fix: remediate high-severity CVEs in Docker images (#204)

fix: remediate high-severity CVEs in Docker images
2026-04-14 23:57:40 +00:00
parent 633a3a0f33 0ab8dae669
commit f9063ead97
1 changed files with 4 additions and 1 deletions
@@ -1,6 +1,6 @@
 # Stage 1: Build
 FROM node:20-alpine AS build
-
+RUN apk update && apk upgrade --no-cache
 WORKDIR /app

 COPY package.json package-lock.json ./
@@ -11,6 +11,9 @@ RUN npm run build

 # Stage 2: Production — uses nginxinc/nginx-unprivileged which runs as non-root (UID 101)
 FROM nginxinc/nginx-unprivileged:stable-alpine AS prod
+USER root
+RUN apk update && apk upgrade --no-cache
+USER 101

 COPY --from=build /app/dist /usr/share/nginx/html
 COPY nginx.conf /etc/nginx/conf.d/default.conf