fix(security): address CVE-2022-29244, CVE-2021-39135

Fixes hyperledger-cacti#2136 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
aldousalvarez · Jul 28, 2022 · afa8ed2 · afa8ed2
1 parent 00572ed
commit afa8ed2
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/examples/carbon-accounting/Dockerfile b/examples/carbon-accounting/Dockerfile
@@ -35,7 +35,7 @@ SHELL ["/bin/bash", "--login", "-i", "-c"]
 # Installing Node Version Manager (nvm)
 RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
 RUN source ~/.bashrc && \
- nvm install 16.8.0 && \
+ nvm install 16.15.1 && \
  npm install -g yarn && \
  yarn add @hyperledger/cactus-example-carbon-accounting-backend@0.9.1-ci-942.cbb849c6.35 --ignore-engines --production
 

diff --git a/examples/supply-chain-app/Dockerfile b/examples/supply-chain-app/Dockerfile
@@ -36,7 +36,7 @@ SHELL ["/bin/bash", "--login", "-i", "-c"]
 RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
 ARG NPM_PKG_VERSION=latest
 RUN source ~/.bashrc && \
- nvm install 16.8.0 && \
+ nvm install 16.15.1 && \
  npm install -g yarn && \
  yarn add @hyperledger/cactus-example-supply-chain-backend@${NPM_PKG_VERSION} --ignore-engines --production
 

diff --git a/packages/cactus-cmd-api-server/Dockerfile b/packages/cactus-cmd-api-server/Dockerfile
@@ -50,7 +50,7 @@ ENV API_PORT=4000
 ENV LOG_LEVEL=INFO
 
 ENV NVM_DIR /home/${APP_USER}/.nvm
-ENV NODE_VERSION 16.3.0
+ENV NODE_VERSION 16.15.1
 ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules
 ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH
 
@@ -61,7 +61,7 @@ RUN curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
  && nvm install $NODE_VERSION \
  && nvm alias default $NODE_VERSION \
  && nvm use default \
- && npm install -g npm@7.19.1
+ && npm install -g npm@8.11.0
 
 RUN npm install -g yarn@1.22.17
 RUN yarn add @hyperledger/cactus-cmd-api-server@${NPM_PKG_VERSION} --production