Closed BlackthornYugen closed 2 years ago
I did a build test of this via docker build --pull https://github.com/BlackthornYugen/mongo-express-docker.git#patch-1
and it builds fine -- I'm not comfortable merging many things here (as I'm not a maintainer of either this project or mongo-express
), but this one seems sane/safe IMO (so I'm going for it). :sweat_smile:
Ah, but we're back to the core problem of #62 -- node:12*
is not supported :disappointed:
@tianon I'm confused, is this merge okay? or does it break something? It's still node 12 right? I just did a fresh build and I'm showing it's on node12:
bash-5.1# node --version
v12.22.12
bash-5.1# cat /etc/*rel*
3.15.4
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.15.4
PRETTY_NAME="Alpine Linux v3.15"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"
bash-5.1# apk policy zlib
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.15/main: No such file or directory
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.15/community: No such file or directory
zlib policy:
1.2.12-r0:
lib/apk/db/installed
Are you saying not all versions of node 12 are supported?
Sorry for not being clear -- I'm saying that due to https://github.com/nodejs/docker-node/pull/1701, this is problematic. The node:12-alpine3.15
image is reasonably recent, but it will not be updated any further beyond what's currently published.
Right -- I can take a shot at migrating to a more recent node version sometime in the next couple months if nobody else is able to get to it.
There are many security updates we are missing out on (including zlib CVE-2018-25032) by using the EOL alpine 3.11. This change updates to Alpine 3.15.