From eda82bd2f898c0082986ac289681282aa07cf19e Mon Sep 17 00:00:00 2001
From: Christian Dupuis <cd@atomist.com>
Date: Fri, 16 Jun 2023 18:44:56 +0200
Subject: [PATCH] Fix CVE-2022-24999

---
 Dockerfile   | 5 +++--
 package.json | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e5ffe80..a541c3a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.14@sha256:eb3e4e175ba6d212ba1d6e04fc0782916c08e1c9d7b45892e9796141b1d379ae
+FROM alpine:3.18
 
 RUN apk add --no-cache \
   nodejs
@@ -10,7 +10,8 @@ COPY package.json ./
 RUN  apk add --no-cache \
  npm \
  && npm i --no-optional \
- && npm cache clean --force
+ && npm cache clean --force \
+ && apk del npm
  
 COPY .env.example /app/.env.example
 COPY . /app
diff --git a/package.json b/package.json
index 964ff07..c131b60 100644
--- a/package.json
+++ b/package.json
@@ -17,7 +17,7 @@
     "lint": "eslint \"**/*.js\""
   },
   "dependencies": {
-    "express": "4.17.1",
+    "express": "4.17.3",
     "express-handlebars": "5.3.1",
     "cross-env": "7.0.3",
     "reveal.js": "4.3.0"