Skip to content

Commit 1c444dd

Browse files
RafaelGuevaraCARafaelGuevaraCA
committed
CVE-2024-21538 fix cross-spawn vulnerability8
1 parent f212ee7 commit 1c444dd

File tree

1 file changed

+6
-2
lines changed

1 file changed

+6
-2
lines changed

Dockerfile

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,12 @@ RUN $APT_UPDATE && $APT_INSTALL \
2929

3030
# force npm to use cross-spawn@7.0.5
3131
RUN npm_root=$(npm root -g) \
32-
&& cd "$npm_root/npm" \
33-
&& npm install cross-spawn@7.0.5 --no-save
32+
&& npm pack cross-spawn@7.0.5 -q \
33+
&& mkdir -p "$npm_root/npm/node_modules/cross-spawn" \
34+
&& tar -xzf cross-spawn-7.0.5.tgz \
35+
--strip-components=1 \
36+
-C "$npm_root/npm/node_modules/cross-spawn" \
37+
&& rm cross-spawn-7.0.5.tgz
3438

3539
# Install .NET sdk
3640
# check this page for the links and hash

0 commit comments

Comments
 (0)