Skip to content

Commit 7bc699e

Browse files
kantordclaude
andauthored
fix: remediate vulnerabilities (#519)
* fix: pin node:24.18.0-alpine to Alpine 3.24.1 to remediate OpenSSL CVEs Pins both Dockerfiles to node:24.18.0-alpine at the digest that ships libcrypto3/libssl3 3.5.7-r0, fixing 15 CVEs from the June 9 2026 OpenSSL advisory: CVE-2026-34180..34183, CVE-2026-42764, CVE-2026-42766..42770, CVE-2026-45445..45447, CVE-2026-7383, CVE-2026-9076 Ref: https://alpinelinux.org/posts/Alpine-3.24.1-released.html Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * fix: pin node:24.18.0-alpine to Alpine 3.24.1 to remediate OpenSSL CVEs Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * fix: upgrade deps to remediate npm audit vulnerabilities Upgrades to fix 16 moderate/high CVEs: - better-auth: 1.6.2 → ^1.6.11 (fixes GHSA-cq3f-vc6p-68fh) - vite: ^8.0.5 → ^8.0.16 (fixes GHSA-fx2h-pf6j-xcff, GHSA-v6wh-96g9-6wx3) - Transitive: undici → 7.28.0, hono → >=4.12.25, qs → >=6.15.2, shell-quote → >=1.8.4, js-yaml 3.x → 3.15.0, js-yaml 4.x → 4.3.0 Also migrates pnpm overrides from package.json to pnpm-workspace.yaml, which is required by pnpm v10. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
1 parent 15bba8a commit 7bc699e

5 files changed

Lines changed: 296 additions & 272 deletions

File tree

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM node:24-alpine AS base
1+
FROM node:24.18.0-alpine@sha256:a0b9bf06e4e6193cf7a0f58816cc935ff8c2a908f81e6f1a95432d679c54fbfd AS base
22

33
# Install dependencies only when needed
44
FROM base AS deps

dev-auth/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# OIDC Mock Provider for Development
2-
FROM node:24-alpine
2+
FROM node:24.18.0-alpine@sha256:a0b9bf06e4e6193cf7a0f58816cc935ff8c2a908f81e6f1a95432d679c54fbfd
33

44
WORKDIR /app
55

package.json

Lines changed: 2 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@
5252
"ai-sdk-ollama": "^3.0.0",
5353
"ajv": "^8.17.1",
5454
"ajv-formats": "^3.0.1",
55-
"better-auth": "1.6.2",
55+
"better-auth": "^1.6.11",
5656
"class-variance-authority": "0.7.1",
5757
"clsx": "2.1.1",
5858
"date-fns": "^4.1.0",
@@ -101,7 +101,7 @@
101101
"tailwindcss": "^4",
102102
"tsx": "4.21.0",
103103
"typescript": "^6.0.2",
104-
"vite": "^8.0.5",
104+
"vite": "^8.0.16",
105105
"vite-tsconfig-paths": "^6.0.0",
106106
"vitest": "^4.0.8",
107107
"vitest-fail-on-console": "^0.10.1"
@@ -110,26 +110,5 @@
110110
"*.{ts,tsx,js,jsx,json,css}": [
111111
"biome check --write --no-errors-on-unmatched"
112112
]
113-
},
114-
"pnpm": {
115-
"overrides": {
116-
"express-rate-limit": ">=8.2.2",
117-
"lodash": ">=4.17.23",
118-
"lodash-es": ">=4.17.23",
119-
"hono": ">=4.12.18",
120-
"@hono/node-server": "^1.19.14",
121-
"defu": "^6.1.5",
122-
"rollup": ">=4.59.0",
123-
"undici": "7.24.6",
124-
"kysely": ">=0.28.17 <0.29.0",
125-
"picomatch": ">=4.0.4",
126-
"qs": ">=6.14.2",
127-
"yaml": ">=2.8.3",
128-
"path-to-regexp@>=8.0.0 <8.4.0": "8.4.0",
129-
"path-to-regexp@>=0.1.0 <0.1.13": "0.1.13",
130-
"postcss": ">=8.5.10",
131-
"fast-uri": ">=3.1.2",
132-
"ip-address": ">=10.1.1"
133-
}
134113
}
135114
}

0 commit comments

Comments
 (0)