dep updates

Signed-off-by: Zoey <zoey@z0ey.de>

Caddy.Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.20.1
+FROM alpine:3.20.2
 RUN apk add --no-cache ca-certificates tzdata
 COPY --from=caddy:2.8.4 /usr/bin/caddy /usr/bin/caddy
 COPY Caddyfile /etc/caddy/Caddyfile

Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:labs
-FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS frontend
+FROM --platform="$BUILDPLATFORM" alpine:3.20.2 AS frontend
 COPY frontend                        /app
 COPY global/certbot-dns-plugins.json /app/certbot-dns-plugins.json
 ARG NODE_ENV=production \
@@ -18,7 +18,7 @@ COPY darkmode.css /app/dist/css/darkmode.css
 COPY security.txt /app/dist/.well-known/security.txt
 
 
-FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS build-backend
+FROM --platform="$BUILDPLATFORM" alpine:3.20.2 AS build-backend
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 COPY backend                         /app
 COPY global/certbot-dns-plugins.json /app/certbot-dns-plugins.json
@@ -37,7 +37,7 @@ RUN apk upgrade --no-cache -a && \
     fi && \
     yarn cache clean --all && \
     clean-modules --yes
-FROM alpine:3.20.1 AS strip-backend
+FROM alpine:3.20.2 AS strip-backend
 COPY --from=build-backend /app /app
 RUN apk upgrade --no-cache -a && \
     apk add --no-cache ca-certificates binutils file && \
@@ -45,7 +45,7 @@ RUN apk upgrade --no-cache -a && \
     find /app/node_modules -name "*.node" -type f -exec file {} \;
 
 
-FROM --platform="$BUILDPLATFORM" alpine:3.20.1 AS crowdsec
+FROM --platform="$BUILDPLATFORM" alpine:3.20.2 AS crowdsec
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 ARG CSNB_VER=v1.0.8
 WORKDIR /src
@@ -67,13 +67,13 @@ RUN apk upgrade --no-cache -a && \
     sed -i "s|BOUNCING_ON_TYPE=all|BOUNCING_ON_TYPE=ban|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf
 
 
-FROM zoeyvid/nginx-quic:297-python
+FROM zoeyvid/nginx-quic:299-python
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 COPY rootfs /
-COPY --from=zoeyvid/certbot-docker:43 /usr/local          /usr/local
+COPY --from=zoeyvid/certbot-docker:44 /usr/local          /usr/local
-COPY --from=zoeyvid/curl-quic:399     /usr/local/bin/curl /usr/local/bin/curl
+COPY --from=zoeyvid/curl-quic:404     /usr/local/bin/curl /usr/local/bin/curl
 
-ARG CRS_VER=v4.4.0
+ARG CRS_VER=v4.5.0
 RUN apk upgrade --no-cache -a && \
     apk add --no-cache ca-certificates tzdata tini \
     nodejs \

README.md

@@ -15,7 +15,7 @@ running at home or otherwise, including free TLS, without having to know too muc
 **Note: NO armv7, route53 and aws cloudfront ip ranges support.** <br>
 **Note: add `net.ipv4.ip_unprivileged_port_start=0` at the end of `/etc/sysctl.conf` to support PUID/PGID in network mode host.** <br>
 **Note: If you don't use network mode host, which I don't recommend, don't forget to expose port 443 on tcp AND udp (http3/quic needs udp).** <br>
-**Note: If you don't use network mode host, which I don't recommend, don't forget to enable IPv6 in Docker, see [here](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md), you only need to edit the daemon.json and restart docker, if you use the bridge network, otherwise please enable IPv6 in your custom docker network!** <br>
+**Note: If you don't use network mode host, which I don't recommend, don't forget to enable IPv6 in Docker, see [here](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md), you only need to follow step one and two before deploying NPMplus!** <br>
 **Note: Don't forget to open Port 80 (tcp) and 443 (tcp AND udp, http3/quic needs udp) in your firewall (because of network mode host, you also need to open this ports in ufw, if you use ufw).** <br>
 **Note: ModSecurity overblocking (403 Error)? Please see `/opt/npm/etc/modsecurity`, if you also use CRS please see [here](https://coreruleset.org/docs/concepts/false_positives_tuning).** <br>
 **Note: Other Databases like MariaDB may work, but are unsupported.** <br>
@@ -94,11 +94,11 @@ so that the barrier for entry here is low.
 - if you use custom certificates, you need to upload the CA/Intermediate Certificate (file name: `chain.pem`) in the `/opt/npm/tls/custom/npm-[certificate-id]` folder
 - some buttons have changed, check if they are still correct
 - please delete all dnspod certs and recreate them OR you manually change the credentialsfile (see [here](https://github.com/ZoeyVid/npmplus/blob/develop/global/certbot-dns-plugins.js) for the template)
-- since this fork has dependency on `network_mode: host`, please don't forget to open port 80 and 443 (and maybe 81) in your firewall
+- since this fork has dependency on `network_mode: host`, please don't forget to open port 80/tcp, 443/tcp and 443/udp (and maybe 81/tcp) in your firewall
 - if you have a healthcheck defined in your compose yaml file, remove it - this fork defines its own healthcheck in the Dockerfile, so you don't need to have it in compose anymore
 
