dockerized (postgres + nginx + golang + react)

Last update: Jan 7, 2023

Comments: 16

PNGR Stack

Dockerized (postgres + nginx + golang + react) starter kit

Only implements basic user signup, session management, and a toy post type to demonstrate basic CRUD. PNGR is not a CMS.

Features

Hot-reload, front and back, including a test-runner for golang changes
JSON Web-Token cookies with automatic refresh: ready for horizontal scaling
Uses multi-stage builds for small production images
Feature development is up to you!

Requirements

Install docker && docker-compose

Quick Start

docker-compose up
Visit https://localhost (note https)
Approve the self-signed cert
Make changes to either golang or react code, and enjoy hot-reload goodness!

Preview of the app:

Rebuilding your dev environment

Maybe your postgres went sideways from a wonky migration and you don't want to muck with fixing it.

docker-compose down -v && docker-compose up --build --force-recreate

Deploying to Production

Warning: Run in production at your own risk - this code is not security hardened!

You should install postgresql on the host. Then you can use docker-compose.prod.yml to build lean images to use in production. Don't forget to copy .env.example -> .env and setup your secrets/passwords.

Postgres

Some tips for working with your postgres docker instance

Creating and running migrations

Migrations are run using go-migrate.

I put together little bash scripts to help you get stuff done.

postgres/new-migration.sh my_migration_name will create a template for the next migration
postgres/run-migrations.sh will execute any new migrations (this is used when the container is created)
postgres/migrate.sh makes it easy to run arbitrary go-migrate commands (e.g. postgres/migrate.sh down 1)

You can do more advanced migrate commands

Opening a psql client

docker-compose exec postgres psql -U postgres Remember to use \q to exit.

Nginx

Nginx is simply used to route requests to the front-end and back-end based on path. It also terminates SSL so that we don't have to deal with certs in our app layer.

Golang

Almost-vanilla golang api:

Makes use of go modules for dependencies
jwt-go for JSON Web Tokens
sqlx for better postgres interface

React

The basic building blocks of the front-end are:

Create React App (unejected!)
React Router
Unstated for state management
Semantic UI React for component library

Owner

Karl Keefer

Full Stack Software Engineer

https://github.com/karlkeefer/pngr

Comments

Docker virtual network
Make the production independent of host system

Removed host network from docker-compose.prod.yaml

Removed exposed ports

Added container references in nginx.prod.conf
Using Docker cache mechanism in Dockerfile
If you change your source code without changing the dependencies, Docker will use it's caching mechanism. Will result in faster build time.

... Step 6/13 : COPY ./package.json ./package.json ---> Using cache ---> 4fcc47d4c72d Step 7/13 : RUN npm install ---> Using cache ---> c0671131e8ed ...
GitHub Actions for CI

I'd like the ability to clone this repo, start hacking, push code to my repository and have a GitHub Actions pipeline run. The pipeline could be really simple, like just running my backend tests.

Being able to edit an existing GitHub Actions config file is way easier than trying to set everything up from scratch.
reduce image size

Hello just a minor optimization, as the Docker Document says, when you clean up the apt cache by removing /var/lib/apt/lists it reduces the image size, since the apt cache is not stored in a layer.

so I add this line into the Dockerfile to reduce the image size

could it really reduce the image size?

my company network environment is not good. When I get off work, I will prove it, wait a minute!
faster react container startup

npm install makes it take forever for the react dev server to start.

Had to do it this way to avoid requiring container rebuild anytime you added a package... not sure if there's a better way.

Related issue: Probably should have helpers or documentation for running NPM commands in the container(!) for folks that don't have local npm setup and configured
Bump loader-utils and react-scripts in /react
Bumps loader-utils to 2.0.3 and updates ancestor dependency react-scripts. These dependencies need to be updated together.

Updates loader-utils from 2.0.2 to 2.0.3

Release notes

Sourced from loader-utils's releases.

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

security: prototype pollution exploit (#217) (a93cf6f)

Changelog

Sourced from loader-utils's changelog.

