From 9d3dfb6de7b7b15dcc35f83240c979389c887792 Mon Sep 17 00:00:00 2001
From: Manuel Raynaud <manu@raynaud.io>
Date: Fri, 16 May 2025 10:22:37 +0200
Subject: [PATCH] =?UTF-8?q?=E2=AC=86=EF=B8=8F(docker)=20upgrade=20node=20i?=
 =?UTF-8?q?mages=20to=20alpine=203.21?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We need to upgrade our images to alpine 3.21 in order to fix a CVE
related to libxml2. We also upgrade node to version 24
---
 CHANGELOG.md                               |  1 +
 src/frontend/Dockerfile                    | 21 +++++++++++++++++++--
 src/frontend/servers/y-provider/Dockerfile | 11 +++++++++--
 3 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fd61c38f..7acabdb3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,7 @@ and this project adheres to
 - 📝(frontend) Update documentation
 - ✅(frontend) Improve tests coverage
 - ⬆️(docker) upgrade backend image to python 3.13 #973
+- ⬆️(docker) upgrade node images to alpine 3.21
 
 
 ### Removed
diff --git a/src/frontend/Dockerfile b/src/frontend/Dockerfile
index 6aa3fcbe..16695518 100644
--- a/src/frontend/Dockerfile
+++ b/src/frontend/Dockerfile
@@ -1,4 +1,9 @@
-FROM node:20-alpine AS frontend-deps
+FROM node:24-alpine AS frontend-deps
+
+# Upgrade system packages to install security updates
+RUN apk update && \
+  apk upgrade && \
+  rm -rf /var/cache/apk/*
 
 WORKDIR /home/frontend/
 
@@ -45,7 +50,19 @@ ENV NEXT_PUBLIC_PUBLISH_AS_MIT=${PUBLISH_AS_MIT}
 RUN yarn build
 
 # ---- Front-end image ----
-FROM nginxinc/nginx-unprivileged:1.26-alpine AS frontend-production
+FROM nginxinc/nginx-unprivileged:1.27-alpine AS frontend-production
+
+# Remove the upgrade part once nginx has published
+# a new image that fixes the CVE related to libxml2
+ARG UID=101
+USER root
+
+# Upgrade system packages to install security updates
+RUN apk update && \
+  apk upgrade && \
+  rm -rf /var/cache/apk/*
+
+USER $UID
 
 # Un-privileged user running the application
 ARG DOCKER_USER
diff --git a/src/frontend/servers/y-provider/Dockerfile b/src/frontend/servers/y-provider/Dockerfile
index 2e16bdd5..01cf725b 100644
--- a/src/frontend/servers/y-provider/Dockerfile
+++ b/src/frontend/servers/y-provider/Dockerfile
@@ -1,4 +1,11 @@
-FROM node:20-alpine AS y-provider-builder
+FROM node:22.9-alpine AS base
+
+# Upgrade system packages to install security updates
+RUN apk update && \
+  apk upgrade && \
+  rm -rf /var/cache/apk/*
+
+FROM base AS y-provider-builder
 
 WORKDIR /home/frontend/
 
@@ -15,7 +22,7 @@ COPY ./src/frontend/servers/y-provider ./servers/y-provider
 WORKDIR /home/frontend/servers/y-provider
 RUN yarn build
 
-FROM node:20-alpine AS y-provider
+FROM base AS y-provider
 
 WORKDIR /home/frontend/