patch docker scount CVE in old express-ws pkg (#1907)

* patch CVE in old express-ws pkg * patch workflow * remove dev-image
Mintplex-Labs · Jul 20, 2024 · b5a2437 · b5a2437
1 parent 6f1d151
commit b5a2437
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 17 deletions.
diff --git a/server/index.js b/server/index.js
@@ -41,7 +41,7 @@ app.use(
 if (!!process.env.ENABLE_HTTPS) {
   bootSSL(app, process.env.SERVER_PORT || 3001);
 } else {
-  require("express-ws")(app); // load WebSockets in non-SSL mode.
+  require("@mintplex-labs/express-ws").default(app); // load WebSockets in non-SSL mode.
 }
 
 app.use("/api", apiRouter);

diff --git a/server/package.json b/server/package.json
@@ -33,6 +33,7 @@
     "@langchain/openai": "0.0.28",
     "@langchain/textsplitters": "0.0.0",
     "@mintplex-labs/bree": "^9.2.5",
+    "@mintplex-labs/express-ws": "^5.0.7",
     "@pinecone-database/pinecone": "^2.0.1",
     "@prisma/client": "5.3.1",
     "@qdrant/js-client-rest": "^1.9.0",
@@ -49,7 +50,6 @@
     "dotenv": "^16.0.3",
     "elevenlabs": "^0.5.0",
     "express": "^4.18.2",
-    "express-ws": "^5.0.2",
     "extract-json-from-string": "^1.0.1",
     "extract-zip": "^2.0.1",
     "graphql": "^16.7.1",
@@ -101,4 +101,4 @@
     "nodemon": "^2.0.22",
     "prettier": "^3.0.3"
   }
-}
+}
diff --git a/server/utils/agents/aibitat/example/websocket/websock-branding-collab.js b/server/utils/agents/aibitat/example/websocket/websock-branding-collab.js
@@ -13,7 +13,7 @@ const {
 const path = require("path");
 const port = 3000;
 const app = express();
-require("express-ws")(app);
+require("@mintplex-labs/express-ws").default(app); // load WebSockets in non-SSL mode.
 require("dotenv").config({ path: `../../../../../.env.development` });
 
 // Debugging echo function if this is working for you.

diff --git a/server/utils/agents/aibitat/example/websocket/websock-multi-turn-chat.js b/server/utils/agents/aibitat/example/websocket/websock-multi-turn-chat.js
@@ -13,7 +13,7 @@ const {
 const path = require("path");
 const port = 3000;
 const app = express();
-require("express-ws")(app);
+require("@mintplex-labs/express-ws").default(app); // load WebSockets in non-SSL mode.
 require("dotenv").config({ path: `../../../../../.env.development` });
 
 // Debugging echo function if this is working for you.

diff --git a/server/utils/boot/index.js b/server/utils/boot/index.js
@@ -4,6 +4,15 @@ const { EncryptionManager } = require("../EncryptionManager");
 const { CommunicationKey } = require("../comKey");
 const setupTelemetry = require("../telemetry");
 
+// Testing SSL? You can make a self signed certificate and point the ENVs to that location
+// make a directory in server called 'sslcert' - cd into it
+// - openssl genrsa -aes256 -passout pass:gsahdg -out server.pass.key 4096
+// - openssl rsa -passin pass:gsahdg -in server.pass.key -out server.key
+// - rm server.pass.key
+// - openssl req -new -key server.key -out server.csr
+// Update .env keys with the correct values and boot. These are temporary and not real SSL certs - only use for local.
+// Test with https://localhost:3001/api/ping
+// build and copy frontend to server/public with correct API_BASE and start server in prod model and all should be ok
 function bootSSL(app, port = 3001) {
   try {
     console.log(
@@ -26,7 +35,7 @@ function bootSSL(app, port = 3001) {
       })
       .on("error", catchSigTerms);
 
-    require("express-ws")(app, server); // Apply same certificate + server for WSS connections
+    require("@mintplex-labs/express-ws").default(app, server);
     return { app, server };
   } catch (e) {
     console.error(

diff --git a/server/yarn.lock b/server/yarn.lock
@@ -704,6 +704,13 @@
     p-wait-for "3"
     safe-timers "^1.1.0"
 
+"@mintplex-labs/express-ws@^5.0.7":
+  version "5.0.7"
+  resolved "https://registry.yarnpkg.com/@mintplex-labs/express-ws/-/express-ws-5.0.7.tgz#ef22a849e2c21a8ab93bd68adbe52e278db4d858"
+  integrity sha512-cwAvW1aB+/nu8QvkCDnLzav9UOAAlRz042PYHh/bS7z4xpucKP2c002+ZbrW6+flA8qIwoBn3FrSjLCHj7Pi2w==
+  dependencies:
+    ws "^7.5.10"
+
 "@nodelib/[email protected]":
   version "2.1.5"
   resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5"
@@ -2895,13 +2902,6 @@ expr-eval@^2.0.2:
   resolved "https://registry.yarnpkg.com/expr-eval/-/expr-eval-2.0.2.tgz#fa6f044a7b0c93fde830954eb9c5b0f7fbc7e201"
   integrity sha512-4EMSHGOPSwAfBiibw3ndnP0AvjDWLsMvGOvWEZ2F96IGk0bIVdjQisOHxReSkE13mHcfbuCiXw+G4y0zv6N8Eg==
 
-express-ws@^5.0.2:
-  version "5.0.2"
-  resolved "https://registry.yarnpkg.com/express-ws/-/express-ws-5.0.2.tgz#5b02d41b937d05199c6c266d7cc931c823bda8eb"
-  integrity sha512-0uvmuk61O9HXgLhGl3QhNSEtRsQevtmbL94/eILaliEADZBHZOQUAiHFrGPrgsjikohyrmSG5g+sCfASTt0lkQ==
-  dependencies:
-    ws "^7.4.6"
-
 express@^4.18.2:
   version "4.19.2"
   resolved "https://registry.yarnpkg.com/express/-/express-4.19.2.tgz#e25437827a3aa7f2a827bc8171bbbb664a356465"
@@ -6823,10 +6823,10 @@ wrappy@1:
   resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"
   integrity sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==
 
-ws@^7.4.6:
-  version "7.5.9"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.9.tgz#54fa7db29f4c7cec68b1ddd3a89de099942bb591"
-  integrity sha512-F+P9Jil7UiSKSkppIiD94dN07AwvFixvLIj1Og1Rl9GGMuNipJnV9JzjD6XuqmAeiswGvUmNLjr5cFuXwNS77Q==
+ws@^7.5.10:
+  version "7.5.10"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.10.tgz#58b5c20dc281633f6c19113f39b349bd8bd558d9"
+  integrity sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==
 
 xtend@^4.0.0:
   version "4.0.2"