fix(#180): Update pnpm to 10.27.0 in Dockerfiles
Updated pnpm version from 10.19.0 to 10.27.0 to fix HIGH severity vulnerabilities (CVE-2025-69262, CVE-2025-69263, CVE-2025-6926). Changes: - apps/api/Dockerfile: line 8 - apps/web/Dockerfile: lines 8 and 81 Fixes #180
This commit is contained in:
36
docs/scratchpads/180-security-pnpm-dockerfiles.md
Normal file
36
docs/scratchpads/180-security-pnpm-dockerfiles.md
Normal file
@@ -0,0 +1,36 @@
|
||||
# Issue #180: Update pnpm to 10.27.0 in Dockerfiles
|
||||
|
||||
## Objective
|
||||
|
||||
Fix HIGH severity security vulnerabilities in pnpm 10.19.0 by upgrading to pnpm 10.27.0 in Docker build configurations.
|
||||
|
||||
## Approach
|
||||
|
||||
1. Update pnpm version in apps/api/Dockerfile (line 8)
|
||||
2. Update pnpm version in apps/web/Dockerfile (lines 8 and 81)
|
||||
3. Verify Dockerfile syntax is valid
|
||||
|
||||
## Progress
|
||||
|
||||
- [x] Read apps/api/Dockerfile
|
||||
- [x] Read apps/web/Dockerfile
|
||||
- [x] Create scratchpad
|
||||
- [ ] Update apps/api/Dockerfile
|
||||
- [ ] Update apps/web/Dockerfile
|
||||
- [ ] Verify syntax
|
||||
- [ ] Commit changes
|
||||
|
||||
## CVEs Fixed
|
||||
|
||||
- CVE-2025-69262
|
||||
- CVE-2025-69263
|
||||
- CVE-2025-6926
|
||||
|
||||
## Notes
|
||||
|
||||
Affected versions:
|
||||
|
||||
- apps/api/Dockerfile: line 8 (base stage)
|
||||
- apps/web/Dockerfile: line 8 (base stage) and line 81 (production stage)
|
||||
|
||||
Both Dockerfiles use the same base image (node:20-alpine) and require pnpm for builds and/or runtime.
|
||||
Reference in New Issue
Block a user