hardillb
commented
3 months ago We only use lts nodejs versions (with even numbers)
Closed OlgasAcc closed 2 months ago
hardillb
commented
3 months ago We only use lts nodejs versions (with even numbers)
OlgasAcc
commented
3 months ago We only use lts nodejs versions (with even numbers)
I see, that's why I'm asking about the Nodejs version 21.7.0 - https://github.com/nodejs/node/releases/tag/v21.7.0 which includes the mentioned fix.
hardillb
commented
3 months ago Instructions on how to build your own containers with whatever version nodejs are in this repo
The latest Node-Red image v3.1.6-18 contains nested dependency (npm/node_modules/ip) that doesn't pass security scanning because of package version vulnerability. The recommended ip version is v2.0.1, the current one is v2.0.0: https://nvd.nist.gov/vuln/detail/CVE-2023-42282
Seems like only Node v21.7.0 includes the new npm version 10.5.0 which includes the fixed ip v2.0.1.
Is there any chance that you're gonna release the next Node-Red image version using Node v21.7.0 in the very near future?
Thanks