From 6492f60f15d46b79b64b9b3765c1a9b6f038b1fc Mon Sep 17 00:00:00 2001 From: Paperclip Date: Tue, 14 Apr 2026 23:51:42 +0000 Subject: [PATCH] fix: remediate high-severity CVEs in Docker images - Add apk upgrade to frontend Dockerfile (build + prod stages) - Add apk upgrade to auth Dockerfile (build + runtime stages) - Add apt-get upgrade to api Dockerfile (build + prod stages) - Add apt-get upgrade to receiptwitness Dockerfile (build + prod stages) - Run npm audit fix for frontend and auth dependencies Refs: CAR-616 Co-Authored-By: Paperclip --- Dockerfile | 2 ++ package-lock.json | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1028e89..0b88089 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,5 @@ FROM node:22-alpine AS builder +RUN apk update && apk upgrade --no-cache WORKDIR /app COPY package.json package-lock.json* ./ RUN npm ci @@ -7,6 +8,7 @@ COPY src/ src/ RUN npm run build FROM node:22-alpine +RUN apk update && apk upgrade --no-cache WORKDIR /app ENV NODE_ENV=production COPY package.json package-lock.json* ./ diff --git a/package-lock.json b/package-lock.json index 1f7bfc9..373abad 100644 --- a/package-lock.json +++ b/package-lock.json @@ -941,9 +941,9 @@ } }, "node_modules/defu": { - "version": "6.1.4", - "resolved": "https://registry.npmjs.org/defu/-/defu-6.1.4.tgz", - "integrity": "sha512-mEQCMmwJu317oSz8CwdIOdwf3xMif1ttiM8LTufzc3g6kR+9Pe236twL8j3IYT1F7GfRgGcW6MWxzZjLIkuHIg==", + "version": "6.1.7", + "resolved": "https://registry.npmjs.org/defu/-/defu-6.1.7.tgz", + "integrity": "sha512-7z22QmUWiQ/2d0KkdYmANbRUVABpZ9SNYyH5vx6PZ+nE5bcC0l7uFvEfHlyld/HcGBFTL536ClDt3DEcSlEJAQ==", "license": "MIT" }, "node_modules/delegates": {