Age | Commit message (Collapse) | Author |
|
Ruby 2.7.3 introduced a new bug with Resolv::DNS, which we heavily use within
Mastodon: https://bugs.ruby-lang.org/issues/17781
Ruby 2.7.3 also included security fixes for two CVEs, but those do not seem
to apply to Mastodon:
https://github.com/tootsuite/mastodon/pull/16004#issuecomment-815125025
|
|
* Upgrade Ruby to 2.7.3
https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-7-3-released/
includes security fixes to
- CVE-2021-28965: XML round-trip vulnerability in REXML
- CVE-2021-28966: Path traversal in Tempfile on Windows
* Update rexml to 3.2.5
https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
|
|
|
|
* Format, apply hadolint suggestions, little nitpicks
* Use pre compiled jemalloc
* Use tini from package repository
|
|
|
|
This is a security release. You can read the announce at
https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
|
|
Kaniko does not support looking up binaries from $PATH, so we
specify the full path to the bash binary.
Co-authored-by: kaiyou <dev@kaiyou.fr>
|
|
|
|
thwait and e2mmap are no longer needed in Gemfile.
Gems properly require those.
|
|
* Dockerfile: Fix building with multiarch
Tested on amd64 and arm64
* Reduce docker image size by clean up some unneeded source file
|
|
|
|
|
|
* Update Dockerfile
* Update Dockerfile
|
|
hardcoded Node.js architecture (#13081)
* Use ARCH variable instead of hardcoded x64
* fix formating
|
|
|
|
|
|
|
|
[Rkt](https://coreos.com/rkt) doesn't allow ports to be exposed to containers unless they are declared in the container manifest. Re-adding EXPOSE back in (removed in 1dbf993bce5627e2c3fcab6e9c63b5279dff018a) allows the container to be used on rkt based systems.
|
|
|
|
|
|
|
|
* Update Ruby/Node/jemalloc source for Docker Image
* Update Dockerfile
* Update Dockerfile
|
|
|
|
|
|
|
|
|
|
|
|
- Always run apt update before any other apt command. (This fixes
incremental builds failing if a remote package is updated.)
- Only copy dependency lists before installing dependencies. (This means
editing code doesn't force all dependencies to be re-downloaded.)
- Delete cache in the same layer that it is created. (Otherwise,
deleting cache *increases* the size of the image on non-squashed
builds.)
- Move the installation of some static dependencies to *before* Mastodon
code is imported to Docker.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
system memory help (#8842)
|
|
* Revert "update vagrant configs (#8706)"
This reverts commit 8971bb8cf29ce940345cf306725dd3f71e8ffded.
* Revert "Updated ruby/node images (#8700)"
This reverts commit 5aae71cf60ba436579e61a330d9cb5d9807ccdd2.
|
|
|
|
* Dockerfile: run asset precompilation as a build step
* Replace OTP_SECRET and SECRET_KEY_BASE with placeholders
|
|
|
|
|
|
|
|
|
|
https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/
> This release includes some bug fixes and some security fixes.
>
> - CVE-2017-17742: HTTP response splitting in WEBrick
> - CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
> - CVE-2018-8777: DoS by large request in WEBrick
> - CVE-2018-8778: Buffer under-read in String#unpack
> - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
> - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
> - Multiple vulnerabilities in RubyGems
|
|
Fix #6809
I don't know why, either
|
|
Fix 6734
|
|
Yarn was manually installed to meet the Yarn version requirement of
webpacker. Today, Alpine Linux 3.7 provides Yarn new enough.
|
|
It is no longer necessary since commit
be9bab171dc2b1fe43bc742decb71f64541ca347.
|