chore: remove unnecessary cross-spawn from npm

Resolves CVE-2024-21538.
googleapis · Nov 21, 2024 · 80ff0be · 80ff0be
1 parent 356f0af
commit 80ff0be
Show file tree

Hide file tree

Showing 21 changed files with 63 additions and 0 deletions.
diff --git a/packages/auto-approve/Dockerfile b/packages/auto-approve/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/auto-label/Dockerfile b/packages/auto-label/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/blunderbuss/Dockerfile b/packages/blunderbuss/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/canary-bot/Dockerfile b/packages/canary-bot/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/cherry-pick-bot/Dockerfile b/packages/cherry-pick-bot/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/conventional-commit-lint/Dockerfile b/packages/conventional-commit-lint/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/do-not-merge/Dockerfile b/packages/do-not-merge/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/failurechecker/Dockerfile b/packages/failurechecker/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/flakybot/Dockerfile b/packages/flakybot/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/generate-bot/templates/Dockerfile b/packages/generate-bot/templates/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/generated-files-bot/Dockerfile b/packages/generated-files-bot/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/header-checker-lint/Dockerfile b/packages/header-checker-lint/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/label-sync/Dockerfile b/packages/label-sync/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/loadtest-bot/Dockerfile b/packages/loadtest-bot/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/merge-on-green/Dockerfile b/packages/merge-on-green/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/owlbot-bootstrapper/common-container/Dockerfile b/packages/owlbot-bootstrapper/common-container/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/cli
 

diff --git a/packages/release-please/Dockerfile b/packages/release-please/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/repo-metadata-lint/Dockerfile b/packages/repo-metadata-lint/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/snippet-bot/Dockerfile b/packages/snippet-bot/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/sync-repo-settings/Dockerfile b/packages/sync-repo-settings/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app
 

diff --git a/packages/trusted-contribution/Dockerfile b/packages/trusted-contribution/Dockerfile
@@ -36,6 +36,9 @@ RUN npm run compile
 
 FROM node:18.20.5-slim
 
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
+
 # Create and change to the app directory.
 WORKDIR /usr/src/app