jason.woltje/professional-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): remediate Trivy HIGH findings on main image
All checks were successful
ci/woodpecker/pr/web Pipeline was successful
Details
ci/woodpecker/push/web Pipeline was successful
Details

Browse Source 
- Bump next 16.2.2 -> 16.2.3 (GHSA-q4gf-8mx6-v5v3 RSC DoS)
- pnpm overrides: minimatch>=10.2.3, picomatch>=4.0.4, tar>=7.5.11
  (CVE-2026-27903/27904, 33671, 29786, 31802)
- Dockerfile runner: apk upgrade --no-cache pulls patched openssl 3.5.6-r0
  and zlib 1.3.2-r0 before installing wget (CVE-2026-28390, 22184)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-04-13 22:37:52 -05:00
parent c85e76e5cd
commit 0637992723
4 changed files with 84 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
package.json
View File

@@ -23,7 +23,7 @@
"@payloadcms/ui": "^3.50.0",
"graphql": "^16.11.0",
"lucide-react": "^0.468.0",
"next": "16.2.2",
"next": "16.2.3",
"payload": "^3.50.0",
"react": "19.2.0",
"react-dom": "19.2.0",
@@ -46,5 +46,12 @@
"engines": {
"node": ">=20.9.0"
},
"packageManager": "pnpm@10.31.0"
"packageManager": "pnpm@10.31.0",
"pnpm": {
"overrides": {
"minimatch@<10.2.3": ">=10.2.3",
"picomatch@<4.0.4": ">=4.0.4",
"tar@<7.5.11": ">=7.5.11"
}
}
}