kubernetes-sigs/kustomize
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kustomize.git synced 2026-05-17 18:25:26 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

chore: pin dev deps in the dev container

Browse Source 
Copy package.json and package-lock.json into the site dev container
and use them to pin the versions and checksums for autoprefixer,
postcss-cli, and their dependencies.

This should help reduce risk of importing newer dependency versions
that haven't passed vulnerability checks.
This commit is contained in:
Karl Isenberg
2024-02-05 11:02:43 -08:00
parent 31b852c7bc
commit 3bd9ea8ee7
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
site/Dockerfile
View File

@@ -28,8 +28,14 @@ RUN apk add --no-cache \
git \
openssh-client \
rsync \
npm && \
npm install -D autoprefixer postcss-cli
npm
RUN mkdir -p /usr/local/node_packages
WORKDIR /usr/local/node_packages
COPY package.json ./
COPY package-lock.json ./
RUN npm install -D autoprefixer postcss-cli
ENV PATH="/usr/local/node_packages/node_modules/.bin:${PATH}"
RUN mkdir -p /var/hugo && \
addgroup -Sg 1000 hugo && \