playground/docker-claude
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(docker): upgrade npm to remediate 11 HIGH CVEs in bundled dependencies

Browse source 
All findings are in npm's own bundled packages (cross-spawn, glob,
minimatch, tar). Upgrading npm to latest pulls in the patched versions:
- cross-spawn ≥7.0.5 (CVE-2024-21538)
- glob ≥10.5.0 (CVE-2025-64756)
- minimatch ≥9.0.6 (CVE-2026-26996, CVE-2026-27903, CVE-2026-27904)
- tar ≥7.5.11 (CVE-2026-23745, CVE-2026-23950, CVE-2026-24842,
               CVE-2026-26960, CVE-2026-29786, CVE-2026-31802)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
docker-claude 2026-04-20 15:14:58 +02:00
parent 484e0fecb8
commit 19c59a2fb3
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
claude/Dockerfile
View file

@ -1,5 +1,9 @@
FROM node:20-alpine FROM node:20-alpine
# Upgrade npm to pull in patched bundled deps (cross-spawn, glob, minimatch, tar)
# CVEs: CVE-2024-21538, CVE-2025-64756, CVE-2026-26996/27903/27904, CVE-2026-23745/23950/24842/26960/29786/31802
RUN npm install -g npm@latest
# Install runtime dependencies # Install runtime dependencies
RUN apk add --no-cache \ RUN apk add --no-cache \
git \ git \