From 6e92bf4456d7a6e6b72a782a32ca98cf38ea7c27 Mon Sep 17 00:00:00 2001
From: Milton Moura <miltonmoura@gmail.com>
Date: Wed, 18 Dec 2024 09:33:32 -0100
Subject: [PATCH] Fix CVE-2024-21538

Signed-off-by: Milton Moura <miltonmoura@gmail.com>
---
 matrix-meetings-bot/Dockerfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/matrix-meetings-bot/Dockerfile b/matrix-meetings-bot/Dockerfile
index a7ec9b47..753e0d40 100644
--- a/matrix-meetings-bot/Dockerfile
+++ b/matrix-meetings-bot/Dockerfile
@@ -9,6 +9,10 @@ RUN yarn install --production --frozen-lockfile --network-timeout 1000000
 FROM node:20-bookworm-slim
 ENV NODE_ENV=production
 WORKDIR /app
+
+#  update npm to address CVE-2024-21538
+RUN npm install -g npm@10.9.2
+
 RUN set -x\
     && mkdir /app/storage \
     && chown -R 101:0 /app/storage \