From e492e95a7fa94c92c0526f2d3d646ab32c6d4013 Mon Sep 17 00:00:00 2001 From: Makar Dzhehur Date: Tue, 19 May 2026 23:25:28 +0300 Subject: [PATCH] fix(security): bump docker node base images to 24-alpine for CVE-2026-33671 (picomatch) --- apps/api/Dockerfile | 4 ++-- apps/bot/Dockerfile | 4 ++-- apps/web/Dockerfile | 4 ++-- scripts/Dockerfile.runner | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/apps/api/Dockerfile b/apps/api/Dockerfile index 6f7ba2f..d942a41 100644 --- a/apps/api/Dockerfile +++ b/apps/api/Dockerfile @@ -1,4 +1,4 @@ -FROM node:22-alpine AS base +FROM node:24-alpine AS base WORKDIR /app COPY package.json /tmp/package.json RUN corepack enable && \ @@ -34,7 +34,7 @@ COPY --from=builder /app ./ RUN pnpm --filter fintrack-api deploy --prod /deploy # ── runner ──────────────────────────────────────────────────────────────────── -FROM node:22-alpine AS runner +FROM node:24-alpine AS runner WORKDIR /app ENV NODE_ENV=production diff --git a/apps/bot/Dockerfile b/apps/bot/Dockerfile index 259410a..f5597fd 100644 --- a/apps/bot/Dockerfile +++ b/apps/bot/Dockerfile @@ -1,4 +1,4 @@ -FROM node:22-alpine AS base +FROM node:24-alpine AS base WORKDIR /app COPY package.json /tmp/package.json RUN corepack enable && \ @@ -31,7 +31,7 @@ COPY --from=builder /app ./ RUN pnpm --filter fintrack-bot deploy --prod /deploy # ── runner ──────────────────────────────────────────────────────────────────── -FROM node:22-alpine AS runner +FROM node:24-alpine AS runner WORKDIR /app ENV NODE_ENV=production diff --git a/apps/web/Dockerfile b/apps/web/Dockerfile index 45c5862..f1a774a 100644 --- a/apps/web/Dockerfile +++ b/apps/web/Dockerfile @@ -1,4 +1,4 @@ -FROM node:22-alpine AS base +FROM node:24-alpine AS base WORKDIR /app COPY package.json /tmp/package.json RUN corepack enable && \ @@ -31,7 +31,7 @@ RUN pnpm --filter @fintrack/types build RUN pnpm --filter fintrack-web build # ── runner ──────────────────────────────────────────────────────────────────── -FROM node:22-alpine AS runner +FROM node:24-alpine AS runner WORKDIR /app ENV NODE_ENV=production ENV NEXT_TELEMETRY_DISABLED=1 diff --git a/scripts/Dockerfile.runner b/scripts/Dockerfile.runner index 1307bda..a40b136 100644 --- a/scripts/Dockerfile.runner +++ b/scripts/Dockerfile.runner @@ -1,4 +1,4 @@ -FROM node:22-alpine +FROM node:24-alpine COPY package.json /tmp/package.json RUN corepack enable && \ PNPM_VERSION=$(node -e "process.stdout.write(require('/tmp/package.json').packageManager.split('@')[1])") && \