Merge pull request #1316 from eclipse-tractusx/chore/xxx-anylsis-libc…

…url-cve

chore(update): xxx - analysis of cve

CHANGELOG.md

@@ -8,6 +8,7 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 _**For better traceability add the corresponding GitHub issue number in each changelog entry, please.**_
 ## [UNRELEASED - DD.MM.YYYY]
 ### Changed
+- #XXX Updated node:alpine 18 to 20 to fix cves
 - #1070 Convert png to svg according to TRG 1.04 - Diagrams as code / Editable static files
 - #XXX updated Swagger-ui documentation
 - #XXX update IRS chart version from 7.3.1 to 7.4.0

Dockerfile

@@ -45,6 +45,8 @@ WORKDIR /app
 
 COPY --chmod=755 --from=maven /build/tx-backend/target/traceability-app-*-exec.jar app.jar
 
+RUN apk info -vv
+
 USER 10000:1000
 
 ENTRYPOINT ["java", "-jar", "app.jar"]

frontend/DOCKER_NOTICE.md

@@ -15,9 +15,9 @@ __Traceability-foss__
 
 **Used base image**
 
-- [node:18-alpine](https://github.com/nodejs/docker-node)
+- [node:22-alpine](https://github.com/nodejs/docker-node)
 - Official Node DockerHub page: https://hub.docker.com/_/node/
-- Dockerfile: https://github.com/nodejs/docker-node/blob/main/18/alpine3.18/Dockerfile
+- Dockerfile: https://github.com/nodejs/docker-node/blob/main/20/alpine3.20/Dockerfile
 
 
 - [nginxinc/nginx-unprivileged:alpine](https://github.com/nginxinc/docker-nginx)

frontend/Dockerfile

@@ -17,7 +17,7 @@
 
 # Nonroot user is not needed beause we are using the "nginx-unprivileged" image
 # STAGE 1: Build
-FROM node:18-alpine AS builder
+FROM node:20-alpine AS builder
 
 # Copy dependencies info
 COPY ./frontend/package.json ./frontend/yarn.lock ./
@@ -75,4 +75,6 @@ USER root
 RUN chown nginx:nginx /etc/nginx/nginx.conf
 RUN chown nginx:nginx /etc/nginx/security-headers.conf
 
+RUN apk info -vv
+
 USER 101