From d1f73f18cd623e4001f9169368f4169b6ed996cb Mon Sep 17 00:00:00 2001
From: Jacques ROUSSEL <jacques.roussel@rouaje.com>
Date: Wed, 21 May 2025 10:49:01 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(front)=20improve=20docker?=
 =?UTF-8?q?=20image=20security?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Cyberwatch reported security issues with the frontend Docker image.
---
 src/frontend/Dockerfile | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/src/frontend/Dockerfile b/src/frontend/Dockerfile
index 16695518..2772dafd 100644
--- a/src/frontend/Dockerfile
+++ b/src/frontend/Dockerfile
@@ -50,19 +50,7 @@ ENV NEXT_PUBLIC_PUBLISH_AS_MIT=${PUBLISH_AS_MIT}
 RUN yarn build
 
 # ---- Front-end image ----
-FROM nginxinc/nginx-unprivileged:1.27-alpine AS frontend-production
-
-# Remove the upgrade part once nginx has published
-# a new image that fixes the CVE related to libxml2
-ARG UID=101
-USER root
-
-# Upgrade system packages to install security updates
-RUN apk update && \
-  apk upgrade && \
-  rm -rf /var/cache/apk/*
-
-USER $UID
+FROM nginxinc/nginx-unprivileged:alpine3.21 AS frontend-production
 
 # Un-privileged user running the application
 ARG DOCKER_USER