 # Crowdsec
-1. Install crowdsec using this compose file: https://github.com/ZoeyVid/NPMplus/blob/develop/compose.crowdsec.yaml
+1. Install crowdsec using this compose file: https://github.com/ZoeyVid/NPMplus/blob/develop/compose.crowdsec.yaml and enable LOGROTATE
 2. open `/opt/crowdsec/conf/acquis.d/npmplus.yaml` and fill it with:
 ```yaml
 filenames:
@@ -119,7 +119,7 @@ labels:
   type: modsecurity
 ---
 listen_addr: 0.0.0.0:7422
-appsec_config: crowdsecurity/virtual-patching
+appsec_config: crowdsecurity/appsec-default
 name: appsec
 source: appsec
 labels:

backend/package.json

@@ -4,8 +4,8 @@
   "description": "A beautiful interface for creating Nginx endpoints",
   "main": "index.js",
   "dependencies": {
-    "@apidevtools/json-schema-ref-parser": "11.6.4",
+    "@apidevtools/json-schema-ref-parser": "11.7.0",
-    "ajv": "8.16.0",
+    "ajv": "8.17.1",
     "archiver": "7.0.1",
     "batchflow": "0.4.0",
     "bcrypt": "5.1.1",
@@ -13,11 +13,11 @@
     "body-parser": "1.20.2",
     "compression": "1.7.4",
     "express": "4.19.2",
-    "express-fileupload": "1.5.0",
+    "express-fileupload": "1.5.1",
     "gravatar": "1.8.2",
     "jsonwebtoken": "9.0.2",
     "knex": "3.1.0",
-    "liquidjs": "10.15.0",
+    "liquidjs": "10.16.1",
     "lodash": "4.17.21",
     "moment": "2.30.1",
     "mysql": "2.18.1",
@@ -29,11 +29,11 @@
   "author": "Jamie Curnow <jc@jc21.com> and ZoeyVid <zoeyvid@zvcdn.de>",
   "license": "MIT",
   "devDependencies": {
-    "@eslint/js": "9.6.0",
+    "@eslint/js": "9.8.0",
-    "eslint": "9.6.0",
+    "eslint": "9.8.0",
     "eslint-config-prettier": "9.1.0",
-    "eslint-plugin-prettier": "5.1.3",
+    "eslint-plugin-prettier": "5.2.1",
-    "globals": "15.8.0",
+    "globals": "15.9.0",
-    "prettier": "3.3.2"
+    "prettier": "3.3.3"
   }
 }

frontend/package.json

@@ -4,7 +4,7 @@
   "description": "A beautiful interface for creating Nginx endpoints",
   "main": "js/index.js",
   "dependencies": {
-    "@babel/core": "7.24.7",
+    "@babel/core": "7.25.2",
     "babel-core": "6.26.3",
     "babel-loader": "8.3.0",
     "babel-preset-env": "1.7.0",
@@ -33,7 +33,7 @@
     "sass-loader": "10.5.2",
     "style-loader": "4.0.0",
     "tabler-ui": "git+https://github.com/tabler/tabler.git#00f78ad823311bc3ad974ac3e5b0126198f0a813",
-    "underscore": "1.13.6",
+    "underscore": "1.13.7",
     "webpack": "4.47.0",
     "webpack-cli": "4.10.0",
     "webpack-visualizer-plugin": "0.1.11"