[FOLIO-3634] platform-complete Dockerfile apk upgrade Node and nginx fixing curl Created: 08/Nov/22  Updated: 09/Nov/22  Resolved: 09/Nov/22

Status: Closed
Project: FOLIO
Components: Continuous Integration
Affects versions: None
Fix versions: None

Type: Bug Priority: TBD
Reporter: Julian Ladisch Assignee: Julian Ladisch
Resolution: Done Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to FOLIO-3632 platform-minimal Dockerfile node:16-a... Closed
relates to FOLIO-3633 platform-core Dockerfile apk upgrade ... Closed
relates to FOLIO-3631 platform-minimal Dockerfile apk upgra... Closed
Sprint:
Development Team: Stripes Force
RCA Group: Related dependency upgrade

 Description   

Use apk upgrade in
https://github.com/folio-org/platform-complete/blob/master/docker/Dockerfile
to install latest patch versions of packages:
https://pythonspeed.com/articles/security-updates-in-docker/

This will upgrade curl fixing Double Free and Cleartext Transmission of Sensitive Information:
https://www.cve.org/CVERecord?id=CVE-2022-42915
https://www.cve.org/CVERecord?id=CVE-2022-42916
https://security.snyk.io/vuln/SNYK-ALPINE316-CURL-3063711

Replace

FROM node:lts-alpine3.14 as stripes_build

by

FROM node:16-alpine as stripes_build

because the alpine3.14 is no longer maintained and Node 16 is no longer active LTS. We need Node 16 because postcss-nesting doesn't support Node 18.


Generated at Thu Feb 08 23:29:34 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.