From bb4a863f8d0738a1c6b4a89269b87d64a0603200 Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Wed, 10 Dec 2025 11:55:31 +0100 Subject: [PATCH] =?UTF-8?q?=E2=AC=86=EF=B8=8F(frontend)=20manually=20upgra?= =?UTF-8?q?de=20Alpine=20dependencies=20to=20fix=20libpng=20vul?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Manually update libexpat to 1.6.53-r0 in Alpine 3.21.3 base image to address CVE-2025-64720, CVE-2025-65018, CVE-2025-66293 high-severity vulnerability until newer Alpine base image becomes available, ensuring Trivy security scans pass. --- docker/dinum-frontend/Dockerfile | 7 ++++++- src/frontend/Dockerfile | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/docker/dinum-frontend/Dockerfile b/docker/dinum-frontend/Dockerfile index 1e94968a..85af99fc 100644 --- a/docker/dinum-frontend/Dockerfile +++ b/docker/dinum-frontend/Dockerfile @@ -42,7 +42,12 @@ COPY ./docker/dinum-frontend/fonts/ \ FROM nginxinc/nginx-unprivileged:alpine3.21 AS frontend-production USER root -RUN apk update && apk upgrade libssl3 libcrypto3 libxml2>=2.12.7-r2 libxslt>=1.1.39-r2 libexpat>=2.7.2-r0 +RUN apk update && apk upgrade libssl3 \ + libcrypto3 \ + libxml2>=2.12.7-r2 \ + libxslt>=1.1.39-r2 \ + libexpat>=2.7.2-r0 \ + libpng>=1.6.53-r0 USER nginx diff --git a/src/frontend/Dockerfile b/src/frontend/Dockerfile index 735a3f06..535f35fa 100644 --- a/src/frontend/Dockerfile +++ b/src/frontend/Dockerfile @@ -38,7 +38,12 @@ RUN npm run build FROM nginxinc/nginx-unprivileged:alpine3.21 AS frontend-production USER root -RUN apk update && apk upgrade libssl3 libcrypto3 libxml2>=2.12.7-r2 libxslt>=1.1.39-r2 libexpat>=2.7.2-r0 +RUN apk update && apk upgrade libssl3 \ + libcrypto3 \ + libxml2>=2.12.7-r2 \ + libxslt>=1.1.39-r2 \ + libexpat>=2.7.2-r0 \ + libpng>=1.6.53-r0 USER nginx