Updated vulnerable packages (#1573)

* Updated vulnerable packages and Updated all Dockerfiles to use Node.js 24

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

* Fix: Resolve Dockerfile vulnerabilities and cleanup

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

* Fix: Resolve the Coderabit changes

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

* Fix: Resolve Dockerfile vulnerabilities and cleanup

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

* Fix: Resolve the sonarqube changes

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

* Fix: Resolve the sonarqube changes

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

* Fix: Resolve the sonarqube changes

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

* Fix: Resolve the sonarqube changes

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

* Fixed coderabit suggested changes

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

* Fixed coderabit suggested changes

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

* All 19 Dockerfiles have been updated consistently while maintaining their specific functionality requirements. The changes make the containers more secure and reduce potential vulnerabilities that would
be flagged by Trivy scans.

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

* fixed agent proviosining issue

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

* Added stable version of openssl

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

* Added stable version of openssl

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

---------

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

Author: DeepakNemad

Dockerfiles/Dockerfile.agent-provisioning

@@ -1,8 +1,8 @@
 # Stage 1: Build the application
-FROM node:18-alpine as build
+FROM  node:24-alpine3.21 AS build
 # Install OpenSSL
 RUN apk update && apk upgrade
-RUN apk add --no-cache openssl
+RUN apk add --no-cache openssl=3.3.3-r0
 RUN set -eux \
     && apk --no-cache add \
         openssh-client \
@@ -38,10 +38,10 @@ RUN ls -R /app/apps/agent-provisioning/AFJ/
 RUN pnpm run build agent-provisioning
 
 # Stage 2: Create the final image
-FROM node:18-alpine as prod
+FROM  node:24-alpine3.21
 # Install OpenSSL
 RUN apk update && apk upgrade
-RUN apk add --no-cache openssl
+RUN apk add --no-cache openssl=3.3.3-r0
 RUN set -eux \
     && apk --no-cache add \
         openssh-client \

Dockerfiles/Dockerfile.agent-service

@@ -1,57 +1,36 @@
 # Stage 1: Build the application
-FROM node:18-alpine as build
-# Install OpenSSL
-RUN apk add --no-cache openssl
-RUN npm install -g pnpm --ignore-scripts \
-    && apk update \
-    && apk add openssh-client \
-    && apk add aws-cli \
-    && apk add docker \
-    && apk add docker-compose 
-    
-RUN npm install -g pnpm
-# Set the working directory
+FROM node:24-alpine3.21 AS build
+RUN apk update && apk upgrade && apk add --no-cache \
+    openssl=3.3.3-r0 \
+    openssh-client \
+    aws-cli \
+    docker \
+    docker-compose \
+    && rm -rf /var/cache/apk/*
+RUN npm install -g pnpm@9.15.3 --ignore-scripts
 WORKDIR /app
-
-# Copy package.json and package-lock.json
-COPY package.json ./
-COPY pnpm-workspace.yaml ./
-
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 ENV PUPPETEER_SKIP_DOWNLOAD=true
-
-# Install dependencies while ignoring scripts (including Puppeteer's installation)
-RUN pnpm i --ignore-scripts
-
-# Copy the rest of the application code
+RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
-# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
 RUN cd libs/prisma-service && npx prisma generate
-
-# Build the user service
 RUN pnpm run build agent-service
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:18-alpine
-# Install OpenSSL
-RUN apk add --no-cache openssl
-RUN npm install -g pnpm --ignore-scripts \
-    && apk update \
-    && apk add openssh-client \
-    && apk add aws-cli \
-    && apk add docker \
-    && apk add docker-compose 
-
-# RUN npm install -g pnpm
-# Set the working directory
+FROM node:24-alpine3.21
+RUN apk update && apk upgrade && apk add --no-cache \
+    openssl=3.3.3-r0 \
+    openssh-client \
+    aws-cli \
+    docker \
+    docker-compose \
+    && rm -rf /var/cache/apk/* \
+    && addgroup -g 1001 -S nodejs \
+    && adduser -S nextjs -u 1001
 WORKDIR /app
-
-# Copy the compiled code from the build stage
 COPY --from=build /app/dist/apps/agent-service/ ./dist/apps/agent-service/
-
-# Copy the libs folder from the build stage
 COPY --from=build /app/libs/ ./libs/
-#COPY --from=build /app/package.json ./  
-COPY --from=build /app/node_modules  ./node_modules
-
-# Set the command to run the microservice
-CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/agent-service/main.js"]
+COPY --from=build /app/node_modules ./node_modules
+USER nextjs
+CMD ["node", "dist/apps/agent-service/main.js"]

