[server, bridge] Switch base-images to node:18.20.7-alpine to avoid CVEs (#20692)

geropl · web-flow · commit 4083e6f2523f · 2025-03-21T07:16:50.000-04:00
Tool: gitpod/catfood.gitpod.cloud
diff --git a/components/server/leeway.Dockerfile b/components/server/leeway.Dockerfile
@@ -2,20 +2,19 @@
 # Licensed under the GNU Affero General Public License (AGPL).
 # See License.AGPL.txt in the project root for license information.
 
-FROM node:18.17.1-slim AS builder
+FROM node:18.20.7-alpine AS builder
 
 # Install Python, make, gcc and g++ for node-gyp
-RUN apt-get update && \
-    apt-get install -y python3 make gcc g++ && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
+RUN apk update && \
+    apk add python3 make gcc g++ bash && \
+    rm -rf /var/cache/apk/*
 
 COPY components-server--app /installer/
 
 WORKDIR /app
 RUN /installer/install.sh
 
-FROM cgr.dev/chainguard/node:18.17.1@sha256:af073516c203b6bd0b55a77a806a0950b486f2e9ea7387a32b0f41ea72f20886
+FROM node:18.20.7-alpine
 ENV NODE_OPTIONS="--unhandled-rejections=warn --max_old_space_size=2048"
 
 EXPOSE 3000
diff --git a/components/ws-manager-bridge/leeway.Dockerfile b/components/ws-manager-bridge/leeway.Dockerfile
@@ -2,13 +2,19 @@
 # Licensed under the GNU Affero General Public License (AGPL).
 # See License.AGPL.txt in the project root for license information.
 
-FROM node:18.17.1-slim as builder
+FROM node:18.20.7-alpine AS builder
+
+# Install bash for the installer script
+RUN apk update && \
+    apk add bash && \
+    rm -rf /var/cache/apk/*
+
 COPY components-ws-manager-bridge--app /installer/
 
 WORKDIR /app
 RUN /installer/install.sh
 
-FROM cgr.dev/chainguard/node:18.17.1@sha256:af073516c203b6bd0b55a77a806a0950b486f2e9ea7387a32b0f41ea72f20886
+FROM node:18.20.7-alpine
 ENV NODE_OPTIONS=--unhandled-rejections=warn
 EXPOSE 3000
 COPY --from=builder --chown=node:node /app /app/
