Merge branch 'master-global-audit-view-vulnerabilities' of https://gi…

…thub.com/rbt-mm/frontend into master-global-audit-view-vulnerabilities

.dockerignore

@@ -11,4 +11,4 @@ node_modules/
 release.sh
 snapshot.sh
 !docker/etc/nginx/conf.d/default.conf
-!docker/docker-entrypoint.sh
+!docker/docker-entrypoint.d/*.sh

.github/ISSUE_TEMPLATE/defect-report.yml

@@ -60,9 +60,10 @@ body:
       What version of the Dependency-Track Frontend are you using?
     options:
     - 4.7.x
-    - 4.8.0
-    - 4.8.1
-    - 4.9.0-SNAPSHOT
+    - 4.8.x
+    - 4.9.x
+    - 4.10.0
+    - 4.11.0-SNAPSHOT
   validations:
     required: true
 - type: dropdown

.github/workflows/_meta-build.yaml

@@ -38,10 +38,10 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
 
       - name: Set up NodeJs
-        uses: actions/setup-node@v3.7.0
+        uses: actions/setup-node@v4.0.2
         with:
           node-version: ${{ matrix.node-version }}
           cache: 'npm'
@@ -54,7 +54,7 @@ jobs:
           npm run build --if-present
 
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v3.1.2
+        uses: actions/upload-artifact@v4.3.1
         with:
           name: assembled-frontend-node${{ matrix.node-version }}
           path: |-
@@ -68,24 +68,24 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v3.0.2
+        uses: actions/download-artifact@v4.1.2
         with:
           name: assembled-frontend-node${{ inputs.node-version-package }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.2.0
+        uses: docker/setup-qemu-action@v3.0.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2.9.1
+        uses: docker/setup-buildx-action@v3.0.0
         id: buildx
         with:
           install: true
 
       - name: Login to Docker.io
-        uses: docker/login-action@v2.2.0
+        uses: docker/login-action@v3.0.0
         if: ${{ inputs.publish-container }}
         with:
           registry: docker.io
@@ -103,7 +103,7 @@ jobs:
           echo "tags=${TAGS}" >> $GITHUB_OUTPUT
 
       - name: Build multi-arch Container Image
-        uses: docker/build-push-action@v4.1.1
+        uses: docker/build-push-action@v5.1.0
         with:
           tags: ${{ steps.tags.outputs.tags }}
           build-args: |-
@@ -116,7 +116,7 @@ jobs:
 
       - name: Run Trivy Vulnerability Scanner
         if: ${{ inputs.publish-container }}
-        uses: aquasecurity/trivy-action@0.11.2
+        uses: aquasecurity/trivy-action@0.17.0
         with:
           image-ref: docker.io/dependencytrack/frontend:${{ inputs.app-version }}
           format: 'sarif'
@@ -126,6 +126,6 @@ jobs:
 
       - name: Upload Trivy Scan Results to GitHub Security Tab
         if: ${{ inputs.publish-container }}
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'

.github/workflows/ci-publish.yaml

@@ -20,7 +20,7 @@ jobs:
           fi
 
       - name: Checkout Repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
 
       - name: Parse Version from package.json
         id: parse
@@ -46,12 +46,12 @@ jobs:
       - call-build
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v3.0.2
+        uses: actions/download-artifact@v4.1.2
         with:
-          name: assembled-frontend-node16
+          name: assembled-frontend-node18
 
       - name: Create Checksums
         run: |-

.github/workflows/ci-release.yaml

@@ -21,10 +21,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
 
       - name: Set up NodeJs
-        uses: actions/setup-node@v3.7.0
+        uses: actions/setup-node@v4.0.2
         with:
           node-version: '18'
           cache: 'npm'

.github/workflows/codeql-analysis.yaml

@@ -26,11 +26,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3.5.3
+      uses: actions/checkout@v4.1.1
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -41,7 +41,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -55,4 +55,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/dependency-review.yaml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
 
       - name: Dependency Review
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@v4

README.md

@@ -1,4 +1,4 @@
-[![Build Status](https://github.com/DependencyTrack/frontend/workflows/Node%20CI/badge.svg)](https://github.com/DependencyTrack/frontend/actions?workflow=Node+CI)
+[![Build Status](https://github.com/DependencyTrack/frontend/actions/workflows/ci-build.yaml/badge.svg)](https://github.com/DependencyTrack/frontend/actions?workflow=Build+CI)
 [![Codacy Badge](https://app.codacy.com/project/badge/Grade/364443f9f30c4b70b56e5be76c9e079c)](https://www.codacy.com/gh/DependencyTrack/frontend/dashboard?utm_source=github.com&utm_medium=referral&utm_content=DependencyTrack/frontend&utm_campaign=Badge_Grade)
 [![License](https://img.shields.io/badge/license-Apache%202.0-brightgreen.svg)][License]
 [![Latest (including pre-releases)](https://img.shields.io/github/v/release/dependencytrack/frontend?include_prereleases)](https://github.com/DependencyTrack/frontend/releases)

