6af3eeb97c4bf5650debc76c2eda85ac22e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/ab402673db8746cb3a4c46f3869d6253699f614a", - "reference": "ab402673db8746cb3a4c46f3869d6253699f614a", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/fc02a6af3eeb97c4bf5650debc76c2eda85ac22e", + "reference": "fc02a6af3eeb97c4bf5650debc76c2eda85ac22e", "shasum": "" }, "require": { @@ -6163,7 +6163,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v2.15.3" + "source": "https://github.com/twigphp/Twig/tree/v2.15.5" }, "funding": [ { @@ -6175,7 +6175,7 @@ "type": "tidelift" } ], - "time": "2022-09-28T08:40:08+00:00" + "time": "2023-05-03T17:49:41+00:00" }, { "name": "web-token/jwt-core", @@ -10447,5 +10447,5 @@ "platform-overrides": { "php": "7.2.5" }, - "plugin-api-version": "2.3.0" + "plugin-api-version": "2.6.0" } From e07636c3330b70991d7dc13fb0d50b3d6e446c53 Mon Sep 17 00:00:00 2001 From: Dan Date: Tue, 5 Dec 2023 17:45:43 +0200 Subject: [PATCH 23/24] Moving from CMD to ENTRYPOINT --- docker/Dockerfile.dev | 2 +- docker/Dockerfile.prod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile.dev b/docker/Dockerfile.dev index 4cc232be..6e77763a 100644 --- a/docker/Dockerfile.dev +++ b/docker/Dockerfile.dev @@ -7,4 +7,4 @@ EXPOSE 80 # Set the default workdir WORKDIR /var/www/html -CMD ["apache2-foreground"] +ENTRYPOINT ["apache2-foreground"] diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index 3dac3f69..96da752f 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -19,4 +19,4 @@ EXPOSE 80 # Set the default workdir WORKDIR /var/www/html -CMD ["apache2-foreground"] +ENTRYPOINT ["apache2-foreground"] From 8e82d6c3c3d4a916d555d3c99621688e9f2d5a1f Mon Sep 17 00:00:00 2001 From: Dan Date: Thu, 14 Dec 2023 17:04:23 +0200 Subject: [PATCH 24/24] Removing the dev image --- .github/workflows/build-push-docker-image.yml | 10 ---------- docker/Dockerfile.dev | 10 ---------- 2 files changed, 20 deletions(-) delete mode 100644 docker/Dockerfile.dev diff --git a/.github/workflows/build-push-docker-image.yml b/.github/workflows/build-push-docker-image.yml index 97207eef..5edf8fcf 100644 --- a/.github/workflows/build-push-docker-image.yml +++ b/.github/workflows/build-push-docker-image.yml @@ -46,13 +46,3 @@ jobs: ghcr.io/openconext/stepup-tiqr/stepup-tiqr:prod ghcr.io/openconext/stepup-tiqr/stepup-tiqr:${{ github.sha }} ghcr.io/openconext/stepup-tiqr/stepup-tiqr:${{ steps.release.outputs.tag_name }} - - - name: Build and push the Development image - uses: docker/build-push-action@v4 - with: - context: . - file: docker/Dockerfile.dev - platforms: linux/amd64,linux/arm64 - push: true - tags: | - ghcr.io/openconext/stepup-tiqr/stepup-tiqr:dev diff --git a/docker/Dockerfile.dev b/docker/Dockerfile.dev deleted file mode 100644 index 6e77763a..00000000 --- a/docker/Dockerfile.dev +++ /dev/null @@ -1,10 +0,0 @@ -FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2-node14-composer2:latest - -RUN rm -rf /etc/apache2/sites-enabled/* -COPY ./docker/conf/tiqr-apache2.conf /etc/apache2/sites-enabled/tiqr.conf -EXPOSE 80 - -# Set the default workdir -WORKDIR /var/www/html - -ENTRYPOINT ["apache2-foreground"]