mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
a5416e4a667a87e7a6905fd95e88575c2d798bfe
stack/docs/scratchpads/180-security-pnpm-dockerfiles.md
Jason Woltje a5416e4a66 fix(#180): Update pnpm to 10.27.0 in Dockerfiles 
Updated pnpm version from 10.19.0 to 10.27.0 to fix HIGH severity
vulnerabilities (CVE-2025-69262, CVE-2025-69263, CVE-2025-6926).

Changes:
- apps/api/Dockerfile: line 8
- apps/web/Dockerfile: lines 8 and 81

Fixes #180
2026-02-01 20:52:43 -06:00

880 B
Raw Blame History

Issue #180: Update pnpm to 10.27.0 in Dockerfiles

Objective

Fix HIGH severity security vulnerabilities in pnpm 10.19.0 by upgrading to pnpm 10.27.0 in Docker build configurations.

Approach

  1. Update pnpm version in apps/api/Dockerfile (line 8)
  2. Update pnpm version in apps/web/Dockerfile (lines 8 and 81)
  3. Verify Dockerfile syntax is valid

Progress

  • Read apps/api/Dockerfile
  • Read apps/web/Dockerfile
  • Create scratchpad
  • Update apps/api/Dockerfile
  • Update apps/web/Dockerfile
  • Verify syntax
  • Commit changes

CVEs Fixed

  • CVE-2025-69262
  • CVE-2025-69263
  • CVE-2025-6926

Notes

Affected versions:

  • apps/api/Dockerfile: line 8 (base stage)
  • apps/web/Dockerfile: line 8 (base stage) and line 81 (production stage)

Both Dockerfiles use the same base image (node:20-alpine) and require pnpm for builds and/or runtime.

Reference in New Issue View Git Blame Copy Permalink