Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix semver vulnerability in base image #175

Merged
merged 3 commits into from
Jul 13, 2023
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 8 additions & 3 deletions app/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# This file is largely based on the template-application-flask Dockerfile and
# Next.js Docker example: https://github.com/vercel/next.js/blob/canary/examples/with-docker-compose
# =============================================================================
FROM node:18-alpine AS base
FROM node:18-bullseye-slim AS base
WORKDIR /app

# Install dependencies
Expand Down Expand Up @@ -56,9 +56,14 @@ RUN npm run build -- --no-lint
# Run the Next.js server
# =====================================
# Use clean image for release, excluding any unnecessary files or dependencies
FROM node:18-alpine AS release
FROM node:18-bullseye-slim AS release
WORKDIR /app

# As of July 13, 2023, 18-bullseye-slim has a vulnerability in the version of
# semver that it uses (GHSA-c2qf-rxjj-qqgw). Update npm to avoid the vulnerability
# being caught in vulnerability scans.
RUN npm install -g npm@latest
lorenyu marked this conversation as resolved.
Show resolved Hide resolved

# Don't run production as root
RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs
Expand All @@ -81,4 +86,4 @@ ENV PORT 3000

EXPOSE 3000

CMD ["node", "server.js"]
CMD ["node", "server.js"]
3 changes: 2 additions & 1 deletion app/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ export RUN_UID
##################################################
release-build:
docker buildx build \
--target release \
--platform=linux/amd64 \
--build-arg RUN_USER=$(RUN_USER) \
--build-arg RUN_UID=$(RUN_UID) \
Expand All @@ -45,4 +46,4 @@ storybook: # Run the Storybook local dev server in Docker
docker compose logs --follow storybook

stop:
docker-compose down
docker-compose down