dep updates

Update zoeyvid/nginx-quic Docker tag to v229
Update zoeyvid/certbot-docker Docker tag to v17
Update zoeyvid/nginx-quic Docker tag to v228
Update alpine Docker tag to v3.19.0
Update caddy Docker tag to v2.7.6
Update dependency knex to v3.1.0
Update zoeyvid/nginx-quic Docker tag to v225
Update dependency sass-loader to v10.5.0
Update zoeyvid/certbot-docker Docker tag to v15
Update zoeyvid/nginx-quic Docker tag to v230
Signed-off-by: Zoey <[email protected]>

Author: renovate[bot]

.github/workflows/caddy-fmt.yml

@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v4
       - name: Read version
         id: version
-        run: echo "version=$(cat Caddy.Dockerfile | grep -wE "FROM caddy:*" | head -1 | sed "s|FROM caddy:||g")" >> $GITHUB_OUTPUT
+        run: echo "version=$(cat Caddy.Dockerfile | grep -wE "FROM caddy:*" | head -1 | sed "s|FROM caddy:\([0-9.]\+\).*|\1|g")" >> $GITHUB_OUTPUT
       - name: caddy-fmt
         run: |
           docker run --rm -v ${{ github.workspace }}/Caddyfile:/etc/caddy/Caddyfile caddy:${{ steps.version.outputs.version }} caddy fmt --overwrite /etc/caddy/Caddyfile

Caddy.Dockerfile

@@ -1,3 +1,6 @@
-FROM caddy:2.7.5
+FROM caddy:2.7.6 as caddy
+
+FROM alpine:3.19.0
 RUN apk add --no-cache ca-certificates tzdata
+COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 COPY Caddyfile /etc/caddy/Caddyfile

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform="$BUILDPLATFORM" alpine:3.18.5 as frontend
+FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as frontend
 COPY frontend                        /build/frontend
 COPY global/certbot-dns-plugins.js   /build/frontend/certbot-dns-plugins.js
 ARG NODE_ENV=production \
@@ -12,7 +12,7 @@ COPY darkmode.css /build/frontend/dist/css/darkmode.css
 COPY security.txt /build/frontend/dist/.well-known/security.txt
 
 
-FROM --platform="$BUILDPLATFORM" alpine:3.18.5 as backend
+FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as backend
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 COPY backend                        /build/backend
 COPY global/certbot-dns-plugins.js  /build/backend/certbot-dns-plugins.js
@@ -30,10 +30,13 @@ RUN apk add --no-cache ca-certificates nodejs-current yarn && \
     yarn cache clean --all
 
 
-FROM --platform="$BUILDPLATFORM" alpine:3.18.5 as crowdsec
+FROM --platform="$BUILDPLATFORM" alpine:3.19.0 as crowdsec
+
+ARG CSNB_VER=v1.0.5
+
 WORKDIR /src
 RUN apk add --no-cache ca-certificates git build-base && \
-    git clone --recursive https://github.com/crowdsecurity/cs-nginx-bouncer /src && \
+    git clone --recursive https://github.com/crowdsecurity/cs-nginx-bouncer --branch "$CSNB_VER" /src && \
     make && \
     tar xzf crowdsec-nginx-bouncer.tgz && \
     mv crowdsec-nginx-bouncer-* crowdsec-nginx-bouncer && \
@@ -45,22 +48,21 @@ RUN apk add --no-cache ca-certificates git build-base && \
     sed -i "s|BAN_TEMPLATE_PATH=.*|BAN_TEMPLATE_PATH=/data/etc/crowdsec/ban.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \
     sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
 
-FROM zoeyvid/certbot-docker:14 as certbot
+FROM zoeyvid/certbot-docker:17 as certbot
 
-FROM zoeyvid/nginx-quic:219
+FROM zoeyvid/nginx-quic:230
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+
+ARG CRS_VER=v4.0/dev
+
 COPY rootfs /
 RUN apk add --no-cache ca-certificates tzdata tini \
     lua5.1-lzlib \
     nodejs-current \
     openssl apache2-utils \
     coreutils grep jq curl shadow sudo \
     luarocks5.1 wget lua5.1-dev build-base git yarn && \
-    wget -q https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended -O /usr/local/nginx/conf/conf.d/include/modsecurity.conf.example && \
-    wget -q https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/unicode.mapping -O /usr/local/nginx/conf/conf.d/include/unicode.mapping && \
-    sed -i "s|SecRuleEngine.*|SecRuleEngine On|g" /usr/local/nginx/conf/conf.d/include/modsecurity.conf.example && \
-    sed -i "s|unicode.mapping|/usr/local/nginx/conf/conf.d/include/unicode.mapping|g" /usr/local/nginx/conf/conf.d/include/modsecurity.conf.example && \
-    git clone https://github.com/coreruleset/coreruleset /tmp/coreruleset && \
+    git clone https://github.com/coreruleset/coreruleset --branch "$CRS_VER" /tmp/coreruleset && \
     mkdir -v /usr/local/nginx/conf/conf.d/include/coreruleset && \
     mv -v /tmp/coreruleset/crs-setup.conf.example /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example && \
     mv -v /tmp/coreruleset/rules /usr/local/nginx/conf/conf.d/include/coreruleset/rules && \

backend/package.json

@@ -15,7 +15,7 @@
     "express-fileupload": "1.4.3",
     "gravatar": "1.8.2",
     "jsonwebtoken": "9.0.2",
-    "knex": "3.0.1",
+    "knex": "3.1.0",
     "liquidjs": "10.9.4",
     "lodash": "4.17.21",
     "moment": "2.29.4",

frontend/package.json

@@ -30,7 +30,7 @@
     "node-sass": "7.0.3",
     "nodemon": "3.0.2",
     "numeral": "2.0.6",
-    "sass-loader": "10.4.1",
+    "sass-loader": "10.5.0",
     "style-loader": "3.3.3",
     "tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813",
     "underscore": "1.13.6",