From 2e18e0707024b70d3cdf445ddb41277c195535b7 Mon Sep 17 00:00:00 2001
From: shortstacked <declan@n8n.io>
Date: Tue, 3 Jun 2025 12:01:19 +0100
Subject: [PATCH] fix: Update NPM to address security vulnerability (#15968)

---
 docker/images/n8n/Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker/images/n8n/Dockerfile b/docker/images/n8n/Dockerfile
index 283bac6f59..49f1dce6f6 100644
--- a/docker/images/n8n/Dockerfile
+++ b/docker/images/n8n/Dockerfile
@@ -65,6 +65,9 @@ RUN \
 	mkdir .n8n && \
 	chown node:node .n8n
 
+# Install npm 11.4.1 to fix the vulnerable cross-spawn dependency
+RUN npm install -g npm@11.4.1
+
 ENV SHELL /bin/sh
 USER node
 ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]