diff --git a/CHANGELOG.md b/CHANGELOG.md index fd61c38f..7acabdb3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ and this project adheres to - 📝(frontend) Update documentation - ✅(frontend) Improve tests coverage - ⬆️(docker) upgrade backend image to python 3.13 #973 +- ⬆️(docker) upgrade node images to alpine 3.21 ### Removed diff --git a/src/frontend/Dockerfile b/src/frontend/Dockerfile index 6aa3fcbe..16695518 100644 --- a/src/frontend/Dockerfile +++ b/src/frontend/Dockerfile @@ -1,4 +1,9 @@ -FROM node:20-alpine AS frontend-deps +FROM node:24-alpine AS frontend-deps + +# Upgrade system packages to install security updates +RUN apk update && \ + apk upgrade && \ + rm -rf /var/cache/apk/* WORKDIR /home/frontend/ @@ -45,7 +50,19 @@ ENV NEXT_PUBLIC_PUBLISH_AS_MIT=${PUBLISH_AS_MIT} RUN yarn build # ---- Front-end image ---- -FROM nginxinc/nginx-unprivileged:1.26-alpine AS frontend-production +FROM nginxinc/nginx-unprivileged:1.27-alpine AS frontend-production + +# Remove the upgrade part once nginx has published +# a new image that fixes the CVE related to libxml2 +ARG UID=101 +USER root + +# Upgrade system packages to install security updates +RUN apk update && \ + apk upgrade && \ + rm -rf /var/cache/apk/* + +USER $UID # Un-privileged user running the application ARG DOCKER_USER diff --git a/src/frontend/servers/y-provider/Dockerfile b/src/frontend/servers/y-provider/Dockerfile index 2e16bdd5..01cf725b 100644 --- a/src/frontend/servers/y-provider/Dockerfile +++ b/src/frontend/servers/y-provider/Dockerfile @@ -1,4 +1,11 @@ -FROM node:20-alpine AS y-provider-builder +FROM node:22.9-alpine AS base + +# Upgrade system packages to install security updates +RUN apk update && \ + apk upgrade && \ + rm -rf /var/cache/apk/* + +FROM base AS y-provider-builder WORKDIR /home/frontend/ @@ -15,7 +22,7 @@ COPY ./src/frontend/servers/y-provider ./servers/y-provider WORKDIR /home/frontend/servers/y-provider RUN yarn build -FROM node:20-alpine AS y-provider +FROM base AS y-provider WORKDIR /home/frontend/