Update hugo and remove ^ from version (#1488)

Attempt to update hugo and see if that helps it build.
google · Jul 24, 2023 · 4f362c1 · 4f362c1
1 parent 4263556
commit 4f362c1
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 8 deletions.
diff --git a/docker/ci/Dockerfile b/docker/ci/Dockerfile
@@ -16,16 +16,16 @@ FROM gcr.io/oss-vdb/worker
 
 RUN apt-get update && \
     apt-get install -y \
-        wget \
-        google-cloud-sdk-datastore-emulator \
-        openjdk-11-jre  # Needed for Datastore emulator.
+    wget \
+    google-cloud-sdk-datastore-emulator \
+    openjdk-11-jre  # Needed for Datastore emulator.
 
 COPY daemon.json /etc/docker/daemon.json
 COPY install_go.sh /tmp/install_go.sh
 
 RUN "/tmp/install_go.sh" "/tmp"
 ENV PATH "$PATH:/root/.go/bin:/root/go/bin"
 
-RUN go install -tags extended github.com/gohugoio/hugo@v0.107.0
+RUN go install -tags extended github.com/gohugoio/hugo@v0.111.3
 
 ENTRYPOINT []
diff --git a/docker/ci/build.sh b/docker/ci/build.sh
@@ -0,0 +1,19 @@
+#!/bin/bash -x
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+docker build -t gcr.io/oss-vdb/ci:$1 -t gcr.io/oss-vdb/ci:latest . && \
+gcloud docker -- push gcr.io/oss-vdb/ci:$1 && \
+gcloud docker -- push gcr.io/oss-vdb/ci:latest
diff --git a/docker/deployment/build.sh b/docker/deployment/build.sh
@@ -0,0 +1,19 @@
+#!/bin/bash -x
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+docker build -t gcr.io/oss-vdb/deployment:$1 -t gcr.io/oss-vdb/deployment:latest . && \
+gcloud docker -- push gcr.io/oss-vdb/deployment:$1 && \
+gcloud docker -- push gcr.io/oss-vdb/deployment:latest
diff --git a/gcp/appengine/blog/content/posts/using-the-determineversion-api.md b/gcp/appengine/blog/content/posts/using-the-determineversion-api.md
@@ -115,7 +115,7 @@ And we get a response:
 		{
 		"id": "OSV-2021-777",
 		"summary": "Heap-use-after-free in xmlAddNextSibling",
-		"details": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34461\n\n```\nCrash type: Heap-use-after-free  READ4\nCrashstate:\nxmlAddNextSibling\nxmlXIncludeCopyRange\nxmlXIncludeCopyXPointer\n```\n",
+		"details": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34461\n\n```\nCrash type: Heap-use-after-free  READ4\nCrash state:\nxmlAddNextSibling\nxmlXIncludeCopyRange\nxmlXIncludeCopyXPointer\n```\n",
 		"modified": "2023-05-19T14:06:37.864410Z",
 		"published": "2021-05-20T00:00:30.166614Z",
 		"references": [
@@ -175,7 +175,7 @@ And we get a response:
 		
 ### Step 5: Consider the response
 Finally, we consider the response and draw conclusions. 
-	
+
 To be sure we have caught any potential vulnerabilities, we could make further queries for other versions with similar scores. It is our opinion that this is generally unnecessary, but it could be done. 
 
 In this case, even if the actual version is not `2.11.3`, we can be fairly confident that the vulnerability that we found ([OSV-2021-777](https://osv.dev/vulnerability/OSV-2021-777)) is in our local copy of libxml2. This is because there is overlap between the other likely versions of libxml2 and the versions vulnerable to OSV-2021-777.

diff --git a/gcp/appengine/frontend3/package.json b/gcp/appengine/frontend3/package.json
@@ -33,7 +33,7 @@
     "sass-loader": "12.6.0",
     "style-loader": "3.3.3",
     "webpack": "5.87.0",
-    "webpack-cli": "^4.10.0",
+    "webpack-cli": "4.10.0",
     "webpack-dev-server": "4.15.1"
   }
-}
+}