Skip to content

Update node version to address critical CVEs#2633

Merged
blueww merged 2 commits into
Azure:mainfrom
nicholas-lockhart:base-node
May 7, 2026
Merged

Update node version to address critical CVEs#2633
blueww merged 2 commits into
Azure:mainfrom
nicholas-lockhart:base-node

Conversation

@nicholas-lockhart
Copy link
Copy Markdown

@nicholas-lockhart nicholas-lockhart commented Mar 12, 2026

Old image trivy scan:
Total: 26 (UNKNOWN: 0, LOW: 3, MEDIUM: 17, HIGH: 4, CRITICAL: 2)

New image trivy scan:
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 1)
Zlib is the current critical here and does not have a fix since it was recently discovered.

Tests continue to pass without issue

@blueww blueww requested a review from Copilot March 18, 2026 07:01
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the container base image used to build and run Azurite in order to reduce critical/high CVEs reported by image scanning.

Changes:

  • Bump the Node Alpine base image from node:22-alpine3.21 to node:22-alpine3.23 for both build and runtime stages.
  • Add an “Upcoming Release” changelog entry noting the security-motivated base image update.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
Dockerfile Updates the builder and production FROM images to use Alpine 3.23 variants.
ChangeLog.md Adds a release-note bullet for the security-driven image update.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread Dockerfile
Comment thread Dockerfile
Comment thread ChangeLog.md Outdated
update changelog messaging for clarity
37161ee 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@nicholas-lockhart
Copy link
Copy Markdown
Author

nicholas-lockhart commented Apr 14, 2026

@blueww checking in on this PR. It is addressing some critical issues, so I was wondering when we could see it get reviewed, approved, and released.

@blueww
Copy link
Copy Markdown
Member

blueww commented Apr 15, 2026

@nicholas-lockhart

Not sure if you have checked the Azurite docker image build from the new node version works , in both AMD64 and ARM64?

@nicholas-lockhart
Copy link
Copy Markdown
Author

nicholas-lockhart commented Apr 17, 2026

@blueww are there specific tests that you need to see ran? I don't see any notes on this within the repo under the Contribution tab. The images build as expected and will run.

@blueww
Copy link
Copy Markdown
Member

blueww commented Apr 20, 2026

Hi @nicholas-lockhart ,

The image version update will impact both AMD64 and ARM64 docker image, however we only have AMD64 docker image build test in the PR validation. We have very limited ARM64 machine resource, so not include it in the PR validation, and expect this image version won't be updated too frequently.
Could you help to validate the ARM64 docker image build works, then we can merge the PR.

@nicholas-lockhart
Copy link
Copy Markdown
Author

nicholas-lockhart commented Apr 29, 2026

Yes, the ARM64 image builds just fine and runs through the validation, similar to what is done with AMD64.

@blueww blueww merged commit 8badf16 into Azure:main May 7, 2026
35 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nicholas-lockhart @blueww