Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update base image and npm express #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update base image and npm express #2

wants to merge 1 commit into from

Conversation

cdupuis
Copy link
Collaborator

@cdupuis cdupuis commented Jun 29, 2023
edited
Loading

Update

  • alpine to 3.18
  • npm/express to 4.17.3

@github-actions
Copy link

github-actions bot commented Jun 29, 2023
edited
Loading

Overview

Image reference docker/scout-demo-service:main docker/scout-demo-service:pr-2
- digest 2de633045142 f4849d26ce4b
- stream prod
- provenance 32c9436 dc6ced1
- vulnerabilities critical: 2 high: 18 medium: 7 low: 0 unspecified: 1 critical: 0 high: 0 medium: 0 low: 0
- platform linux/arm64 linux/arm64
- size 19 MB 25 MB (+6.2 MB)
- packages 79 82 (+3)
Base Image alpine:3
also known as:
latest		 alpine:3
also known as:
3.18
3.18.2
latest
- vulnerabilities critical: 2 high: 16 medium: 7 low: 0 unspecified: 1 critical: 0 high: 0 medium: 0 low: 0
Labels (4 changes)
  • ± 4 changed
  • 5 unchanged
 com.docker.image.source.entrypoint=Dockerfile
-org.opencontainers.image.created=2023-06-21T11:50:05.642Z
+org.opencontainers.image.created=2023-07-11T14:34:56.010Z
-org.opencontainers.image.description=Docker Scout demo service
+org.opencontainers.image.description=
 org.opencontainers.image.licenses=
-org.opencontainers.image.revision=32c9436588632f96e19b716b6638e812dc70056b
+org.opencontainers.image.revision=dc6ced1056291dabab78ababdbf52bdcd31b5d3b
 org.opencontainers.image.source=https://github.com/docker/scout-demo-service
 org.opencontainers.image.title=scout-demo-service
 org.opencontainers.image.url=https://github.com/docker/scout-demo-service
-org.opencontainers.image.version=main
+org.opencontainers.image.version=pr-2
Packages and Vulnerabilities (48 package changes and 20 vulnerability changes)
  • ➕ 7 packages added
  • ➖ 3 packages removed
  • ♾️ 38 packages changed
  • 36 packages unchanged
  • ✔️ 20 vulnerabilities removed
Changes for packages of type apk (33 changes)
Package Version
docker/scout-demo-service:main		 Version
docker/scout-demo-service:pr-2
♾️ alpine-baselayout 3.2.0-r16 3.4.3-r1
alpine-baselayout-data 3.4.3-r1
♾️ alpine-keys 2.3-r1 2.4-r1
♾️ apk-tools 2.12.7-r0 2.14.0-r2
♾️ brotli 1.0.9-r5 1.0.9-r14
♾️ brotli-libs 1.0.9-r5 1.0.9-r14
♾️ busybox 1.33.1-r3 1.36.1-r0
critical: 0 high: 10 medium: 0 low: 0
Removed vulnerabilities (10):
  • high : CVE--2022--28391
  • high : CVE--2021--42386
  • high : CVE--2021--42385
  • high : CVE--2021--42384
  • high : CVE--2021--42383
  • high : CVE--2021--42382
  • high : CVE--2021--42381
  • high : CVE--2021--42380
  • high : CVE--2021--42379
  • high : CVE--2021--42378
busybox-binsh 1.36.1-r0
♾️ c-ares 1.17.2-r0 1.19.1-r0
♾️ ca-certificates-bundle 20191127-r5 20230506-r0
♾️ gcc 10.3.1_git20210424-r2 12.2.1_git20220924-r10
icu 73.2-r1
icu-data-en 73.2-r1
icu-libs 73.2-r1
♾️ libc-dev 0.7.2-r3 0.7.2-r5
♾️ libc-utils 0.7.2-r3 0.7.2-r5
libcrypto1.1 1.1.1k-r0
libcrypto3 3.1.1-r1
♾️ libgcc 10.3.1_git20210424-r2 12.2.1_git20220924-r10
libretls 3.3.3p1-r2
critical: 0 high: 1 medium: 0 low: 0
Removed vulnerabilities (1):
  • high : CVE--2022--0778
libssl1.1 1.1.1k-r0
libssl3 3.1.1-r1
♾️ libstdc++ 10.3.1_git20210424-r2 12.2.1_git20220924-r10
♾️ musl 1.2.2-r3 1.2.4-r0
♾️ musl-utils 1.2.2-r3 1.2.4-r0
♾️ nghttp2 1.43.0-r0 1.53.0-r0
♾️ nghttp2-libs 1.43.0-r0 1.53.0-r0
♾️ nodejs 14.21.3-r0 18.16.1-r0
♾️ openssl 1.1.1k-r0 3.1.1-r1
critical: 1 high: 4 medium: 0 low: 0
Removed vulnerabilities (5):
  • critical : CVE--2021--3711
  • high : CVE--2023--0464
  • high : CVE--2022--0778
  • high : CVE--2023--0286
  • high : CVE--2021--3712
♾️ pax-utils 1.3.2-r0 1.3.7-r1
♾️ scanelf 1.3.2-r0 1.3.7-r1
♾️ ssl_client 1.33.1-r3 1.36.1-r0
♾️ zlib 1.2.11-r3 1.2.13-r1
critical: 1 high: 1 medium: 0 low: 0
Removed vulnerabilities (2):
  • critical : CVE--2022--37434
  • high : CVE--2018--25032
Changes for packages of type npm (15 changes)
Package Version
docker/scout-demo-service:main		 Version
docker/scout-demo-service:pr-2
♾️ body-parser 1.19.0 1.19.2
♾️ bytes 3.1.0 3.1.2
♾️ content-disposition 0.5.3 0.5.4
♾️ cookie 0.4.0 0.4.2
♾️ express 4.17.1 4.17.3
critical: 0 high: 1 medium: 0 low: 0
Removed vulnerabilities (1):
  • high : CVE--2022--24999
♾️ http-errors 1.7.2 1.8.1
♾️ inherits 2.0.3 2.0.4
♾️ ms 2.1.1 2.1.3
♾️ qs 6.7.0 6.9.7
critical: 0 high: 1 medium: 0 low: 0
Removed vulnerabilities (1):
  • high : CVE--2022--24999
♾️ raw-body 2.4.0 2.4.3
♾️ safe-buffer 5.1.2 5.2.1
♾️ send 0.17.1 0.17.2
♾️ serve-static 1.14.1 1.14.2
♾️ setprototypeof 1.1.1 1.2.0
♾️ toidentifier 1.0.0 1.0.1

@cdupuis cdupuis force-pushed the fix-all-cves branch 2 times, most recently from 3cd8fb5 to 65bef8a Compare July 11, 2023 14:31
@docker docker deleted a comment from haticecan37 Aug 29, 2023
ElenaCouto
ElenaCouto reviewed Dec 31, 2023
View reviewed changes
Copy link

@ElenaCouto ElenaCouto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/docker/scout-demo-service/pull/2/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ElenaCouto ElenaCouto ElenaCouto left review comments

@Lchtangen94 Lchtangen94 Lchtangen94 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cdupuis @Lchtangen94 @ElenaCouto