cross-spawn 7.0.3 issue #2164
Comments
|
That is likely a dependency of NPM, and we do not update the image with a version of NPM except for the one shipped by Node.js. You can see if it is addressed upstream and if it will be in an upcoming Node.js release |
|
For other travellers npm/cli#7902 |
|
NPM has released the new version to fix this. so, do we have any plan to rebuild and release our base image to include this fix. |
|
For scanned images where npm is needed, I can update to a version of npm where this is fixed in my Dockerfile at references a published docker-node image: FROM node:18-alpine
RUN npm install -g npm@10.9.1For scanned images where npm is not needed (i.e. not part of a build process), I would just remove npm (and yarn): FROM node:18-alpine
RUN npm uninstall npm -g \
&& rm -rf /opt/yarn-v$YARN_VERSION/ \
&& rm /usr/local/bin/yarn \
&& rm /usr/local/bin/yarnpkg \ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Environment
Expected Behavior
High Vulnerability due to cross-spawn@7.0.3
Current Behavior
T
Possible Solution
update cross-spawn to version 7.0.5
update cross-spawn to version 7.0.5
Steps to Reproduce
Additional Information
The text was updated successfully, but these errors were encountered: