fix(security): address CVE-2022-29244, CVE-2021-39135

aldousalvarez · petermetz · commit 7309f2a8dc07 · 2022-08-04T20:02:34.000-07:00
Fixes #2136 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
diff --git a/examples/carbon-accounting/Dockerfile b/examples/carbon-accounting/Dockerfile
@@ -35,7 +35,7 @@ SHELL ["/bin/bash", "--login", "-i", "-c"]
 # Installing Node Version Manager (nvm)
 RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
 RUN source ~/.bashrc && \
-    nvm install 16.8.0 && \
+    nvm install 16.15.1 && \
     npm install -g yarn && \
     yarn add @hyperledger/cactus-example-carbon-accounting-backend@0.9.1-ci-942.cbb849c6.35 --ignore-engines --production
 
diff --git a/examples/supply-chain-app/Dockerfile b/examples/supply-chain-app/Dockerfile
@@ -36,7 +36,7 @@ SHELL ["/bin/bash", "--login", "-i", "-c"]
 RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
 ARG NPM_PKG_VERSION=latest
 RUN source ~/.bashrc && \
-    nvm install 16.8.0 && \
+    nvm install 16.15.1 && \
     npm install -g yarn && \
     yarn add @hyperledger/cactus-example-supply-chain-backend@${NPM_PKG_VERSION} --ignore-engines --production
 
diff --git a/packages/cactus-cmd-api-server/Dockerfile b/packages/cactus-cmd-api-server/Dockerfile
@@ -50,7 +50,7 @@ ENV API_PORT=4000
 ENV LOG_LEVEL=INFO
 
 ENV NVM_DIR /home/${APP_USER}/.nvm
-ENV NODE_VERSION 16.3.0
+ENV NODE_VERSION 16.15.1
 ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules
 ENV PATH      $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH
 
@@ -61,7 +61,7 @@ RUN curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
   && nvm install $NODE_VERSION \
   && nvm alias default $NODE_VERSION \
   && nvm use default \
-  && npm install -g npm@7.19.1
+  && npm install -g npm@8.11.0
 
 RUN npm install -g yarn@1.22.17
 RUN yarn add @hyperledger/cactus-cmd-api-server@${NPM_PKG_VERSION} --production
