[UXENG-3768] Updating dev-center dependencies to remove node vulnerabilities

.nvmrc

@@ -1 +1 @@
-14.17
+17.3

.stylelintrc

@@ -17,17 +17,17 @@
           "box-sizing",
           "interpolation-mode",
           "text-size-adjust",
-          "transform",
-        ],
-      },
+          "transform"
+        ]
+      }
     ],
     "scss/dollar-variable-pattern": null,
     "selector-max-id": 2,
-    "selector-no-qualifying-type": null,
+    "selector-no-qualifying-type": null
   },
   "ignoreFiles": [
     "_sass/vendor/**/*.scss",
     "css/pygments-github.css",
-    "css/vendors.css",
-  ],
+    "css/vendors.css"
+  ]
 }

README.md

@@ -12,7 +12,7 @@ These docs are built on Jekyll. Learn more over at [the official Jekyll page](ht
 2. Log in to Docker using the `algojenkins` account. (Email `devops+jenkins@algorithmia.com`, password in LastPass; note that the `Username` will be `algojenkins`, not the email address that's in LastPass)
 3. Clone this repo and run `yarn setup` from within the top-level directory
   - If you're on MacOS and don't have `yarn` yet, [you can install it globally](https://classic.yarnpkg.com/en/docs/install#mac-stable)
-  - Then, if `yarn setup` returns "The engine "node" is incompatible with this module..." error, you can first `brew install nvm` and then `nvm install 14.17.1`
+  - Then, if `yarn setup` returns "The engine "node" is incompatible with this module..." error, you can first `brew install nvm` and then `nvm install 17.3`
   - Once that’s installed you may need to run one final `nvm use <version_number>` command to ensure node uses the latest version
 
 

cve_exceptions

@@ -31,7 +31,6 @@ CVE-2011-4116 # Patch not backported - perl-base:5.28.1-6+deb10u1
 CVE-2005-2541 # Red Hat's official stance: "This is the documented and expected behaviour of tar" so this isn't going to be fixed - tar:1.30+dfsg-6
 CVE-2019-9923 # Red Hat's official stance: "This is the documented and expected behaviour of tar" so this isn't going to be fixed - tar:1.30+dfsg-6
 CVE-2021-39537 # Response from bug finder: might be a CVE, but the impact should be much lower. There is no code execution. - libncursesw6:6.1+20181013-2+deb10u2, libtinfo6:6.1+20181013-2+deb10u2, ncurses-base:6.1+20181013-2+deb10u2, ncurses-bin:6.1+20181013-2+deb10u2
-CVE-2020-7608 # Recommended to require schema validation and avoid unsafe - yargs-parser:11.1.1
 CVE-2021-33560 # Patch not backported - libgcrypt20:1.8.4-5+deb10u1
 CVE-2021-43618 # Patch not backported - libgmp10:2:6.1.2+dfsg-4
 CVE-2020-16156 # # Recommendation: The first line of protection is to not use untrusted mirrors - perl-base:5.28.1-6+deb10u1

local.node.Dockerfile

@@ -1,4 +1,4 @@
-FROM node:14.17-buster-slim
+FROM node:17.3-buster-slim
 
 COPY package.json yarn.lock ./
 

package.json

@@ -14,20 +14,21 @@
     "reset:cache": "rm -rf .jekyll-cache && rm -rf .jekyll-metadata && rm -rf _site"
   },
   "devDependencies": {
-    "axios": "^0.21.2",
-    "chai": "^4.3.4",
-    "http-proxy-middleware": "^0.20.0",
-    "mocha": "^6.2.0",
+    "axios": "^0.25.0",
+    "chai": "^4.3.6",
+    "http-proxy-middleware": "^2.0.2",
+    "mocha": "^9.2.0",
     "shelljs": "^0.8.5",
-    "stylelint": "^13.12.0",
-    "stylelint-config-sass-guidelines": "^8.0.0"
+    "stylelint": "^14.3.0",
+    "stylelint-config-sass-guidelines": "^9.0.1"
   },
   "dependencies": {
     "bunyan": "^1.8.15",
+    "concurrently": "^7.0.0",
     "cross-env": "^7.0.3",
-    "express": "^4.17.1",
-    "prom-client": "^13.1.0",
-    "redoc": "^2.0.0-rc.57",
+    "express": "^4.17.2",
+    "prom-client": "^14.0.1",
+    "redoc": "^2.0.0-rc.63",
     "request-stats": "^3.0.0"
   },
   "engines": {

server/index.js

@@ -1,4 +1,5 @@
 const express = require('express');
+const { createProxyMiddleware } = require('http-proxy-middleware');
 const path = require('path');
 const querystring = require('querystring');
 const Bunyan = require('bunyan');
@@ -115,7 +116,7 @@ app.get('*', (req, res, next) => {
 
 if (!isProduction) {
   app.use(
-    require('http-proxy-middleware')({
+    createProxyMiddleware({
       target: config.env.stage.devCenterUrl,
       changeOrigin: true,
     })
@@ -150,7 +151,7 @@ app.use(/^\/developers/, (req, res, next) => {
 
   const basePath = path.join(
     __dirname,
-    `../sites/${usePublic ? 'public' : 'enterprise'}`,
+    `../sites/${!usePublic ? 'public' : 'enterprise'}`,
     'developers'
   );