Jason Woltje
a5416e4a66
Updated pnpm version from 10.19.0 to 10.27.0 to fix HIGH severity vulnerabilities (CVE-2025-69262, CVE-2025-69263, CVE-2025-6926). Changes: - apps/api/Dockerfile: line 8 - apps/web/Dockerfile: lines 8 and 81 Fixes #180
37 lines
880 B
Markdown
37 lines
880 B
Markdown
# Issue #180: Update pnpm to 10.27.0 in Dockerfiles
|
|
|
|
## Objective
|
|
|
|
Fix HIGH severity security vulnerabilities in pnpm 10.19.0 by upgrading to pnpm 10.27.0 in Docker build configurations.
|
|
|
|
## Approach
|
|
|
|
1. Update pnpm version in apps/api/Dockerfile (line 8)
|
|
2. Update pnpm version in apps/web/Dockerfile (lines 8 and 81)
|
|
3. Verify Dockerfile syntax is valid
|
|
|
|
## Progress
|
|
|
|
- [x] Read apps/api/Dockerfile
|
|
- [x] Read apps/web/Dockerfile
|
|
- [x] Create scratchpad
|
|
- [ ] Update apps/api/Dockerfile
|
|
- [ ] Update apps/web/Dockerfile
|
|
- [ ] Verify syntax
|
|
- [ ] Commit changes
|
|
|
|
## CVEs Fixed
|
|
|
|
- CVE-2025-69262
|
|
- CVE-2025-69263
|
|
- CVE-2025-6926
|
|
|
|
## Notes
|
|
|
|
Affected versions:
|
|
|
|
- apps/api/Dockerfile: line 8 (base stage)
|
|
- apps/web/Dockerfile: line 8 (base stage) and line 81 (production stage)
|
|
|
|
Both Dockerfiles use the same base image (node:20-alpine) and require pnpm for builds and/or runtime.
|