babel.config.js

@@ -1,12 +1,9 @@
 module.exports = {
-  plugins: [
-    '@babel/plugin-proposal-optional-chaining'
-  ],
   presets: [
     ['@vue/babel-preset-jsx'],
     ['@babel/preset-env', {
       'useBuiltIns': 'entry',
-      'corejs': '3.30'
+      'corejs': '3.33'
     }]
   ]
 }

docker/Dockerfile.alpine

@@ -1,4 +1,4 @@
-FROM nginxinc/nginx-unprivileged:1.25.1-alpine@sha256:279824ecfd934ab8cf08b5e4debabdc711c5768371203263f2d5c5141423ed80
+FROM nginxinc/nginx-unprivileged:1.25.4-alpine@sha256:ac1db3b263ff319b6756ac552054cd0afe7a159a4687f160d6c573167372e769
 
 # Arguments that can be passed at build time
 ARG COMMIT_SHA=unknown
@@ -30,8 +30,8 @@ RUN chown -R 101:0 ${APP_DIR} \
 USER 101
 
 # Setup entrypoint
-COPY ./docker/etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf
-COPY ./docker/docker-entrypoint.sh /docker-entrypoint.d/30-oidc-configuration.sh
+COPY --chown=101:0 ./docker/etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf
+COPY --chmod=755 ./docker/docker-entrypoint.d/ /docker-entrypoint.d/
 
 # Specify the container working directory
 WORKDIR ${APP_DIR}

docker/docker-entrypoint.d/10-listen-on-ipv6-by-default.sh

@@ -0,0 +1,75 @@
+#!/bin/sh
+# vim:sw=4:ts=4:et
+
+# Copied and modified from:
+# https://github.com/nginxinc/docker-nginx-unprivileged/blob/1.25.2/entrypoint/10-listen-on-ipv6-by-default.sh
+
+set -e
+
+entrypoint_log() {
+    if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
+        echo "$@"
+    fi
+}
+
+ME=$(basename $0)
+DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf"
+
+# check if we have ipv6 available
+if [ ! -f "/proc/net/if_inet6" ]; then
+    entrypoint_log "$ME: info: ipv6 not available"
+    exit 0
+fi
+
+if [ ! -f "/$DEFAULT_CONF_FILE" ]; then
+    entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist"
+    exit 0
+fi
+
+# check if the file can be modified, e.g. not on a r/o filesystem
+touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; }
+
+# check if the file is already modified, e.g. on a container restart
+grep -q "listen  \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; }
+
+if [ -f "/etc/os-release" ]; then
+    . /etc/os-release
+else
+    entrypoint_log "$ME: info: can not guess the operating system"
+    exit 0
+fi
+
+# Modified from original by nscuro:
+#   Do not check whether the default configuration file has been changed vs
+#   what is packaged with the distribution's installation. We customized the
+#   file and want the changes the applied regardless.
+
+#entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE"
+#
+#case "$ID" in
+#    "debian")
+#        CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3)
+#        echo "$CHECKSUM  /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || {
+#            entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version"
+#            exit 0
+#        }
+#        ;;
+#    "alpine")
+#        CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2)
+#        echo "$CHECKSUM  /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || {
+#            entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version"
+#            exit 0
+#        }
+#        ;;
+#    *)
+#        entrypoint_log "$ME: info: Unsupported distribution"
+#        exit 0
+#        ;;
+#esac
+
+# enable ipv6 on default.conf listen sockets
+sed -i -E 's,listen      8080;,listen      8080;\n  listen  [::]:8080;,' /$DEFAULT_CONF_FILE
+
+entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE"
+
+exit 0

docker/docker-entrypoint.d/30-oidc-configuration.sh

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -e
+
+entrypoint_log() {
+    if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
+        echo "$@"
+    fi
+}
+
+ME=$(basename $0)
+
+if ! touch ./static/config.json 2>/dev/null; then
+  entrypoint_log "$ME: info: can not modify config.json - ENV configuration will be ignored"
+else
+  CONFIG=$(jq '.API_BASE_URL = env.API_BASE_URL
+        | .API_WITH_CREDENTIALS = env.API_WITH_CREDENTIALS
+        | .OIDC_ISSUER = env.OIDC_ISSUER
+        | .OIDC_CLIENT_ID = env.OIDC_CLIENT_ID
+        | .OIDC_SCOPE = env.OIDC_SCOPE
+        | .OIDC_FLOW = env.OIDC_FLOW
+        | .OIDC_LOGIN_BUTTON_TEXT = env.OIDC_LOGIN_BUTTON_TEXT' \
+    ./static/config.json)
+  echo "${CONFIG}" > ./static/config.json
+  entrypoint_log "$ME: info: effective config: $(echo "${CONFIG}" | jq -c '.')"
+fi
+
+exec "$@"

docker/etc/nginx/conf.d/default.conf

@@ -1,6 +1,5 @@
 server {
   listen      8080;
-  listen      [::]:8080;
   server_name _;
 
   location / {