From 9cb9998384e999a1a90f24ecd0efdd19fd4db7f8 Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Tue, 30 Sep 2025 14:58:05 +0200 Subject: [PATCH] =?UTF-8?q?=E2=AC=86=EF=B8=8F(frontend)=20manually=20upgra?= =?UTF-8?q?de=20Alpine=20dependencies=20to=20fix=20libexpat=20vul?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Manually update libexpat to 2.7.2-r0 in Alpine 3.21.3 base image to address CVE-2025-59375 high-severity vulnerability until newer Alpine base image becomes available, ensuring Trivy security scans pass. --- docker/dinum-frontend/Dockerfile | 2 +- src/frontend/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/dinum-frontend/Dockerfile b/docker/dinum-frontend/Dockerfile index c56f24d8..cf8680e0 100644 --- a/docker/dinum-frontend/Dockerfile +++ b/docker/dinum-frontend/Dockerfile @@ -42,7 +42,7 @@ COPY ./docker/dinum-frontend/fonts/ \ FROM nginxinc/nginx-unprivileged:alpine3.21 AS frontend-production USER root -RUN apk update && apk upgrade libssl3 libcrypto3 libxml2>=2.12.7-r2 libxslt>=1.1.39-r2 +RUN apk update && apk upgrade libssl3 libcrypto3 libxml2>=2.12.7-r2 libxslt>=1.1.39-r2 libexpat>=2.7.2-r0 USER nginx diff --git a/src/frontend/Dockerfile b/src/frontend/Dockerfile index 620ba4da..735a3f06 100644 --- a/src/frontend/Dockerfile +++ b/src/frontend/Dockerfile @@ -38,7 +38,7 @@ RUN npm run build FROM nginxinc/nginx-unprivileged:alpine3.21 AS frontend-production USER root -RUN apk update && apk upgrade libssl3 libcrypto3 libxml2>=2.12.7-r2 libxslt>=1.1.39-r2 +RUN apk update && apk upgrade libssl3 libcrypto3 libxml2>=2.12.7-r2 libxslt>=1.1.39-r2 libexpat>=2.7.2-r0 USER nginx