Dockerfiles/Dockerfile.api-gateway

@@ -1,44 +1,26 @@
 # Stage 1: Build the application
-FROM node:18-alpine as build
-# Install OpenSSL
-RUN apk add --no-cache openssl
-RUN npm install -g pnpm
-# Set the working directory
+FROM node:24-alpine3.21 AS build
+RUN apk update && apk upgrade && apk add --no-cache openssl=3.3.3-r0 \
+    && rm -rf /var/cache/apk/*
+RUN npm install -g pnpm@9.15.3 --ignore-scripts
 WORKDIR /app
-
-# Copy package.json and package-lock.json
-COPY package.json ./
-COPY pnpm-workspace.yaml ./
-# COPY package-lock.json ./
-
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 ENV PUPPETEER_SKIP_DOWNLOAD=true
-
-# Install dependencies while ignoring scripts (including Puppeteer's installation)
-RUN pnpm i --ignore-scripts
-
-# Copy the rest of the application code
+RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
-# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
 RUN cd libs/prisma-service && npx prisma generate
-
-# Build the api-gateway service
 RUN pnpm run build api-gateway
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:18-alpine
-# Install OpenSSL
-RUN apk add --no-cache openssl
-
-# Set the working directory
+FROM node:24-alpine3.21
+RUN apk update && apk upgrade && apk add --no-cache openssl=3.3.3-r0 \
+    && rm -rf /var/cache/apk/* \
+    && addgroup -g 1001 -S nodejs \
+    && adduser -S nextjs -u 1001
 WORKDIR /app
-
-# Copy the compiled code from the build stage
 COPY --from=build /app/dist/apps/api-gateway/ ./dist/apps/api-gateway/
-
-# Copy the libs folder from the build stage
 COPY --from=build /app/libs/ ./libs/
-COPY --from=build /app/node_modules  ./node_modules
-# COPY --from=build /app/uploadedFiles ./uploadedFiles
-
-# Set the command to run the microservice
-CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/api-gateway/main.js"]
+COPY --from=build /app/node_modules ./node_modules
+USER nextjs
+CMD ["node", "dist/apps/api-gateway/main.js"]

Dockerfiles/Dockerfile.cloud-wallet

@@ -1,46 +1,26 @@
 # Stage 1: Build the application
-FROM node:18-alpine AS build
-# Install OpenSSL
-RUN apk add --no-cache openssl
-RUN npm install -g pnpm
-
-# Set the working directory
+FROM node:24-alpine3.21 AS build
+RUN apk update && apk upgrade && apk add --no-cache openssl=3.3.3-r0 \
+    && rm -rf /var/cache/apk/*
+RUN npm install -g pnpm@9.15.3 --ignore-scripts
 WORKDIR /app
-
-# Copy package.json and package-lock.json
-COPY package.json ./
-COPY pnpm-workspace.yaml ./
-
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 ENV PUPPETEER_SKIP_DOWNLOAD=true
-
-# Install dependencies while ignoring scripts (including Puppeteer's installation)
-RUN pnpm i --ignore-scripts
-
-# Copy the rest of the application code
+RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
-# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
 RUN cd libs/prisma-service && npx prisma generate
-
-# Build the user service
 RUN pnpm run build cloud-wallet
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:18-alpine
-
-RUN apk add --no-cache openssl
-
-# Set the working directory
+FROM node:24-alpine3.21
+RUN apk update && apk upgrade && apk add --no-cache openssl=3.3.3-r0 \
+    && rm -rf /var/cache/apk/* \
+    && addgroup -g 1001 -S nodejs \
+    && adduser -S nextjs -u 1001
 WORKDIR /app
-# RUN npm install -g pnpm
-
-# Copy the compiled code from the build stage
 COPY --from=build /app/dist/apps/cloud-wallet/ ./dist/apps/cloud-wallet/
-
-# Copy the libs folder from the build stage
 COPY --from=build /app/libs/ ./libs/
-#COPY --from=build /app/package.json ./  
-COPY --from=build /app/node_modules  ./node_modules
-
-
-# Set the command to run the microservice
-CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/cloud-wallet/main.js"]
+COPY --from=build /app/node_modules ./node_modules
+USER nextjs
+CMD ["node", "dist/apps/cloud-wallet/main.js"]

