From 5e2c283604ef58e772d592d208224565706f5edc Mon Sep 17 00:00:00 2001 From: Yuneng Jiang Date: Thu, 7 May 2026 17:25:10 -0700 Subject: [PATCH] fix(docker): restore npm@11.14.0 lost in merge resolution Merge of cve-sweep-2026-05 into litellm_yj_may7 picked the older npm@11.12.1 line, regressing the bump in f08b1b63fa that cleared ip-address GHSA-v2v4-37r5-5v8g (npm@11.12.1 bundles ip-address@10.1.0; 11.14.0 bundles 10.1.1). --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a41d2fd379..9ad9ab31b6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -69,7 +69,7 @@ FROM $LITELLM_RUNTIME_IMAGE AS runtime USER root RUN apk add --no-cache bash openssl tzdata nodejs npm python3 libsndfile && \ - npm install -g npm@11.12.1 tar@7.5.11 glob@13.0.6 @isaacs/brace-expansion@5.0.1 brace-expansion@5.0.5 minimatch@10.2.4 diff@8.0.3 picomatch@4.0.4 && \ + npm install -g npm@11.14.0 tar@7.5.11 glob@13.0.6 @isaacs/brace-expansion@5.0.1 brace-expansion@5.0.5 minimatch@10.2.4 diff@8.0.3 picomatch@4.0.4 && \ GLOBAL="$(npm root -g)" && \ for pkg in tar glob @isaacs/brace-expansion brace-expansion minimatch diff picomatch; do \ name="${pkg##*/}"; \