Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: upgrade application node version to v14 (by updating Docker image) #2038

Merged
merged 4 commits into from
Jun 1, 2021
Merged

build: upgrade application node version to v14 (by updating Docker image) #2038

merged 4 commits into from
Jun 1, 2021

Conversation

karrui
Copy link
Contributor

@karrui karrui commented Jun 1, 2021
edited
Loading

Problem

The current base node Docker image used in our application has a possible security vulnerability as flagged by Snyk (Improper certificate validation), which can cause the Node process to terminate. This can result in denial of service.

This PR upgrades the Docker image to node:fermium-alpine3.13, which upgrades our node version used to v14. The image does not seem to have any known vulnerabilities flagged.

Tested on staging.

Closes #2027

Solution

Improvements:

  • Upgrade base docker image to node:fermium-alpine3.13.

@karrui karrui changed the title build: upgrade base Docker image to node:fermium-alpine3.13 (Fermium LTS (v14)) build: upgrade application node version to v14 (by updating Docker image) Jun 1, 2021
mantariksh
mantariksh approved these changes Jun 1, 2021
View reviewed changes
Copy link
Contributor

@mantariksh mantariksh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

think we might need to change a few other things:

  • GitHub actions NodeJS version
  • Travis NodeJS version
  • README

@karrui
Copy link
Contributor Author

karrui commented Jun 1, 2021

GAH thought i caught them all, thanks anti

@mantariksh
Copy link
Contributor

i caught them all

Screenshot 2021-06-01 at 11 42 21 AM

yong-jie
yong-jie approved these changes Jun 1, 2021
View reviewed changes
Copy link
Member

@yong-jie yong-jie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did a quick check on my end as well, dont see any missed node-version declarations 💯

@karrui
fix: update stream tests to promisified version
6a77879 
seems to be failing due to node upgrade, but i don't know why. Does not seem to fail when manual testing, so should be some jest x node implementation on streams
@karrui karrui merged commit 76d00ce into develop Jun 1, 2021
@karrui karrui deleted the feat/upgrade-node branch June 1, 2021 05:36
@yong-jie yong-jie mentioned this pull request Jun 1, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mantariksh mantariksh mantariksh approved these changes

@yong-jie yong-jie yong-jie approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update Node alpine version
3 participants
@karrui @mantariksh @yong-jie