From 81c93e32ed8dc53a1cc6aba9bc49debbef4a6b3d Mon Sep 17 00:00:00 2001
From: David-YuWei <ywwei85@gmail.com>
Date: Wed, 11 Mar 2026 14:06:45 -0400
Subject: [PATCH 1/2] Fix CVE-2026-31802 high level CVE issue

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1f9a96d..c5d3a93 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,11 +6,11 @@ ENV NODE_ENV production
 # Upgrade npm to latest version to address CVE-2026-0775 (npm 11.8.0 vulnerability)
 RUN npm install -g npm@latest
 
-# Update tar to 7.5.8 to fix CVE in npm's bundled tar (7.5.4)
+# Update tar to 7.5.11 to fix CVE in npm's bundled tar (7.5.4)
 RUN mkdir -p /tmp/tar-update && \
     cd /tmp/tar-update && \
     npm init -y && \
-    npm install tar@7.5.8 --legacy-peer-deps && \
+    npm install tar@7.5.11 --legacy-peer-deps && \
     rm -rf /usr/local/lib/node_modules/npm/node_modules/tar && \
     cp -r node_modules/tar /usr/local/lib/node_modules/npm/node_modules/ && \
     rm -rf /tmp/tar-update

From f3e2024f094175f79980fd33481594145df79d67 Mon Sep 17 00:00:00 2001
From: David-YuWei <ywwei85@gmail.com>
Date: Wed, 11 Mar 2026 14:19:15 -0400
Subject: [PATCH 2/2] Fix minimatch CVEs

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index c5d3a93..7cb0a16 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,7 +28,7 @@ RUN mkdir -p /tmp/brace-expansion-update && \
 RUN mkdir -p /tmp/minimatch-update && \
     cd /tmp/minimatch-update && \
     npm init -y && \
-    npm install minimatch@10.2.1 --legacy-peer-deps && \
+    npm install minimatch@10.2.3 --legacy-peer-deps && \
     rm -rf /usr/local/lib/node_modules/npm/node_modules/minimatch && \
     cp -r node_modules/minimatch /usr/local/lib/node_modules/npm/node_modules/ && \
     rm -rf /usr/local/lib/node_modules/npm/node_modules/brace-expansion && \