https://www.growthbook.io/ logo
#give-feedback
Title
# give-feedback
a

adamant-exabyte-53836

07/07/2022, 12:50 PM
JFYI: there are many high & critical CVEs in prod found in image growthbook/growthbook:git-3ba8bda ID: sha256:5fa561444e125e3c605d782b229d5317e532b2abdadb8e449cda4bd760c0af2b OS Distribution Debian GNU/Linux 11 (bullseye) Critical (4) CVE-2022-2068 | CVE-2021-44906 | CVE-2021-3918 | CVE-2021-42740 High (27) CVE-2021-32723 | CVE-2022-23647 | CVE-2022-24785 | CVE-2022-31129 | CVE-2021-23341 | CVE-2021-32723 | CVE-2022-23647 | CVE-2020-15138 | CVE-2022-0654 | CVE-2020-7753 | CVE-2022-21680 | CVE-2022-21681.. most of which are caused by using node.js v14.x , it seems •
WORKDIR /usr/local/src/app
RUN apt-get update && apt-get install -y wget gnupg2 && echo "deb <https://deb.nodesource.com/node_14.x> buster main" > /etc/apt/sources.list.d/nodesource.list && wget -qO- <https://deb.nodesource.com/gpgkey/nodesource.gpg.key> | apt-key add - && echo "deb <https://dl.yarnpkg.com/debian/> stable main" > /etc/apt/sources.list.d/yarn.list && wget -qO- <https://dl.yarnpkg.com/debian/pubkey.gpg> | apt-key add - && apt-get update && apt-get install -yqq nodejs=$(apt-cache show nodejs|grep Version|grep nodesource|cut -c 10-) yarn && apt-get clean && rm -rf /var/lib/apt/lists/*
f

future-teacher-7046

07/07/2022, 1:26 PM
Thanks for this. I'm pretty sure our code is fully compatible with node 16 at least, so should be easy to update that.
👍 1
25 Views