Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Update Dockerfile to node:18 #2515

Merged
merged 1 commit into from
Apr 26, 2024
Merged

chore: Update Dockerfile to node:18 #2515

merged 1 commit into from
Apr 26, 2024

Conversation

landrito
Copy link
Contributor

Addresses #2514

Summary

Upgrades base image in Dockerfile to node:18.20.1 to resolve vulnerabilities flagged on the docker image.

Checklist

  • The basics
    • I tested these changes manually in my local or dev environment
  • Tests
    • Added or updated
    • N/A
  • Event Tracking
    • I added event tracking and followed the event tracking guidelines
    • N/A
  • Error Reporting
    • I reported errors and followed the error reporting guidelines
    • N/A

Screenshots

N/A

Additional context

N/A

@landrito landrito requested a review from a team as a code owner April 19, 2024 23:41
@landrito landrito requested review from kaylachun and removed request for a team April 19, 2024 23:41
@landrito landrito changed the title Update Dockerfile to node:18 chore: Update Dockerfile to node:18 Apr 19, 2024
@landrito
Copy link
Contributor Author

@kaylachun Friendly ping on this CL. Thanks!

daniel-white
daniel-white reviewed Apr 26, 2024
View reviewed changes
Dockerfile
@@ -1,4 +1,4 @@
FROM node:16 as compiler
FROM node:18.20.1 as compiler
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i dont think we want to be this specific - node:18 should be sufficent

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@daniel-white, according to https://www.cve.org/CVERecord?id=CVE-2024-27983 version 18.20.0 is affected. That is why @landrito used the higher version if I'm not mistaken.

@rainum rainum self-requested a review April 26, 2024 16:15
@rainum rainum enabled auto-merge (squash) April 26, 2024 16:17
@rainum rainum merged commit 4c866f9 into stoplightio:master Apr 26, 2024
7 of 8 checks passed
@landrito
Copy link
Contributor Author

landrito commented Apr 26, 2024
edited
Loading

Hi @kaylachun,

Our team is attempting to release a feature that is dependent on the Prism Docker image in Docker Hub. However, we were unable to obtain approval from our security team due to the unresolved vulnerabilities on the docker image. With this merge, we're hoping that you'll be cutting a new version and releasing it to docker hub soon. Do you have an ETA?

Thank you for your help!

@rainum rainum mentioned this pull request Apr 29, 2024
Merged
7 tasks
@rainum
Copy link
Contributor

rainum commented Apr 29, 2024

@landrito, the new version was released a minute ago: https://github.com/stoplightio/prism/releases/tag/v5.8.0 Let us know if it fixes your issue. Thank you for your contribution!

@landrito
Copy link
Contributor Author

Thanks!!

@pieterocp pieterocp mentioned this pull request May 28, 2024
Merged
5 tasks
ilanashapiro pushed a commit to ilanashapiro/prism that referenced this pull request Aug 22, 2024
@landrito @ilanashapiro
chore: Update Dockerfile to node:18 (stoplightio#2515)
ee0d051
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniel-white daniel-white daniel-white left review comments

@kaylachun kaylachun kaylachun approved these changes

@rainum rainum Awaiting requested review from rainum

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@landrito @rainum @daniel-white @kaylachun