From 632a8999f1cde2b599e978a8cb2b21d378cbf0ed Mon Sep 17 00:00:00 2001
From: jonny <jonnyowenpowell@gmail.com>
Date: Wed, 15 Jan 2025 09:28:29 +0000
Subject: [PATCH] fix: update npm in production images to resolve crossspawn
 vuln

---
 Dockerfile      | 2 ++
 Dockerfile.ubi9 | 1 +
 2 files changed, 3 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 13fa30c8b..5c3bf2cc2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -30,6 +30,8 @@ RUN apk update
 RUN apk upgrade
 RUN apk --no-cache add dumb-init skopeo curl bash python3
 
+RUN npm install -g npm@v10.9.2
+
 RUN addgroup -S -g 10001 snyk
 RUN adduser -S -G snyk -h /srv/app -u 10001 snyk
 
diff --git a/Dockerfile.ubi9 b/Dockerfile.ubi9
index 7bfc8fe12..050fee0b8 100644
--- a/Dockerfile.ubi9
+++ b/Dockerfile.ubi9
@@ -60,6 +60,7 @@ COPY LICENSE /licenses/LICENSE
 ENV NODE_ENV=production
 
 RUN yum upgrade -y
+RUN npm install -g npm@v10.9.2
 
 WORKDIR /srv/app