Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update distroless nodejs image #1224

Merged
merged 6 commits into from
Jul 25, 2023
Merged

Update distroless nodejs image #1224

merged 6 commits into from
Jul 25, 2023

Conversation

samchungy
Copy link
Contributor

@samchungy samchungy commented Jul 21, 2023
edited
Loading

The current image has these vulnerabilities flagged in ECR but the new -debian11 image is free from them.

image

For whatever reason, this image isn't using the latest deps/libs? I haven't quite looked at why but the documentation now recommends gcr.io/distroless/nodejs18-debian11 by default

https://github.com/GoogleContainerTools/distroless/blob/main/nodejs/README.md

@changeset-bot
Copy link

changeset-bot bot commented Jul 21, 2023
edited
Loading

🦋 Changeset detected

Latest commit: bbff592

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
skuba Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@samchungy samchungy marked this pull request as ready for review July 21, 2023 07:33
@samchungy samchungy requested review from a team as code owners July 21, 2023 07:33
@samchungy samchungy changed the title Debian11 Update distroless nodejs image Jul 21, 2023
samchungy
samchungy commented Jul 22, 2023
View reviewed changes
src/cli/configure/patchDockerfile.ts
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we autopatch this or just tell consumers to? 🤷

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably need to agree on a more systematic approach for introducing and later retiring custom patches like this, but makes a lot of sense here 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re this, I'm thinking maybe with every major version we retire custom patches. Somewhere in the readme we should add a section on upgrading and suggest that consumers go up major version's one at a time perhaps?

72636c
72636c approved these changes Jul 25, 2023
View reviewed changes
src/cli/configure/patchDockerfile.ts
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably need to agree on a more systematic approach for introducing and later retiring custom patches like this, but makes a lot of sense here 👍

@samchungy samchungy enabled auto-merge (squash) July 25, 2023 12:32
@samchungy samchungy merged commit 884f3f6 into master Jul 25, 2023
19 checks passed
@samchungy samchungy deleted the debian11 branch July 25, 2023 12:35
@seek-oss-ci seek-oss-ci mentioned this pull request Jul 25, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@72636c 72636c 72636c approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@samchungy @72636c