Merge pull request #1612 from credebl/security/fix-high-critical-vulnerabilities

DeepakNemad · web-flow · commit fcccd01681d3 · 2026-05-07T16:07:00.000+05:30
fix: resolve critical vulnerabilities and upgrade Docker base image
diff --git a/Dockerfiles/Dockerfile.agent-provisioning b/Dockerfiles/Dockerfile.agent-provisioning
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM  node:24-alpine3.21 AS build
+FROM  node:24-alpine3.23 AS build
 # Install OpenSSL
 RUN apk update && apk upgrade
 RUN apk add --no-cache openssl
@@ -38,7 +38,7 @@ RUN ls -R /app/apps/agent-provisioning/AFJ/
 RUN pnpm run build agent-provisioning
 
 # Stage 2: Create the final image
-FROM  node:24-alpine3.21
+FROM  node:24-alpine3.23
 # Install OpenSSL
 RUN apk update && apk upgrade
 RUN apk add --no-cache openssl
diff --git a/Dockerfiles/Dockerfile.agent-service b/Dockerfiles/Dockerfile.agent-service
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache \
     openssl \
     openssh-client \
@@ -18,7 +18,7 @@ RUN pnpm run build agent-service
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache \
     openssl \
     openssh-client \
diff --git a/Dockerfiles/Dockerfile.api-gateway b/Dockerfiles/Dockerfile.api-gateway
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build api-gateway
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.cloud-wallet b/Dockerfiles/Dockerfile.cloud-wallet
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build cloud-wallet
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.connection b/Dockerfiles/Dockerfile.connection
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build connection
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.ecosystem b/Dockerfiles/Dockerfile.ecosystem
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build ecosystem
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.geolocation b/Dockerfiles/Dockerfile.geolocation
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build geo-location
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.issuance b/Dockerfiles/Dockerfile.issuance
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build issuance
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.ledger b/Dockerfiles/Dockerfile.ledger
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build ledger
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.notification b/Dockerfiles/Dockerfile.notification
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
 WORKDIR /app
@@ -12,7 +12,7 @@ RUN pnpm run build notification
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.oid4vc-issuance b/Dockerfiles/Dockerfile.oid4vc-issuance
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
 WORKDIR /app
@@ -12,7 +12,7 @@ RUN pnpm run build oid4vc-issuance
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.oid4vc-verification b/Dockerfiles/Dockerfile.oid4vc-verification
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build oid4vc-verification
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.organization b/Dockerfiles/Dockerfile.organization
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build organization
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.seed b/Dockerfiles/Dockerfile.seed
@@ -1,4 +1,4 @@
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache \
     postgresql-client \
     openssl \
diff --git a/Dockerfiles/Dockerfile.user b/Dockerfiles/Dockerfile.user
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build user
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.utility b/Dockerfiles/Dockerfile.utility
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build utility
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.verification b/Dockerfiles/Dockerfile.verification
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build verification
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.webhook b/Dockerfiles/Dockerfile.webhook
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build webhook
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/Dockerfiles/Dockerfile.x509 b/Dockerfiles/Dockerfile.x509
@@ -1,5 +1,5 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM node:24-alpine3.23 AS build
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/*
 RUN npm install -g pnpm@9.15.3 --ignore-scripts
@@ -13,7 +13,7 @@ RUN pnpm run build x509
 RUN pnpm prune --prod
 
 # Stage 2: Create the final image
-FROM node:24-alpine3.21
+FROM node:24-alpine3.23
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
diff --git a/package.json b/package.json
@@ -63,8 +63,8 @@
     "async-retry": "^1.3.3",
     "auth0-js": "^9.30.1",
     "aws-sdk": "^2.1693.0",
-    "axios": "^1.13.5",
-    "bcrypt": "^5.1.1",
+    "axios": "^1.16.0",
+    "bcrypt": "^6.0.0",
     "blob-stream": "^0.1.3",
     "body-parser": "^1.20.4",
     "buffer": "^6.0.3",
@@ -77,12 +77,12 @@
     "crypto-js": "^4.2.0",
     "crypto-random-string": "^5.0.0",
     "dotenv": "^16.6.1",
-    "express": "^4.22.1",
+    "express": "^5.2.1",
     "express-useragent": "^1.0.15",
     "firebase-admin": "^13.6.1",
     "fs": "0.0.1-security",
     "generate-password": "^1.7.1", 
-    "helmet": "^7.2.0",
+    "helmet": "^8.1.0",
     "html-pdf": "^3.0.1",
     "html-to-image": "^1.11.13",
     "json2csv": "^5.0.7",
@@ -120,14 +120,17 @@
     "socket.io-client": "^4.8.3",
     "swagger-ui-express": "^5.0.1",
     "typeorm": "^0.3.28",
-    "unzipper": "^0.10.14",
+    "unzipper": "^0.12.3",
     "uuid": "^9.0.1",
-    "validator": "^13.15.26",
+    "validator": "^13.15.35",
     "web-push": "^3.6.7",
-    "winston": "~3.4.0",
+    "winston": "^3.19.0",
     "winston-daily-rotate-file": "^5.0.0",
     "winston-elasticsearch": "0.16.0",
-    "xml-js": "^1.6.11"
+    "xml-js": "^1.6.11",
+    "protobufjs": "^7.5.6",
+    "handlebars": "^4.7.9",
+    "form-data": "^4.0.5"
   },
   "devDependencies": {
     "@nestjs/cli": "catalog:",
@@ -154,7 +157,7 @@
     "lint-staged": "^13.3.0",
     "prettier": "^3.8.1",
     "prisma": "^5.22.0",
-    "supertest": "^6.3.4",
+    "supertest": "^7.2.2",
     "ts-jest": "^29.4.6",
     "ts-loader": "^9.5.4",
     "ts-node": "^10.9.2",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