Dockerfiles/Dockerfile.connection

@@ -1,47 +1,26 @@
 # Stage 1: Build the application
-FROM node:18-alpine as build
-# Install OpenSSL
-RUN apk add --no-cache openssl
-RUN npm install -g pnpm
-# Set the working directory
+FROM node:24-alpine3.21 AS build
+RUN apk update && apk upgrade && apk add --no-cache openssl=3.3.3-r0 \
+     && rm -rf /var/cache/apk/*
+RUN npm install -g pnpm@9.15.3 --ignore-scripts
 WORKDIR /app
-
-# Copy package.json and package-lock.json
-COPY package.json ./
-COPY pnpm-workspace.yaml ./
-#COPY package-lock.json ./
-
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 ENV PUPPETEER_SKIP_DOWNLOAD=true
-
-# Install dependencies while ignoring scripts (including Puppeteer's installation)
-RUN pnpm i --ignore-scripts
-
-# Copy the rest of the application code
+RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
-# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
 RUN cd libs/prisma-service && npx prisma generate
-
-# Build the connection service
 RUN pnpm run build connection
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:18-alpine
-# Install OpenSSL
-RUN apk add --no-cache openssl
-# RUN npm install -g pnpm
-# Set the working directory
+FROM node:24-alpine3.21
+RUN apk update && apk upgrade && apk add --no-cache openssl=3.3.3-r0 \
+    && rm -rf /var/cache/apk/* \
+    && addgroup -g 1001 -S nodejs \
+    && adduser -S nextjs -u 1001
 WORKDIR /app
-
-# Copy the compiled code from the build stage
 COPY --from=build /app/dist/apps/connection/ ./dist/apps/connection/
-
-# Copy the libs folder from the build stage
 COPY --from=build /app/libs/ ./libs/
-#COPY --from=build /app/package.json ./  
-COPY --from=build /app/node_modules  ./node_modules
-
-# Install production dependencies for the final image
-#RUN npm i --only=production
-
-# Set the command to run the microservice
-CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/connection/main.js"]
+COPY --from=build /app/node_modules ./node_modules
+USER nextjs
+CMD ["node", "dist/apps/connection/main.js"]

Dockerfiles/Dockerfile.ecosystem

@@ -1,44 +1,26 @@
 # Stage 1: Build the application
-FROM node:18-alpine as build
-# Install OpenSSL
-RUN apk add --no-cache openssl
-RUN npm install -g pnpm
-# Set the working directory
+FROM node:24-alpine3.21 AS build
+RUN apk update && apk upgrade && apk add --no-cache openssl=3.3.3-r0 \
+     && rm -rf /var/cache/apk/*
+RUN npm install -g pnpm@9.15.3 --ignore-scripts
 WORKDIR /app
-
-# Copy package.json and package-lock.json
-COPY package.json ./
-COPY pnpm-workspace.yaml ./
-#COPY package-lock.json ./
-
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 ENV PUPPETEER_SKIP_DOWNLOAD=true
-
-# Install dependencies while ignoring scripts (including Puppeteer's installation)
-RUN pnpm i --ignore-scripts
-
-# Copy the rest of the application code
+RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
-# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
 RUN cd libs/prisma-service && npx prisma generate
-
-# Build the connection service
 RUN pnpm run build ecosystem
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:18-alpine
-# Install OpenSSL
-RUN apk add --no-cache openssl
-# RUN npm install -g pnpm
-# Set the working directory
+FROM node:24-alpine3.21
+RUN apk update && apk upgrade && apk add --no-cache openssl=3.3.3-r0 \
+    && rm -rf /var/cache/apk/* \
+    && addgroup -g 1001 -S nodejs \
+    && adduser -S nextjs -u 1001
 WORKDIR /app
-
-# Copy the compiled code from the build stage
 COPY --from=build /app/dist/apps/ecosystem/ ./dist/apps/ecosystem/
-
-# Copy the libs folder from the build stage
 COPY --from=build /app/libs/ ./libs/
-#COPY --from=build /app/package.json ./  
-COPY --from=build /app/node_modules  ./node_modules
-
-# Set the command to run the microservice
-CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/ecosystem/main.js"]
+COPY --from=build /app/node_modules ./node_modules
+USER nextjs
+CMD ["node", "dist/apps/ecosystem/main.js"]