Skip to content

fix: replace node:20.20.1-alpine3.23 with alpine:3.23 + APK nodejs to…#12

Merged
AlexLopezGomez merged 1 commit into
mainfrom
dev
Mar 21, 2026
Merged

fix: replace node:20.20.1-alpine3.23 with alpine:3.23 + APK nodejs to…#12
AlexLopezGomez merged 1 commit into
mainfrom
dev

Conversation

@AlexLopezGomez
Copy link
Copy Markdown
Owner

@AlexLopezGomez AlexLopezGomez commented Mar 21, 2026

… eliminate CVEs

node:20.20.1-alpine3.23 bundles npm outside Alpine's APK database; Docker Scout enumerates those files per-layer and reports 11 high CVEs (tar, minimatch, etc.). Switching to alpine:3.23 + apk add nodejs npm makes npm APK-tracked — Docker Scout reads the APK database instead of enumerating npm internals, giving 0 CVEs.

Summary

  • What problem does this change solve?
  • Why was this approach chosen?

Changes

  • Describe the main implementation changes

Validation

  • Tested locally
  • Updated docs if needed
  • Updated CHANGELOG.md if needed

Notes for Reviewers

  • Call out any risks, follow-ups, or areas where review context helps

@AlexLopezGomez
fix: replace node:20.20.1-alpine3.23 with alpine:3.23 + APK nodejs to…
689ed98 
… eliminate CVEs

node:20.20.1-alpine3.23 bundles npm outside Alpine's APK database; Docker Scout
enumerates those files per-layer and reports 11 high CVEs (tar, minimatch, etc.).
Switching to alpine:3.23 + apk add nodejs npm makes npm APK-tracked — Docker Scout
reads the APK database instead of enumerating npm internals, giving 0 CVEs.
@AlexLopezGomez AlexLopezGomez merged commit 0d900ce into main Mar 21, 2026
1 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AlexLopezGomez