Merge pull request #151 from CBIIT/1.5.8

RuoxiZhang08 · web-flow · commit e7459c0099fc · 2026-04-23T15:35:42.000-04:00
1.5.8
diff --git a/Dockerfile b/Dockerfile
@@ -1,16 +1,16 @@
-FROM node:25.6.1-slim
+FROM node:25.8.2-slim
 
 ENV PORT 8080
 ENV NODE_ENV production
 
 # Upgrade npm to latest version to address CVE-2026-0775 (npm 11.8.0 vulnerability)
 RUN npm install -g npm@latest
 
-# Update tar to 7.5.8 to fix CVE in npm's bundled tar (7.5.4)
+# Update tar to 7.5.11 to fix CVE in npm's bundled tar (7.5.4)
 RUN mkdir -p /tmp/tar-update && \
     cd /tmp/tar-update && \
     npm init -y && \
-    npm install tar@7.5.8 --legacy-peer-deps && \
+    npm install tar@7.5.11 --legacy-peer-deps && \
     rm -rf /usr/local/lib/node_modules/npm/node_modules/tar && \
     cp -r node_modules/tar /usr/local/lib/node_modules/npm/node_modules/ && \
     rm -rf /tmp/tar-update
@@ -28,7 +28,7 @@ RUN mkdir -p /tmp/brace-expansion-update && \
 RUN mkdir -p /tmp/minimatch-update && \
     cd /tmp/minimatch-update && \
     npm init -y && \
-    npm install minimatch@10.2.1 --legacy-peer-deps && \
+    npm install minimatch@10.2.3 --legacy-peer-deps && \
     rm -rf /usr/local/lib/node_modules/npm/node_modules/minimatch && \
     cp -r node_modules/minimatch /usr/local/lib/node_modules/npm/node_modules/ && \
     rm -rf /usr/local/lib/node_modules/npm/node_modules/brace-expansion && \
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -20,14 +20,15 @@
     "express": "^4.21.2",
     "helmet": "^5.0.2",
     "json2csv": "^5.0.6",
-    "lodash": "^4.17.21",
+    "lodash": "^4.18.0",
     "mysql": "^2.18.1",
     "node-cache": "^5.1.2",
     "winston": "^3.8.2"
   },
   "overrides": {
     "glob": "^11.1.0",
-    "minimatch": "^3.1.2"
+    "minimatch": "^3.1.2",
+    "path-to-regexp": "0.1.13"
   },
   "devDependencies": {
     "@vitest/coverage-v8": "^4.0.15",