2.0.3 (2022-10-20)

Bug Fixes

security: prototype pollution exploit (#217) (a93cf6f)

Commits

7162619 chore(release): 2.0.3

a93cf6f fix(security): prototype polution exploit (#217)

90c7c4b chore(release): 2.0.2

8c2d24e fix: base64 generation and unicode characters (#197)

See full diff in compare view

Updates react-scripts from 4.0.3 to 5.0.1

Commits

19fa58d Publish

9802941 fix: webpack noise printed only if error or warning (#12245)

2eef1d0 Update templates to use React 18 createRoot (#12220)

221e511 Publish

5614c87 Add support for Tailwind (#11717)

20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)

3afbbc0 Update all dependencies (#11624)

f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)

c7627ce Update webpack and dev server (#11646)

544befe Update package.json (#11597)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.
Bump ansi-regex and ansi-regex in /react
Bumps ansi-regex and ansi-regex. These dependencies needed to be updated together. Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @yetingli for the patch and reproduction case!

Commits

a9babce 5.0.1

4657833 fix incorrect format

c3c0b3f Fix potential ReDoS (#37)

178363b Move to GitHub Actions (#35)

0755e66 Add @Qix- to funding.yml

See full diff in compare view

Updates ansi-regex from 4.1.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @yetingli for the patch and reproduction case!

Commits

a9babce 5.0.1

4657833 fix incorrect format

c3c0b3f Fix potential ReDoS (#37)

178363b Move to GitHub Actions (#35)

0755e66 Add @Qix- to funding.yml

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.
Bump terser from 4.8.0 to 4.8.1 in /react
Bumps terser from 4.8.0 to 4.8.1.

Changelog

Sourced from terser's changelog.

v4.8.1 (backport)

Security fix for RegExps that should not be evaluated (regexp DDOS)

Commits

40674a4 update changelog, version

d8cc569 backport fix to potential regexp DDOS

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.
Bump minimist from 1.2.5 to 1.2.6 in /react
Bumps minimist from 1.2.5 to 1.2.6.

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.
Bump eventsource from 1.1.0 to 1.1.2 in /react
Bumps eventsource from 1.1.0 to 1.1.2.

Changelog

Sourced from eventsource's changelog.

1.1.2

Inline origin resolution, drops original dependency (#281 Espen Hovlandsdal)

1.1.1

Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal)

Commits

0a8b85b 1.1.2

f99ae66 docs: update history for 1.1.2

06c9721 chore: rebuild polyfill

9494642 fix: inline origin resolution, drop original dependency (#281)

aa7a408 1.1.1

56d489e chore: rebuild polyfill

4a951e5 docs: update history for 1.1.1

f9f6416 fix: strip sensitive headers on redirect to different origin

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.
Bump async from 2.6.3 to 2.6.4 in /react
Bumps async from 2.6.3 to 2.6.4.

Changelog

Sourced from async's changelog.

v2.6.4

Fix potential prototype pollution exploit (#1828)

Commits

c6bdaca Version 2.6.4

8870da9 Update built files

4df6754 update changelog

8f7f903 Fix prototype pollution vulnerability (#1828)

See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.
Bump decode-uri-component from 0.2.0 to 0.2.2 in /react
Bumps decode-uri-component from 0.2.0 to 0.2.2.

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

Commits

a0eea46 0.2.2

980e0bf Prevent overwriting previously decoded tokens

3c8a373 0.2.1

76abc93 Switch to GitHub workflows

746ca5d Fix issue where decode throws - fixes #6

486d7e2 Update license (#1)

a650457 Tidelift tasks

66e1c28 Meta tweaks

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.
bump loader-utils and react-scripts in /react
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.
Bump ansi-html and react-scripts in /react
Removes ansi-html. It's no longer used after updating ancestor dependency react-scripts. These dependencies need to be updated together.

Removes ansi-html

Updates react-scripts from 4.0.3 to 5.0.1

Commits

19fa58d Publish

9802941 fix: webpack noise printed only if error or warning (#12245)

2eef1d0 Update templates to use React 18 createRoot (#12220)

221e511 Publish

5614c87 Add support for Tailwind (#11717)

20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)

3afbbc0 Update all dependencies (#11624)

f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)

c7627ce Update webpack and dev server (#11646)

544befe Update package.json (#11597)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.
Bump shell-quote and react-scripts in /react
Bumps shell-quote to 1.7.3 and updates ancestor dependency react-scripts. These dependencies need to be updated together.

Updates shell-quote from 1.7.2 to 1.7.3

Commits

See full diff in compare view

Updates react-scripts from 4.0.3 to 5.0.1

Commits

19fa58d Publish

9802941 fix: webpack noise printed only if error or warning (#12245)

2eef1d0 Update templates to use React 18 createRoot (#12220)

221e511 Publish

5614c87 Add support for Tailwind (#11717)

20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)

3afbbc0 Update all dependencies (#11624)

f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)

c7627ce Update webpack and dev server (#11646)

544befe Update package.json (#11597)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.
Bump ejs and react-scripts in /react
Bumps ejs to 3.1.8 and updates ancestor dependency react-scripts. These dependencies need to be updated together.

Updates ejs from 2.7.4 to 3.1.8

Release notes

Sourced from ejs's releases.

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Changelog

Sourced from ejs's changelog.

v3.0.1: 2019-11-23

Removed require.extensions (@mde)

Removed legacy preprocessor include (@mde)

Removed support for EOL Nodes 4 and 6 (@mde)

Commits

5126ff5 Version 3.1.8

7d5a1c6 Merge branch 'main' of github.com:mde/ejs into main

551949d Minor mitigation

66f7471 Merge pull request #664 from netcode/patch-1

820855a Version 3.1.7

076dcb6 Don't use template literal

faf8b84 Skip test -- error message vary depending on JS runtime

c028c34 Update packages

839ad20 Update SECURITY.md

c040180 Update README.md

Additional commits viewable in compare view

Updates react-scripts from 4.0.3 to 5.0.1

Commits

19fa58d Publish

9802941 fix: webpack noise printed only if error or warning (#12245)

2eef1d0 Update templates to use React 18 createRoot (#12220)

221e511 Publish

5614c87 Add support for Tailwind (#11717)

20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)

3afbbc0 Update all dependencies (#11624)

f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)

c7627ce Update webpack and dev server (#11646)

544befe Update package.json (#11597)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dockerized (postgres + nginx + golang + react)

PNGR Stack

Features

Requirements

Quick Start

Rebuilding your dev environment

Deploying to Production

Postgres

Creating and running migrations

Opening a psql client

Nginx

Golang

React

Owner

Karl Keefer

Comments

Docker virtual network

Using Docker cache mechanism in Dockerfile

GitHub Actions for CI

reduce image size

faster react container startup

Bump loader-utils and react-scripts in /react

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

2.0.3 (2022-10-20)

Bug Fixes

Bump ansi-regex and ansi-regex in /react

v5.0.1

Fixes (backport of 6.0.1 to v5)

v5.0.1

Fixes (backport of 6.0.1 to v5)

Bump terser from 4.8.0 to 4.8.1 in /react

v4.8.1 (backport)

Bump minimist from 1.2.5 to 1.2.6 in /react

Bump eventsource from 1.1.0 to 1.1.2 in /react

1.1.2

1.1.1

Bump async from 2.6.3 to 2.6.4 in /react

v2.6.4

Bump decode-uri-component from 0.2.0 to 0.2.2 in /react

v0.2.2

v0.2.1

bump loader-utils and react-scripts in /react

Bump ansi-html and react-scripts in /react

Bump shell-quote and react-scripts in /react

Bump ejs and react-scripts in /react

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.0.2

v3.0.1: 2019-11-23

Related tags

React + Golang boilerplate

A reproducible example for an issue I'm encoutering when deploying my gunicorn app to nginx

Boilerplate for building a monolighic Go and React application

Onboarding exercise to create todo list using golang and postgres

Web app built with Go/Golang and Buffalo, deployed on Heroku, using Heroku Postgres

Golang CS:GO external base. Development currently halted due to compiler/runtime Golang bugs.

Belajar Golang Install Golang

Golang-module-references - A reference for how to setup a Golang project with modules - Task Management + Math Examples

Golang-echo-sample - Make an out-of-the-box backend based on golang-echo

Minimalistic, pluggable Golang evloop/timer handler with dependency-injection

GoLang Library for Browser Capabilities Project

Golang counters for readers/writers

Golang beautify data display for Humans

a generic object pool for golang

Resiliency patterns for golang

psutil for golang

Type-safe Prometheus metrics builder library for golang

Simple licensing library for golang.

Some utilities for Persian language in Go (Golang)

Fixes (backport of `6.0.1` to v5)

Fixes (backport of `6.0.1` to v5)