tools(cmd-api-server): address CVE: CVE-2022-25881

Primary Changes: Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez · May 27, 2024 · ffd3933 · ffd3933
1 parent 6994e5b
commit ffd3933
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 11 deletions.
diff --git a/packages/cactus-cmd-api-server/Dockerfile b/packages/cactus-cmd-api-server/Dockerfile
@@ -46,21 +46,21 @@ ENV API_PORT=4000
 ENV LOG_LEVEL=INFO
 
 ENV NVM_DIR /home/${APP_USER}/.nvm
-ENV NODE_VERSION 20.9.0
+ENV NODE_VERSION 20.11.1
 ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules
 ENV PATH      $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH
-
+ 
 # Install nvm with node and npm
 RUN mkdir -p ${NVM_DIR}
-RUN curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.5/install.sh | bash \
-  && source $NVM_DIR/nvm.sh \
-  && nvm install $NODE_VERSION \
-  && nvm alias default $NODE_VERSION \
-  && nvm use default \
-  && npm install -g npm@10.2.4
-
-ARG NPM_PKG_VERSION=latest
-RUN npm install @hyperledger/cactus-cmd-api-server@${NPM_PKG_VERSION}
+RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.5/install.sh | bash \
+    && source $NVM_DIR/nvm.sh \
+    && nvm alias default $NODE_VERSION \
+    && nvm use default \
+    nvm install ${NODE_VERSION} && \
+    npm install --location=global yarn && \
+    yarn config set nodeLinker node-modules && \
+    yarn set version 4.1.0 && \
+    yarn add @hyperledger/cactus-cmd-api-server@2.0.0-alpha.2
 
 COPY ./packages/cactus-cmd-api-server/docker-entrypoint.sh /usr/local/bin/
 HEALTHCHECK --interval=5s --timeout=5s --start-period=1s --retries=30 CMD /healthcheck.sh

diff --git a/packages/cactus-cmd-api-server/package.json b/packages/cactus-cmd-api-server/package.json
@@ -114,6 +114,7 @@
     "@types/express": "4.17.21",
     "@types/express-http-proxy": "1.6.2",
     "@types/google-protobuf": "3.15.5",
+    "@types/http-cache-semantics": "4.0.4",
     "@types/json-stable-stringify": "1.0.34",
     "@types/jsonwebtoken": "8.5.4",
     "@types/multer": "1.4.7",
@@ -129,6 +130,7 @@
     "google-protobuf": "3.18.0-rc.2",
     "grpc-tools": "1.12.4",
     "grpc_tools_node_protoc_ts": "5.3.3",
+    "http-cache-semantics": "4.1.1",
     "http-status-codes": "2.1.4",
     "protobufjs": "7.2.5",
     "tsx": "4.7.0"

diff --git a/yarn.lock b/yarn.lock
@@ -7641,6 +7641,7 @@ __metadata:
     "@types/express": "npm:4.17.21"
     "@types/express-http-proxy": "npm:1.6.2"
     "@types/google-protobuf": "npm:3.15.5"
+    "@types/http-cache-semantics": "npm:4.0.4"
     "@types/json-stable-stringify": "npm:1.0.34"
     "@types/jsonwebtoken": "npm:8.5.4"
     "@types/multer": "npm:1.4.7"
@@ -7671,6 +7672,7 @@ __metadata:
     google-protobuf: "npm:3.18.0-rc.2"
     grpc-tools: "npm:1.12.4"
     grpc_tools_node_protoc_ts: "npm:5.3.3"
+    http-cache-semantics: "npm:4.1.1"
     http-status-codes: "npm:2.1.4"
     jose: "npm:4.15.5"
     json-stable-stringify: "npm:1.0.2"
@@ -14907,6 +14909,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/http-cache-semantics@npm:4.0.4":
+  version: 4.0.4
+  resolution: "@types/http-cache-semantics@npm:4.0.4"
+  checksum: 10/a59566cff646025a5de396d6b3f44a39ab6a74f2ed8150692e0f31cc52f3661a68b04afe3166ebe0d566bd3259cb18522f46e949576d5204781cd6452b7fe0c5
+  languageName: node
+  linkType: hard
+
 "@types/http-cache-semantics@npm:^4.0.1":
   version: 4.0.1
   resolution: "@types/http-cache-semantics@npm:4.0.1"