From d318edfa0712e8d333928ec782af565427119ff5 Mon Sep 17 00:00:00 2001
From: JoeWang1127 <joewa@google.com>
Date: Thu, 21 Nov 2024 22:48:01 +0000
Subject: [PATCH] only remove cross-spawn

---
 .cloudbuild/library_generation/library_generation.Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.cloudbuild/library_generation/library_generation.Dockerfile b/.cloudbuild/library_generation/library_generation.Dockerfile
index c090bb9990..722e90f0e6 100644
--- a/.cloudbuild/library_generation/library_generation.Dockerfile
+++ b/.cloudbuild/library_generation/library_generation.Dockerfile
@@ -62,8 +62,8 @@ ENV OS_ARCHITECTURE="linux-x86_64"
 # install OS tools
 RUN apk update && apk add unzip curl rsync openjdk11 jq bash nodejs npm git
 
-# Remove unnecessary npm modules
-RUN rm -rf /usr/lib/node_modules/npm/node_modules
+# Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
+RUN rm -rf /usr/lib/node_modules/npm/node_modules/cross-spawn/
 
 SHELL [ "/bin/bash", "-c" ]