Nodejs version update #1971
Unanswered
CarlosAmericano
asked this question in
Q&A
Replies: 1 comment
-
Hi @CarlosAmericano - thanks for the nice words! The version of Node is built into the container from the Dockerfile. The container is based on ruby:3.2-alpine and that in turn is based on alpine-3.19 which is the latest currently. It looks like an updated Node.js package was released last night @ 9pm. The next release should have this package. I'll update here after the next release. Also FWIW, the application doesn't use a Node HTTP server so that hopefully limits the CVE's reach for Password Pusher. Thanks for pointing this out! I'll post back soon. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello all,
First of all, thank you for this cool product.
Im sure im just missing something but I dont know how to update this specific component or if theres anything we can do.
We decided to start using this using containers, i have them up and running and as far as I can tell using the latest image of the tag that Im using "pglombardo/pwpush:release".
The problem is that, theres a vulnerability being reported about nodejs being below 20.11.1 (CVE-2024-22019), If i do a docker exec, I can see the node -v output is an affected version (v20.11.0)... how can one go and update that ? Is there a need for an update image to have that and only then we need to pull that fixed version ?
On the linux host that is running the containers, we dont have nodejs installed, if that matters.
Thank you for the help
Regards
Beta Was this translation helpful? Give feedback.
All reactions