overleaf/server-ce/hotfix/5.0.4/Dockerfile

FROM sharelatex/sharelatex:5.0.3

# apply an override to the swagger-tools package to force security updates to multer and qs
# from https://github.com/overleaf/internal/pull/18433
COPY pr_18433.patch .
RUN patch -p1 < pr_18433.patch && rm pr_18433.patch
RUN npm install --include-workspace-root -w services/history-v1 swagger-tools@0.10.4 && rm -rf /root/.cache /root/.npm $(find /tmp/ -mindepth 1 -maxdepth 1)

# remove google-cloud packages which are unused in server-pro have a vulnerable dependency
RUN npm uninstall -w libraries/logger @google-cloud/logging-bunyan
RUN npm uninstall -w libraries/metrics @google-cloud/opentelemetry-cloud-trace-exporter @google-cloud/profiler

# the passport-twitter package has been removed from the monorepo
RUN npm uninstall -w services/web passport-twitter

# remove the unused services/web/scripts/translations directory
RUN rm -r services/web/scripts/translations

# Validate URL protocol before opening from Visual Editor tooltip
# from https://github.com/overleaf/internal/pull/18393
COPY pr_18393.patch .
RUN patch -p1 < pr_18393.patch && rm pr_18393.patch

# Set isEvalSupported to false when loading a PDF document
# from https://github.com/overleaf/internal/pull/18444
COPY pr_18444.patch .
RUN patch -p1 < pr_18444.patch && rm pr_18444.patch

# ensure that the vulnerability audit is run after all changes
RUN npm audit --audit-level=high
[CE/SP] Hotfix 5.0.4 (#18434) * [CE/SP] Hotfix 5.0.4 Remove unused packages with vulnerable dependencies. Upgrade sanitize-html in scripts directory to get security updates. Upgrade swagger-tools dependencies to get security updates. * add note about overrides to server pro release checklist * remove unused services/web/scripts/translations directory from server-pro * include #18393 and #18444 in server pro hotfix 5.0.4 * clean up after patching package-lock apply package-lock patch at start of hotfix build run npm audit at end of hotfix build GitOrigin-RevId: a253def01d481961cd16f4374e2ccffa00417c1f 2024-05-27 05:00:48 -04:00			`FROM sharelatex/sharelatex:5.0.3`

			`# apply an override to the swagger-tools package to force security updates to multer and qs`
			`# from https://github.com/overleaf/internal/pull/18433`
			`COPY pr_18433.patch .`
			`RUN patch -p1 < pr_18433.patch && rm pr_18433.patch`
			`RUN npm install --include-workspace-root -w services/history-v1 swagger-tools@0.10.4 && rm -rf /root/.cache /root/.npm $(find /tmp/ -mindepth 1 -maxdepth 1)`

			`# remove google-cloud packages which are unused in server-pro have a vulnerable dependency`
			`RUN npm uninstall -w libraries/logger @google-cloud/logging-bunyan`
			`RUN npm uninstall -w libraries/metrics @google-cloud/opentelemetry-cloud-trace-exporter @google-cloud/profiler`

			`# the passport-twitter package has been removed from the monorepo`
			`RUN npm uninstall -w services/web passport-twitter`

			`# remove the unused services/web/scripts/translations directory`
			`RUN rm -r services/web/scripts/translations`

			`# Validate URL protocol before opening from Visual Editor tooltip`
			`# from https://github.com/overleaf/internal/pull/18393`
			`COPY pr_18393.patch .`
			`RUN patch -p1 < pr_18393.patch && rm pr_18393.patch`

			`# Set isEvalSupported to false when loading a PDF document`
			`# from https://github.com/overleaf/internal/pull/18444`
			`COPY pr_18444.patch .`
			`RUN patch -p1 < pr_18444.patch && rm pr_18444.patch`

			`# ensure that the vulnerability audit is run after all changes`
			`RUN npm audit --audit-level=high`