cs_betty/cartsnitch-fork-test
1
0
Fork 0
forked from cartsnitch/cartsnitch
Code Pull Requests Activity

fix: remediate high-severity CVEs in Docker images

Browse Source 
- Add apk upgrade to frontend Dockerfile (build + prod stages)
- Add apk upgrade to auth Dockerfile (build + runtime stages)
- Add apt-get upgrade to api Dockerfile (build + prod stages)
- Add apt-get upgrade to receiptwitness Dockerfile (build + prod stages)
- Run npm audit fix for frontend and auth dependencies

Refs: CAR-616
Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Paperclip
2026-04-14 23:51:42 +00:00
parent 8592701382
commit e1d77d7789
5 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+4 -1
View File
@@ -1,6 +1,6 @@
# Stage 1: Build
FROM node:20-alpine AS build
RUN apk update && apk upgrade --no-cache
WORKDIR /app
COPY package.json package-lock.json ./
@@ -11,6 +11,9 @@ RUN npm run build
# Stage 2: Production — uses nginxinc/nginx-unprivileged which runs as non-root (UID 101)
FROM nginxinc/nginx-unprivileged:stable-alpine AS prod
USER root
RUN apk update && apk upgrade --no-cache
USER 101
COPY --from=build /app/dist /usr/share/nginx/html
COPY nginx.conf /etc/nginx/conf.d/default.conf