Skip to content

Commit

Permalink
Security Fixes
Browse files Browse the repository at this point in the history 
Removing NPM from the image since it's not necessary and it becomes vulnerable very often. Updating node alpine image, so it will have newer yarn version (not vulnerable).

List of Vulnerabilities getting fixed:
- https://nvd.nist.gov/vuln/detail/CVE-2020-8131
- https://nvd.nist.gov/vuln/detail/CVE-2020-8116
- https://nvd.nist.gov/vuln/detail/CVE-2019-10773
  • Loading branch information
@rafael-ladislau
rafael-ladislau committed Mar 11, 2020
1 parent 7dd81da commit 960a0e5
Show file tree
Hide file tree
Showing 2 changed files with 81 additions and 80 deletions.
5 changes: 3 additions & 2 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:12.13-alpine
FROM node:12.16.1-alpine
# ref: https://hub.docker.com/_/node?tab=tags&name=12

LABEL maintainer="Jupyter Project <[email protected]>"
Expand All @@ -10,7 +10,8 @@ RUN mkdir -p /srv/configurable-http-proxy
COPY . /srv/configurable-http-proxy
WORKDIR /srv/configurable-http-proxy
RUN npm install -g

RUN npm audit fix
RUN npm uninstall -g npm
# Switch from the root user to the nobody user
USER 65534

Expand Down
Loading

0 comments on commit 960a0e5

Please sign in to comment.