Merge pull request #1170 from pycontw/resolve-cve-babel-traverse

deps: resolve CVE-2023-45133
pycontw · Apr 7, 2024 · f349915 · f349915
2 parents f44e7ea + d680271
commit f349915
Show file tree

Hide file tree

Showing 5 changed files with 1,265 additions and 740 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -4,6 +4,9 @@ FROM node:8.16.0-buster-slim as node_stage
 COPY ./yarn.lock yarn.lock
 COPY ./package.json package.json
 
+RUN apt-get update
+RUN apt-get install python-pip -y
+
 RUN npm install -g yarn
 RUN yarn install --dev --frozen-lockfile  \
  && rm -rf $HOME/.cache/yarn/*

diff --git a/dev.Dockerfile b/dev.Dockerfile
@@ -15,11 +15,7 @@ FROM python:3.6-slim-buster as python_stage
 
 WORKDIR /app
 
-COPY --from=node_stage /node_modules ./node_modules
-COPY --from=node_stage /usr/local/bin/node /usr/local/bin/node
-
 ENV PYTHONUNBUFFERED 1
-ENV BASE_DIR /usr/local
 
 # Infrastructure tools
 # gettext is used for django to compile .po to .mo files.
@@ -36,6 +32,9 @@ RUN apt-get install -y \
 COPY ./requirements ./requirements
 RUN pip3 install -r ./requirements/dev.txt
 
+COPY --from=node_stage /node_modules ./node_modules
+COPY --from=node_stage /usr/local/bin/node /usr/local/bin/node
+
 # for entry point
 COPY ./docker-entrypoint.sh /docker-entrypoint.sh
 RUN chmod +x /docker-entrypoint.sh
diff --git a/package.json b/package.json
@@ -5,11 +5,15 @@
   "author": "PyCon Taiwan <[email protected]>",
   "private": true,
   "devDependencies": {
+    "@babel/core": "^7.23.2",
+    "@babel/plugin-proposal-function-sent": "^7.23.2",
+    "@babel/plugin-proposal-throw-expressions": "^7.23.2",
+    "@babel/plugin-syntax-dynamic-import": "^7.8.3",
+    "@babel/plugin-syntax-import-meta": "^7.10.4",
+    "@babel/plugin-transform-class-properties": "^7.23.2",
+    "@babel/preset-env": "^7.23.2",
     "autoprefixer": "^8.0.0",
-    "babel-core": "^6.26.0",
-    "babel-preset-env": "^1.6.1",
-    "babel-preset-stage-2": "^6.24.1",
-    "babelify": "^8.0.0",
+    "babelify": "^10.0.0",
     "browserify": "^16.1.0",
     "node-sass": "^4.9.0",
     "postcss-cli": "^5.0.0"

diff --git a/src/pycontw2016/settings/base.py b/src/pycontw2016/settings/base.py
@@ -251,9 +251,16 @@ def node_bin(name):
 COMPRESS_ES6_COMPILER_CMD = (
     'export NODE_PATH="{paths}" && '
     '{browserify_bin} "{infile}" -o "{outfile}" '
-    '-t [ "{node_modules}/babelify" '
-    '--presets="{node_modules}/babel-preset-env,'
-    '{node_modules}/babel-preset-stage-2" ]'
+    '-t [ '
+    '"{node_modules}/babelify" '
+    '--presets [ "@babel/preset-env" ] '
+    '--plugins [ '
+    '@babel/plugin-proposal-function-sent '
+    '@babel/plugin-proposal-throw-expressions '
+    '@babel/plugin-syntax-dynamic-import '
+    '@babel/plugin-syntax-import-meta '
+    '@babel/plugin-transform-class-properties ] '
+    ']'
 )
 
 COMPRESS_NODE_SASS_BIN = node_bin('node-sass')