Skip to content

Security: upgrade base image to node:22.23.1-alpine3.24 to resolve 437 vulnerabilities#35

Open
maksimtech wants to merge 1 commit into
vekexasia:mainfrom
maksimtech:fix/secure-docker-image
Open

Security: upgrade base image to node:22.23.1-alpine3.24 to resolve 437 vulnerabilities#35
maksimtech wants to merge 1 commit into
vekexasia:mainfrom
maksimtech:fix/secure-docker-image

Conversation

@maksimtech

Copy link
Copy Markdown

Description

This PR upgrades the Docker base image from node:22-bookworm to node:22.23.1-alpine3.24.

The current Debian-based image carries a significant amount of inherited system vulnerabilities. Switching to a minimal, security-oriented Alpine Linux distribution dramatically reduces the attack surface of the container.

Security Impact

According to Software Composition Analysis (SCA):

  • Before (node:22-bookworm): 437 total vulnerabilities (4 Critical, 23 High, 21 Medium, 389 Low)
  • After (node:22.23.1-alpine3.24): 0 vulnerabilities (Clean scan)

Changes

  • Updated Dockerfile base image to node:22.23.1-alpine3.24.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant