fix: fix security vulnerabilities; remove npm (#906)

## What

## Why

## Notes

Author: alinashklyar

Dockerfile

@@ -7,14 +7,18 @@ RUN apk --update add --no-cache \
     git \
     jq
 RUN npm upgrade -g npm
-COPY --from=mikefarah/yq:4.50.1 /usr/bin/yq /usr/local/bin/yq
-ADD --chmod=775 https://dl.k8s.io/release/v1.35.0/bin/${TARGETPLATFORM}/kubectl /usr/local/bin/kubectl
+COPY --from=mikefarah/yq:4.52.4 /usr/bin/yq /usr/local/bin/yq
+ADD --chmod=775 https://dl.k8s.io/release/v1.35.1/bin/${TARGETPLATFORM}/kubectl /usr/local/bin/kubectl
 WORKDIR /cf-cli
 COPY package.json yarn.lock check-version.js run-check-version.js /cf-cli/
 RUN yarn install --prod --frozen-lockfile && \
     yarn cache clean
 COPY . /cf-cli
 RUN yarn generate-completion
+
+#purpose of security
+RUN npm -g uninstall npm
+
 RUN ln -s $(pwd)/lib/interface/cli/codefresh /usr/local/bin/codefresh
 RUN codefresh components update --location components
 

Dockerfile-debian

@@ -11,14 +11,18 @@ RUN apt update \
     jq \
     && ln -s /bin/busybox /usr/bin/[[
 RUN npm upgrade -g npm
-COPY --from=mikefarah/yq:4.50.1 /usr/bin/yq /usr/local/bin/yq
-ADD --chmod=775 https://dl.k8s.io/release/v1.35.0/bin/${TARGETPLATFORM}/kubectl /usr/local/bin/kubectl
+COPY --from=mikefarah/yq:4.52.4 /usr/bin/yq /usr/local/bin/yq
+ADD --chmod=775 https://dl.k8s.io/release/v1.35.1/bin/${TARGETPLATFORM}/kubectl /usr/local/bin/kubectl
 WORKDIR /cf-cli
 COPY package.json yarn.lock check-version.js run-check-version.js /cf-cli/
 RUN yarn install --prod --frozen-lockfile && \
     yarn cache clean
 COPY . /cf-cli
 RUN yarn generate-completion
+
+#purpose of security
+RUN npm -g uninstall npm
+
 RUN ln -s $(pwd)/lib/interface/cli/codefresh /usr/local/bin/codefresh
 RUN codefresh components update --location components
 

Dockerfile-debian-rootless

@@ -10,14 +10,18 @@ RUN apt update \
     jq \
     && ln -s /bin/busybox /usr/bin/[[
 RUN npm upgrade -g npm
-COPY --from=mikefarah/yq:4.50.1 /usr/bin/yq /usr/local/bin/yq
-ADD --chmod=775 https://dl.k8s.io/release/v1.35.0/bin/${TARGETPLATFORM}/kubectl /usr/local/bin/kubectl
+COPY --from=mikefarah/yq:4.52.4 /usr/bin/yq /usr/local/bin/yq
+ADD --chmod=775 https://dl.k8s.io/release/v1.35.1/bin/${TARGETPLATFORM}/kubectl /usr/local/bin/kubectl
 WORKDIR /cf-cli
 COPY package.json yarn.lock check-version.js run-check-version.js /cf-cli/
 RUN yarn install --prod --frozen-lockfile && \
     yarn cache clean
 COPY . /cf-cli
 RUN yarn generate-completion
+
+#purpose of security
+RUN npm -g uninstall npm
+
 RUN ln -s $(pwd)/lib/interface/cli/codefresh /usr/local/bin/codefresh
 RUN codefresh components update --location components
 # we keep /root as home directory because cli by default looks for $HOME/.cfconfig

Dockerfile-rootless

@@ -6,15 +6,18 @@ RUN apk --update add --no-cache \
     curl \
     git \
     jq
-RUN npm upgrade -g npm
-COPY --from=mikefarah/yq:4.50.1 /usr/bin/yq /usr/local/bin/yq
-ADD --chmod=775 https://dl.k8s.io/release/v1.35.0/bin/${TARGETPLATFORM}/kubectl /usr/local/bin/kubectl
+COPY --from=mikefarah/yq:4.52.4 /usr/bin/yq /usr/local/bin/yq
+ADD --chmod=775 https://dl.k8s.io/release/v1.35.1/bin/${TARGETPLATFORM}/kubectl /usr/local/bin/kubectl
 WORKDIR /cf-cli
 COPY package.json yarn.lock check-version.js run-check-version.js /cf-cli/
 RUN yarn install --prod --frozen-lockfile && \
     yarn cache clean
 COPY . /cf-cli
 RUN yarn generate-completion
+
+#purpose of security
+RUN npm -g uninstall npm
+
 RUN ln -s $(pwd)/lib/interface/cli/codefresh /usr/local/bin/codefresh
 RUN codefresh components update --location components
 # we keep /root as home directory because cli by default looks for $HOME/.cfconfig

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codefresh",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "description": "Codefresh command line utility",
   "main": "index.js",
   "preferGlobal": true,
@@ -45,12 +45,12 @@
     "tough-cookie": "^4.1.3",
     "openid-client": "^4.9.0",
     "**/request/form-data": "^2.5.5",
-    "**/request/qs": "6.14.1"
+    "**/request/qs": "6.14.2"
   },
   "dependencies": {
     "@codefresh-io/docker-reference": "^0.0.5",
     "adm-zip": "^0.5.5",
-    "ajv": "^6.12.6",
+    "ajv": "^6.14.0",
     "bluebird": "^3.5.1",
     "cf-errors": "^0.1.16",
     "chalk": "^4.1.0",