Merge pull request #196 from kaleido-io/docker-trivy-install-fix

EnriqueL8 · web-flow · commit 7254eb87630e · 2026-03-09T14:26:40.000Z
bump dependencies for cve fixes and fix docker file trivy install
diff --git a/Dockerfile b/Dockerfile
@@ -22,7 +22,7 @@ FROM alpine:3.19 AS sbom
 WORKDIR /
 ADD . /SBOM
 RUN apk add --no-cache curl 
-RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin latest
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 RUN trivy fs --format spdx-json --output /sbom.spdx.json /SBOM
 RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --exit-code 1
 
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -86,7 +86,7 @@
   },
   "overrides": {
     "ws": ">=8.17.1",
-    "multer": "2.0.2",
+    "multer": "2.1.1",
     "form-data": "4.0.4"
   }
 }
