teleport/17.0.5 package update and cve remediation

[octo-sts]

teleport/17.0.4-r0: fix GHSA-v778-237x-gjrc

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/teleport.advisories.yaml

[octo-sts]

Gen AI suggestions to solve the build error:

• Detected Error: ```
RangeError: Internal error. Icu error.
at String.localeCompare ()
at sortTranspositions (/usr/lib/node_modules/pnpm/dist/pnpm.cjs:62969:33)

• Error Category: Dependency/Configuration

• Failure Point: pnpm command execution during `make ensure-js-deps`

• Root Cause Analysis: The error occurs due to an ICU (International Components for Unicode) library version mismatch between Node.js v23.4.0 and the system's ICU libraries. The `localeCompare()` function is failing due to incompatible ICU versions.

• Suggested Fix:
1. Add `icu=75.1-r3` as an explicit dependency in the environment packages section
2. Alternatively, downgrade Node.js to a version that matches the system ICU version:
```yaml
environment:
  contents:
    packages:
      - nodejs-20      # Instead of nodejs-23
      # ... other packages

• Explanation: Node.js 23.x uses a newer ICU version than what's available in the system. By either explicitly including the matching ICU package or using Node.js 20.x (which uses a compatible ICU version), we ensure proper internationalization support for JavaScript operations.

• Additional Notes:

• This is a known issue when Node.js and system ICU versions don't align
• Node.js 20.x is the current LTS version and generally more stable for builds
• The error occurs in the npm package license validation code path

• References:

• Node.js ICU requirements: https://github.com/nodejs/node/blob/main/doc/api/intl.md
• Similar issue: src: fix array overrun in node::url::SetArgs() nodejs/node#46541

[octo-sts]

Gen AI suggestions to solve the build error:

Based on the error output, I'll analyze and provide specific fixes:

• Detected Error:

[wasm-validator error in function fastpathprocessor_process\20externref\20shim] unexpected false: table.fill requires bulk-memory [--enable-bulk-memory]

• Error Category: Build Configuration

• Failure Point: WASM compilation and optimization step during the web assets build

• Root Cause Analysis:
The wasm-opt tool is failing because bulk memory operations are required but not enabled. This is a feature flag issue with the WASM compilation toolchain.

• Suggested Fix:

1. Add the following to the Cargo.toml in the ironrdp directory:

[package.metadata.wasm-pack.profile.release]
wasm-opt = ["-O", "--enable-bulk-memory"]

2. Or alternatively, disable wasm-opt completely by adding:

[package.metadata]
wasm-opt = false

3. If the above doesn't work, modify the pipeline section to add environment variables:

  - runs: |
      export RUSTFLAGS="-C target-feature=+bulk-memory"
      RUST_MIN_STACK=16777216 wasm-pack build ./src/ironrdp --target web

• Explanation:
The error occurs because the WASM code uses table.fill operations which require bulk memory support. The fix either enables bulk memory operations during optimization or skips the optimization step entirely. This is a common issue when building WASM modules that use modern WASM features.

• Additional Notes:

• The bulk memory feature is part of the WASM specification but needs to be explicitly enabled
• Disabling wasm-opt will result in larger WASM files but may be necessary if optimization issues persist
• This issue is specific to the WASM build pipeline and won't affect other parts of the application

• References:

• wasm-pack Configuration Documentation
• WebAssembly Bulk Memory Operations Proposal
• Similar Issue in wasm-bindgen

[Dentrax]

Same build error as here: #36438 (comment)

Let's close this one.