Skip to content

Commit f212ee7

Browse files
RafaelGuevaraCARafaelGuevaraCA
committed
CVE-2024-21538 fix cross-spawn vulnerability7
1 parent 99617c4 commit f212ee7

File tree

1 file changed

+4
-5
lines changed

1 file changed

+4
-5
lines changed

Dockerfile

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -27,11 +27,10 @@ RUN $APT_UPDATE && $APT_INSTALL \
2727
unzip software-properties-common apt-transport-https \
2828
openjdk-11-jdk xvfb siege apache2-utils git make nodejs locales tsung libtool libssl-dev libyaml-dev libxml2-dev libxslt-dev
2929

30-
# Verify Node.js and npm installation
31-
RUN node -v && npm -v || ($APT_UPDATE && $APT_INSTALL npm)
32-
33-
# Install cross-spawn@7.0.5 to fix the CVE-2024-21538 issue
34-
RUN npm uninstall -g cross-spawn && npm install -g cross-spawn@7.0.5
30+
# force npm to use cross-spawn@7.0.5
31+
RUN npm_root=$(npm root -g) \
32+
&& cd "$npm_root/npm" \
33+
&& npm install cross-spawn@7.0.5 --no-save
3534

3635
# Install .NET sdk
3736
# check this page for the links and hash

0 commit comments

Comments
 (0)