Commit af81fd2
committed
fix: resolve critical vulnerabilities and upgrade Docker base image
Security Updates:
- Update protobufjs 7.5.4→7.5.6 (CVE-2026-41242 RCE fix)
- Update handlebars 4.7.8→4.7.9 (CVE-2026-33937 template injection)
- Update form-data 2.3.3→4.0.5 (CVE-2025-7783 critical fix)
- Update winston 3.4.0→3.19.0, express 4.22.1→5.2.1
- Update helmet 7.2.0→8.1.0, bcrypt 5.1.1→6.0.0
- Update validator, unzipper, supertest to latest secure versions
Dependency Management:
- Add explicit versions for protobufjs, handlebars, form-data to package.json
- Force secure versions of transitive dependencies via dependency pinning
- Prevent vulnerable versions from being pulled by parent packages
Infrastructure:
- Upgrade Docker base image: node:24-alpine3.21 → node:24-alpine3.23
- Improve container security with latest Alpine Linux patches
Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>1 parent 0c12bd1 commit af81fd2
1 file changed
Lines changed: 2 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
128 | 128 | | |
129 | 129 | | |
130 | 130 | | |
131 | | - | |
| 131 | + | |
132 | 132 | | |
133 | | - | |
| 133 | + | |
134 | 134 | | |
135 | 135 | | |
136 | 136 | | |
| |||
0 commit comments