Update Node.js Version in Docker Base Image to v17+ #373
Comments
|
@ACMoretxj Any action items on this? |
|
Thank you @bjeromeHCS for your investigation about this. As you said, the latest version of Node still fails to solve all the alerts, moreover, we currently are working on other higher priority items. P.S. Sorry for late reply. |
|
@ACMoretxj can this issue be closed with appropriate label? thank you |
There's always going to be alerts at some degree, but upgrading to the latest version is still worth it from a security standpoint. @irenepjoseph @ACMoretxj Is this going to be re-prioritized? |
Snyk is reporting 3 High vulnerabilities (no known exploits) with the base image
node:14-slimand suggests updating tonode:17.8-bullseye-slimto cut back on most reported flaws.While it doesn't resolve all the vulnerabilities, updating to node 17 would remediate the most. I have tried to swap the version on a forked version but it doesn't work as intended. I'm hoping someone here could update and cut a new release that I could then reference :)
Here's more info on the 3 Highs:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
Introduced through:
node@14-slim › zlib/zlib1g@1:1.2.8.dfsg-5https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12886
Introduced through:
node@14-slim › gcc-6/libstdc++6@6.3.0-18+deb9u1Fix: No remediation path available.
Introduced through:
node@14-slim › gcc-6/libgcc1@1:6.3.0-18+deb9u1Fix: No remediation path available.
Introduced through:
node@14-slim › gcc-6/gcc-6-base@6.3.0-18+deb9u1Fix: No remediation path available.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712
ntroduced through:
node@14-slim › systemd/libudev1@232-25+deb9u13Fix: No remediation path available.
Introduced through:
node@14-slim › systemd/libsystemd0@232-25+deb9u13Fix: No remediation path available.
The text was updated successfully, but these errors were encountered: