From d046f8316d17632a7b23fc6ccc6cc39c5a5e221b Mon Sep 17 00:00:00 2001 From: Daniel Volz Date: Fri, 19 Dec 2025 13:15:32 +0100 Subject: [PATCH] Use Node 25 images and update sensible --- .env.example | 10 +++--- backend/Dockerfile | 4 +-- backend/package.json | 2 +- frontend/Dockerfile | 2 +- package-lock.json | 80 +++++++++++++++++++++++++++----------------- 5 files changed, 58 insertions(+), 40 deletions(-) diff --git a/.env.example b/.env.example index dbf6cab..5b6e07a 100644 --- a/.env.example +++ b/.env.example @@ -4,11 +4,11 @@ DATABASE_URL=file:./data/medassist.db CORS_ORIGINS=http://localhost:4173,http://localhost:5173 LOG_LEVEL=info -# Auth -JWT_SECRET=change-me -REFRESH_SECRET=change-me-too -COOKIE_SECRET=change-me-cookie -CSRF_SECRET=change-me-csrf +# Auth (use strong secrets; min 10 chars required) +JWT_SECRET=change-me-now-with-stronger-secret +REFRESH_SECRET=change-me-refresh-strong-secret +COOKIE_SECRET=change-me-cookie-strong-secret +CSRF_SECRET=change-me-csrf-strong-secret ACCESS_TOKEN_TTL_MIN=15 REFRESH_TOKEN_TTL_DAYS=14 diff --git a/backend/Dockerfile b/backend/Dockerfile index ae075a0..87ad842 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -1,5 +1,5 @@ # Backend build -FROM node:22-slim AS builder +FROM node:25-slim AS builder WORKDIR /app COPY package.json tsconfig.json drizzle.config.ts ./ COPY src ./src @@ -9,7 +9,7 @@ RUN npm run build RUN npm prune --omit=dev # Runtime -FROM node:22-slim AS runner +FROM node:25-slim AS runner WORKDIR /app ENV NODE_ENV=production COPY --from=builder /app/node_modules ./node_modules diff --git a/backend/package.json b/backend/package.json index fd2a03c..711d452 100644 --- a/backend/package.json +++ b/backend/package.json @@ -16,7 +16,7 @@ "@fastify/helmet": "^11.1.1", "@fastify/jwt": "^10.0.0", "@fastify/rate-limit": "^10.1.0", - "@fastify/sensible": "^5.0.1", + "@fastify/sensible": "^6.0.4", "@libsql/client": "^0.10.0", "argon2": "^0.40.0", "dotenv": "^16.4.5", diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 949e79a..495dd23 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -1,5 +1,5 @@ # Frontend build -FROM node:22-slim AS builder +FROM node:25-slim AS builder WORKDIR /app COPY package.json tsconfig.json tsconfig.node.json vite.config.ts index.html ./ COPY src ./src diff --git a/package-lock.json b/package-lock.json index e2c8eed..9573d1d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21,7 +21,7 @@ "@fastify/helmet": "^11.1.1", "@fastify/jwt": "^10.0.0", "@fastify/rate-limit": "^10.1.0", - "@fastify/sensible": "^5.0.1", + "@fastify/sensible": "^6.0.4", "@libsql/client": "^0.10.0", "argon2": "^0.40.0", "dotenv": "^16.4.5", @@ -978,26 +978,30 @@ } }, "node_modules/@fastify/sensible": { - "version": "5.6.0", - "resolved": "https://registry.npmjs.org/@fastify/sensible/-/sensible-5.6.0.tgz", - "integrity": "sha512-Vq6Z2ZQy10GDqON+hvLF52K99s9et5gVVxTul5n3SIAf0Kq5QjPRUKkAMT3zPAiiGvoHtS3APa/3uaxfDgCODQ==", + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/@fastify/sensible/-/sensible-6.0.4.tgz", + "integrity": "sha512-1vxcCUlPMew6WroK8fq+LVOwbsLtX+lmuRuqpcp6eYqu6vmkLwbKTdBWAZwbeaSgCfW4tzUpTIHLLvTiQQ1BwQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fastify" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/fastify" + } + ], "license": "MIT", "dependencies": { - "@lukeed/ms": "^2.0.1", - "fast-deep-equal": "^3.1.1", - "fastify-plugin": "^4.0.0", + "@lukeed/ms": "^2.0.2", + "dequal": "^2.0.3", + "fastify-plugin": "^5.0.0", "forwarded": "^0.2.0", "http-errors": "^2.0.0", - "type-is": "^1.6.18", + "type-is": "^2.0.1", "vary": "^1.1.2" } }, - "node_modules/@fastify/sensible/node_modules/fastify-plugin": { - "version": "4.5.1", - "resolved": "https://registry.npmjs.org/fastify-plugin/-/fastify-plugin-4.5.1.tgz", - "integrity": "sha512-stRHYGeuqpEZTL1Ef0Ovr2ltazUT9g844X5z/zEBFLG8RYlpDiOCIG+ATvYEp+/zmc7sN29mcIMp8gvYplYPIQ==", - "license": "MIT" - }, "node_modules/@jridgewell/gen-mapping": { "version": "0.3.13", "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz", @@ -1815,6 +1819,15 @@ ], "license": "CC-BY-4.0" }, + "node_modules/content-type": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, "node_modules/convert-source-map": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", @@ -2602,33 +2615,37 @@ "link": true }, "node_modules/media-typer": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", - "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-1.1.0.tgz", + "integrity": "sha512-aisnrDP4GNe06UcKFnV5bfMNPBUw4jsLGaWwWfnH3v02GnBuXX2MCVn5RbrWo0j3pczUilYblq7fQ7Nw2t5XKw==", "license": "MIT", "engines": { - "node": ">= 0.6" + "node": ">= 0.8" } }, "node_modules/mime-db": { - "version": "1.52.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", - "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "version": "1.54.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", + "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", "license": "MIT", "engines": { "node": ">= 0.6" } }, "node_modules/mime-types": { - "version": "2.1.35", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", - "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.2.tgz", + "integrity": "sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A==", "license": "MIT", "dependencies": { - "mime-db": "1.52.0" + "mime-db": "^1.54.0" }, "engines": { - "node": ">= 0.6" + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/minimalistic-assert": { @@ -3214,13 +3231,14 @@ } }, "node_modules/type-is": { - "version": "1.6.18", - "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", - "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-2.0.1.tgz", + "integrity": "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw==", "license": "MIT", "dependencies": { - "media-typer": "0.3.0", - "mime-types": "~2.1.24" + "content-type": "^1.0.5", + "media-typer": "^1.1.0", + "mime-types": "^3.0.0" }, "engines": { "node": ">= 0.6"