fix(cve): kubeflow-centraldashboard GHSA-9wv6-86v2-598j (#29159)

fix cve: GHSA-9wv6-86v2-598j refactor the script which is much eaiser to read, and manage. --------- Signed-off-by: debasishbsws <[email protected]>
wolfi-dev · Sep 23, 2024 · cea8802 · cea8802
1 parent fa1cfb3
commit cea8802
Showing 1 changed file with 33 additions and 7 deletions.
diff --git a/kubeflow-centraldashboard.yaml b/kubeflow-centraldashboard.yaml
@@ -1,7 +1,7 @@
 package:
   name: kubeflow-centraldashboard
   version: 1.9.0
-  epoch: 2
+  epoch: 3
   description: Landing page and central dashboard for Kubeflow deployments
   copyright:
     - license: MIT
@@ -34,13 +34,39 @@ pipeline:
       # Create "overrides" section of package.json
       jq '.overrides |= (if . then . else {} end)' package.json > temp.json && mv temp.json package.json
 
-      for override in '"ajv"="^6.12.3"' '"node-fetch"="^2.6.7"' '"node-forge"="^1.3.0"' '"axios"="^1.6.0"' '"qs"="^6.7.3"' '"underscore"="^1.12.1"' '"minimatch"="^3.0.5"' '"path-parse"="^1.0.7"' '"word-wrap"="^1.2.4"' '"protobufjs"="^6.11.4"' '"request"="^2.88.0"' '"monorepo-symlink-test"="^0.0.0"' '"tough-cookie"="^4.1.3"' '"ws"="^8.17.1"' '"follow-redirects"="^1.15.6"' '"express"="^4.19.2"' '"@grpc/grpc-js"="^1.10.9"' ; do
-        jq ".overrides.${override}" package.json > temp.json && mv temp.json package.json
-      done
+      # Define the overrides
+      overrides='{
+        "ajv": "^6.12.3",
+        "node-fetch": "^2.6.7",
+        "node-forge": "^1.3.0",
+        "axios": "^1.6.0",
+        "qs": "^6.7.3",
+        "underscore": "^1.12.1",
+        "minimatch": "^3.0.5",
+        "path-parse": "^1.0.7",
+        "word-wrap": "^1.2.4",
+        "protobufjs": "^6.11.4",
+        "request": "^2.88.0",
+        "monorepo-symlink-test": "^0.0.0",
+        "tough-cookie": "^4.1.3",
+        "ws": "^8.17.1",
+        "follow-redirects": "^1.15.6",
+        "express": "^4.19.2",
+        "@grpc/grpc-js": "^1.10.9",
+        "path-to-regexp": "0.1.10"
+      }'
 
-      for dep in '"express"="^4.19.2"' '"@grpc/grpc-js"="^1.10.9"' ; do
-        jq ".dependencies.${dep}" package.json > temp.json && mv temp.json package.json
-      done
+      # Apply the overrides
+      jq --argjson overrides "$overrides" '.overrides += $overrides' package.json > temp.json && mv temp.json package.json
+
+      # Define the dependencies
+      dependencies='{
+        "express": "^4.19.2",
+        "@grpc/grpc-js": "^1.10.9"
+      }'
+
+      # Apply the dependencies
+      jq --argjson dependencies "$dependencies" '.dependencies += $dependencies' package.json > temp.json && mv temp.json package.json
 
   - working-directory: components/centraldashboard
     runs: |