Security vulns (#119)

* Security vulns

* Bump semver package

* Lock node to 16.20.2

Author: danielm-codefresh

.nvmrc

@@ -1 +1 @@
-v16.18.1
+v16.20.2

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:16.20-bullseye-slim
+FROM node:16.20.2-bullseye-slim
 
 WORKDIR /root/cf-runtime
 

package.json

@@ -7,7 +7,8 @@
   ],
   "resolutions": {
     "minimist": "^0.2.1",
-    "redis": "^3.1.1"
+    "redis": "^3.1.1",
+    "semver": "^7.5.2"
   },
   "dependencies": {
     "@codefresh-io/task-logger": "^1.10.1",
@@ -42,7 +43,7 @@
     "sinon-chai": "^3.7.0"
   },
   "engines": {
-    "node": "16.20"
+    "node": "16.20.2"
   },
   "scripts": {
     "lint": "eslint '*/**/*.js'",

service.yaml

@@ -1 +1 @@
-version: 1.10.2
+version: 1.10.3

yarn.lock

@@ -3183,20 +3183,10 @@ saslprep@^1.0.0:
   dependencies:
     sparse-bitfield "^3.0.3"
 
-semver@^5.6.0:
-  version "5.7.1"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7"
-  integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==
-
-semver@^6.1.0, semver@^6.3.0:
-  version "6.3.0"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"
-  integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==
-
-semver@^7.2.1:
-  version "7.3.5"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.5.tgz#0b621c879348d8998e4b0e4be94b3f12e6018ef7"
-  integrity sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==
+semver@^5.6.0, semver@^6.1.0, semver@^6.3.0, semver@^7.2.1, semver@^7.5.2:
+  version "7.5.4"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e"
+  integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==
   dependencies:
     lru-cache "^6.0.0"