Security improvements (#6890)

* Set write permissions at job level * publish scorecard results * Update scorecard.yml * Update scorecard.yml * Create .sonarcloud.properties * Delete .deepsource.toml * replace badge * pin requests, pyyaml, jc * pin yarn version * pin uv * reduce settings * set test path
2025-06-15 11:35:41 +00:00 · 2024-04-02 07:35:01 +01:00
parent 364a9d4fc1
commit 4db61df8cd
10 changed files with 27 additions and 47 deletions
--- a/6
+++ b/6
@ -102,7 +102,7 @@ RUN ./install_build_packages.sh --no-cache --virtual .build-deps && \
 # Frontend builder image:
 FROM prebuild AS frontend

-RUN apk add --no-cache --update nodejs npm && npm install -g yarn
+RUN apk add --no-cache --update nodejs npm && npm install -g yarn@v1.22.22
 RUN yarn config set network-timeout 600000 -g
 COPY InvenTree ${INVENTREE_HOME}/InvenTree
 COPY src ${INVENTREE_HOME}/src
@ -139,11 +139,11 @@ EXPOSE 5173
 # Install packages required for building python packages
 RUN ./install_build_packages.sh

-RUN pip install uv --no-cache-dir && pip install -r base_requirements.txt --no-cache
+RUN pip install uv==0.1.26 --no-cache-dir && pip install -r base_requirements.txt --no-cache

 # Install nodejs / npm / yarn

-RUN apk add --no-cache --update nodejs npm && npm install -g yarn
+RUN apk add --no-cache --update nodejs npm && npm install -g yarn@v1.22.22
 RUN yarn config set network-timeout 600000 -g

 # The development image requires the source code to be mounted to /home/inventree/