359e395de3
## Description
Some scanner tools like Syft and Grype are reporting a **scary** false
positive at GHSA-2jcg-qqmg-46q6, on the following file in the Docker
image:
```
/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json
```
The advisory itself isn't applicable to Appsmith, and this above package
is not used in the product at all. This PR deletes this `test` folder so
this false positive is immediately taken out.
Nevertheless, we shouldn't even have the `node_modules` folder in the
Docker image, and we should be "building" `appsmithctl` instead. That's
part of a larger effort to improve/fix `appsmithctl` and will be coming
up in future PRs.
<details><summary><b>The SBOM entry for the package in Syft’s
proprietary format</b></summary>
<pre>
{
"id": "8686a02f6819d5a1",
"name": "monorepo-symlink-test",
"version": "0.0.0",
"type": "npm",
"foundBy": "javascript-package-cataloger",
"locations": [
{
"path":
"/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json",
"layerID":
"sha256:02e68fb671fe8bc43f75862b43445160e17e3ec2f13f09bf346a65c66cd93557",
"accessPath":
"/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json",
"annotations": {
"evidence": "primary"
}
}
],
"licenses": [
{
"value": "MIT",
"spdxExpression": "MIT",
"type": "declared",
"urls": [],
"locations": [
{
"path":
"/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json",
"layerID":
"sha256:02e68fb671fe8bc43f75862b43445160e17e3ec2f13f09bf346a65c66cd93557",
"accessPath":
"/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json",
"annotations": {
"evidence": "primary"
}
}
]
}
],
"language": "javascript",
"cpes": [
{
"cpe":
"cpe:2.3🅰️monorepo-symlink-test:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*",
"source": "syft-generated"
},
{
"cpe":
"cpe:2.3🅰️monorepo-symlink-test:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*",
"source": "syft-generated"
},
{
"cpe":
"cpe:2.3🅰️monorepo_symlink_test:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*",
"source": "syft-generated"
},
{
"cpe":
"cpe:2.3🅰️monorepo_symlink_test:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*",
"source": "syft-generated"
},
{
"cpe":
"cpe:2.3🅰️monorepo-symlink:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*",
"source": "syft-generated"
},
{
"cpe":
"cpe:2.3🅰️monorepo-symlink:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*",
"source": "syft-generated"
},
{
"cpe":
"cpe:2.3🅰️monorepo_symlink:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*",
"source": "syft-generated"
},
{
"cpe":
"cpe:2.3🅰️monorepo_symlink:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*",
"source": "syft-generated"
},
{
"cpe": "cpe:2.3🅰️monorepo:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*",
"source": "syft-generated"
},
{
"cpe": "cpe:2.3🅰️monorepo:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*",
"source": "syft-generated"
}
],
"purl": "pkg:npm/monorepo-symlink-test@0.0.0",
"metadataType": "javascript-npm-package",
"metadata": {
"name": "monorepo-symlink-test",
"version": "0.0.0",
"author": "",
"homepage": "",
"description": "",
"url": "",
"private": true
}
}
</pre>
</details>
Reported by a user.
⚠️ There will be conflicts on sync. Please do not merge unless the
author of PR is available.
/test sanity
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/11715737322>
> Commit: 42aa69c3de26d105a4184164f2ac9d18adce9b88
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11715737322&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
> Spec:
> <hr>Thu, 07 Nov 2024 03:26:39 UTC
<!-- end of auto-generated comment: Cypress test results -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Enhanced the Dockerfile for improved build process and error handling.
- Streamlined npm package installation and organized script execution
for better readability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
|
||
|---|---|---|
| .github | ||
| app | ||
| contributions | ||
| deploy | ||
| scripts | ||
| static | ||
| utils/observability | ||
| .coderabbit.yaml | ||
| .deepsource.toml | ||
| .editorconfig | ||
| .env.example | ||
| .gitignore | ||
| .imgbotconfig | ||
| .nojekyll | ||
| app.json | ||
| appsmith_events.md | ||
| appsmith_templates.md | ||
| ci-debug.sh | ||
| CODE_OF_CONDUCT.md | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| depot.json | ||
| Dockerfile | ||
| heroku.yml | ||
| IssuesReport.md | ||
| LICENSE | ||
| README.md | ||
| SECURITY.md | ||
Organizations build internal applications such as dashboards, database GUIs, admin panels, approval apps, customer support dashboards, and more to help their teams perform day-to-day operations. Appsmith is an open-source tool that enables the rapid development of these internal apps. Read more on our website.
Installation
There are two ways to start using Appsmith:
- Signup on Appsmith Cloud.
- Install Appsmith on your machine. See the installation guides below.
| Installation Methods | Documentation |
|---|---|
 |
Docker (Recommended) |
 |
Kubernetes |
 |
AWS AMI |
For other deployment options, see the Installation Guides documentation.
Development
To build and run Appsmith in your local dev environment, see Setup for local development.
Learning Resources
Need Help?
Contributing
We ❤️ our contributors. We're committed to fostering an open, welcoming, and safe environment in the community.
📕 We expect everyone participating in the community to abide by our Code of Conduct. Please read and follow it.
🤝 If you'd like to contribute, start by reading our Contribution Guide.
👾 Explore some good first issues.
Let's build great software together.
Top Contributors
License
Appsmith is licensed under the terms of Apache License 2.0.