forked from hyperledger-cacti/cacti
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(connector-besu): address CVEs: CVE-2022-21190,
CVE-2023-36665, CVE-2022-2421 Primary Changes ---------------- 1. Updated the version of the base image that is used in the Dockerfile 2. Updated the Dockerfile to use the yarn version 3 3. Updated the README to the new command to run the container Fixes hyperledger-cacti#2745 Signed-off-by: aldousalvarez <[email protected]>
- Loading branch information
1 parent
0804bab
commit 0f3e50b
Showing
2 changed files
with
10 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,9 @@ | ||
FROM ghcr.io/hyperledger/cactus-cmd-api-server:2022-08-05-7309f2a | ||
RUN npm install -g [email protected] | ||
RUN npm install -g yarn \ | ||
&& yarn set version 3.6.3 \ | ||
&& yarn config set nodeLinker node-modules | ||
|
||
ENV NODE_ENV=production | ||
ARG NPM_PKG_VERSION=latest | ||
|
||
RUN yarn add @hyperledger/cactus-plugin-ledger-connector-besu@${NPM_PKG_VERSION} --production --ignore-engines | ||
RUN yarn add @hyperledger/cactus-plugin-ledger-connector-besu@${NPM_PKG_VERSION} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters