fix(security): remediate CVE-2026-42043 — upgrade axios ^1.14.0
- package.json: bump axios constraint from ^1.13.5 to ^1.14.0 - Dockerfile build stage: npm ci -> npm install so the semver range in package.json is honoured at build time (npm ci uses the lockfile exactly, bypassing the updated constraint)
This commit is contained in:
kitos
+1
-1
@@ -25,7 +25,7 @@ FROM node:20-alpine AS build
|
||||
WORKDIR /app
|
||||
|
||||
COPY package*.json ./
|
||||
RUN npm ci
|
||||
RUN npm install
|
||||
|
||||
COPY . .
|
||||
RUN npm run build
|
||||
|
||||
Reference in New Issue
Block a user