Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update yarn #9

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Update yarn #9

wants to merge 4 commits into from

Conversation

mikesir87
Copy link
Member

This PR updates yarn to go from yarn classic to yarn modern. Does require a few updates to the local dev setup and container image build. Did validate things locally, but wouldn't hurt to have another pair of eyes on it too.

@github-actions GitHub Actions
Copy link

Your image dockerdevrel/catalog-service-node:pr-9 critical: 0 high: 0 medium: 0 low: 23
Current base image node:22-bookworm-slim critical: 0 high: 1 medium: 0 low: 23
Policy Status
policy status (4/7 policies met, 2 missing data)
Status Policy Results
Default non-root user
No AGPL v3 licenses 0 packages
No fixable critical or high vulnerabilities critical: 0 high: 0 medium: 0 low: 0
No high-profile vulnerabilities critical: 0 high: 0 medium: 0 low: 0
No outdated base images No data
Learn more ↗
No unapproved base images No data
⚠️ Missing supply chain attestation(s) 2 deviations

@github-actions GitHub Actions
Copy link

Overview

Image reference dockerdevrel/catalog-service-node:latest dockerdevrel/catalog-service-node:pr-9
- digest ecc7fdb194a7 efca2dd199cb
- tag latest pr-9
- environment production
- provenance 7dc15b3 639a9ed
- vulnerabilities critical: 0 high: 0 medium: 1 low: 23 critical: 0 high: 0 medium: 0 low: 23
- platform linux/amd64 linux/amd64
- size 82 MB 84 MB (+1.7 MB)
- packages 330 138 (-192)
Base Image node:22-bookworm-slim
also known as:
22-slim
22.12-bookworm-slim
22.12-slim
22.12.0-bookworm-slim
22.12.0-slim
jod-bookworm-slim
jod-slim
lts-bookworm-slim
lts-slim		 node:22-bookworm-slim
also known as:
22-slim
22.12-bookworm-slim
22.12-slim
22.12.0-bookworm-slim
22.12.0-slim
jod-bookworm-slim
jod-slim
lts-bookworm-slim
lts-slim
- vulnerabilities critical: 0 high: 1 medium: 0 low: 23 critical: 0 high: 1 medium: 0 low: 23
Labels (3 changes)
  • ± 3 changed
  • 5 unchanged
-org.opencontainers.image.created=2024-12-11T21:46:19.335Z
+org.opencontainers.image.created=2024-12-23T16:26:01.084Z
 org.opencontainers.image.description=
 org.opencontainers.image.licenses=CC0-1.0
-org.opencontainers.image.revision=7dc15b381f654bd4e5a122b102f017d0dfc307eb
+org.opencontainers.image.revision=639a9ed29ab4c5a59bb95a3632948cf956c28d05
 org.opencontainers.image.source=https://github.com/dockersamples/catalog-service-node
 org.opencontainers.image.title=catalog-service-node
 org.opencontainers.image.url=https://github.com/dockersamples/catalog-service-node
-org.opencontainers.image.version=v0.1.0
+org.opencontainers.image.version=pr-9
Policies (0 improved, 1 worsened, 2 missing data)
Policy Name dockerdevrel/catalog-service-node:latest dockerdevrel/catalog-service-node:pr-9 Change Standing
Default non-root user No Change
No AGPL v3 licenses No Change
No fixable critical or high vulnerabilities No Change
No high-profile vulnerabilities No Change
No outdated base images ❓ No data
No unapproved base images ❓ No data
Supply chain attestations ⚠️ 2 +2 Worsened
Packages and Vulnerabilities (203 package changes and 1 vulnerability changes)
  • ➕ 9 packages added
  • ➖ 194 packages removed
  • 129 packages unchanged
  • ✔️ 1 vulnerabilities removed
Changes for packages of type npm (203 changes)
Package Version
dockerdevrel/catalog-service-node:latest		 Version
dockerdevrel/catalog-service-node:pr-9
1to2 1.0.0
@aws-crypto/crc32 5.2.0
@aws-crypto/crc32c 5.2.0
@aws-crypto/sha1-browser 5.2.0
@aws-crypto/sha256-browser 5.2.0
@aws-crypto/sha256-js 5.2.0
@aws-crypto/supports-web-crypto 5.2.0
@aws-crypto/util 5.2.0
@aws-sdk/client-s3 3.670.0
@aws-sdk/client-sso 3.670.0
@aws-sdk/client-sso-oidc 3.670.0
@aws-sdk/client-sts 3.670.0
@aws-sdk/core 3.667.0
@aws-sdk/credential-provider-env 3.667.0
@aws-sdk/credential-provider-http 3.667.0
@aws-sdk/credential-provider-ini 3.670.0
@aws-sdk/credential-provider-node 3.670.0
@aws-sdk/credential-provider-process 3.667.0
@aws-sdk/credential-provider-sso 3.670.0
@aws-sdk/credential-provider-web-identity 3.667.0
@aws-sdk/middleware-bucket-endpoint 3.667.0
@aws-sdk/middleware-expect-continue 3.667.0
@aws-sdk/middleware-flexible-checksums 3.669.0
@aws-sdk/middleware-host-header 3.667.0
@aws-sdk/middleware-location-constraint 3.667.0
@aws-sdk/middleware-logger 3.667.0
@aws-sdk/middleware-recursion-detection 3.667.0
@aws-sdk/middleware-sdk-s3 3.669.0
@aws-sdk/middleware-ssec 3.667.0
@aws-sdk/middleware-user-agent 3.669.0
@aws-sdk/region-config-resolver 3.667.0
@aws-sdk/signature-v4-multi-region 3.669.0
@aws-sdk/token-providers 3.667.0
@aws-sdk/types 3.667.0
@aws-sdk/util-arn-parser 3.568.0
@aws-sdk/util-endpoints 3.667.0
@aws-sdk/util-locate-window 3.568.0
@aws-sdk/util-user-agent-browser 3.670.0
@aws-sdk/util-user-agent-node 3.669.0
@aws-sdk/xml-builder 3.662.0
@smithy/abort-controller 3.1.5
@smithy/chunked-blob-reader 3.0.0
@smithy/chunked-blob-reader-native 3.0.0
@smithy/config-resolver 3.0.9
@smithy/core 2.4.8
@smithy/credential-provider-imds 3.2.4
@smithy/eventstream-codec 3.1.6
@smithy/eventstream-serde-browser 3.0.10
@smithy/eventstream-serde-config-resolver 3.0.7
@smithy/eventstream-serde-node 3.0.9
@smithy/eventstream-serde-universal 3.0.9
@smithy/fetch-http-handler 3.2.9
@smithy/hash-blob-browser 3.1.6
@smithy/hash-node 3.0.7
@smithy/hash-stream-node 3.1.6
@smithy/invalid-dependency 3.0.7
@smithy/is-array-buffer 3.0.0
@smithy/md5-js 3.0.7
@smithy/middleware-content-length 3.0.9
@smithy/middleware-endpoint 3.1.4
@smithy/middleware-retry 3.0.23
@smithy/middleware-serde 3.0.7
@smithy/middleware-stack 3.0.7
@smithy/node-config-provider 3.1.8
@smithy/node-http-handler 3.2.4
@smithy/property-provider 3.1.7
@smithy/protocol-http 4.1.4
@smithy/querystring-builder 3.0.7
@smithy/querystring-parser 3.0.7
@smithy/service-error-classification 3.0.7
@smithy/shared-ini-file-loader 3.1.8
@smithy/signature-v4 4.2.0
@smithy/smithy-client 3.4.0
@smithy/types 3.5.0
@smithy/url-parser 3.0.7
@smithy/util-base64 3.0.0
@smithy/util-body-length-browser 3.0.0
@smithy/util-body-length-node 3.0.0
@smithy/util-buffer-from 3.0.0
@smithy/util-config-provider 3.0.0
@smithy/util-defaults-mode-browser 3.0.23
@smithy/util-defaults-mode-node 3.0.23
@smithy/util-endpoints 2.1.3
@smithy/util-hex-encoding 3.0.0
@smithy/util-middleware 3.0.7
@smithy/util-retry 3.0.7
@smithy/util-stream 3.1.9
@smithy/util-uri-escape 3.0.0
@smithy/util-utf8 3.0.0
@smithy/util-waiter 3.1.6
accepts 1.3.8
append-field 1.0.0
array-flatten 1.1.1
bare-fs 2.3.5
bare-os 2.4.4
body-parser 1.20.3
bowser 2.11.0
buffer-from 1.1.2
busboy 1.6.0
bytes 3.1.2
call-bind 1.0.7
concat-stream 1.6.2
content-disposition 0.5.4
content-type 1.0.5
cookie 0.7.1
cookie-signature 1.0.6
core-util-is 1.0.3
cpu-features 0.0.10
debug 2.6.9
define-data-property 1.1.4
depd 2.0.0
destroy 1.2.0
dotenv 16.4.5
ee-first 1.1.1
encodeurl 2.0.0
es-define-property 1.0.0
es-errors 1.3.0
escape-html 1.0.3
etag 1.8.1
express 4.21.1
fast-xml-parser 4.4.1
finalhandler 1.3.1
forwarded 0.2.0
fresh 0.5.2
function-bind 1.1.2
get-intrinsic 1.2.4
gopd 1.2.0
has-property-descriptors 1.0.2
has-proto 1.1.0
has-symbols 1.1.0
hasown 2.0.2
http-errors 2.0.0
iconv-lite 0.4.24
inherits 2.0.4
ipaddr.js 1.9.1
isarray 1.0.0
kafkajs 2.2.4
media-typer 0.3.0
merge-descriptors 1.0.3
methods 1.1.2
mime 1.6.0
mime-db 1.52.0
mime-types 2.1.35
minimist 1.2.8
mkdirp 0.5.6
ms 2.1.3
multer 1.4.5-lts.1
nan 2.22.0
negotiator 0.6.3
node-fetch 2.7.0
node-gyp 11.0.0
node-postgres 0.6.2
nodemon 3.1.7
object-assign 4.1.1
object-inspect 1.13.3
on-finished 2.4.1
parseurl 1.3.3
path-to-regexp 0.1.10
critical: 0 high: 0 medium: 1 low: 0
Removed vulnerabilities (1):
  • medium : CVE--2024--52798
pg 8.13.0
pg-cloudflare 1.1.1
pg-connection-string 2.7.0
pg-int8 1.0.1
pg-pool 3.7.0
pg-protocol 1.7.0
pg-types 2.2.0
pgpass 1.0.5
postgres-array 2.0.0
postgres-bytea 1.0.0
postgres-date 1.0.7
postgres-interval 1.2.0
prettier 3.4.0
process-nextick-args 2.0.1
proxy-addr 2.0.7
qs 6.13.0
range-parser 1.2.1
raw-body 2.5.2
readable-stream 2.3.8
safe-buffer 5.2.1
safer-buffer 2.1.2
send 0.19.0
serve-static 1.16.2
set-function-length 1.2.2
setprototypeof 1.2.0
side-channel 1.0.6
split2 4.2.0
ssh2 1.16.0
statuses 2.0.1
streamsearch 1.1.0
string_decoder 1.1.1
strnum 1.0.5
toidentifier 1.0.1
tr46 0.0.3
tslib 2.7.0
type-is 1.6.18
typedarray 0.0.6
unpipe 1.0.0
util-deprecate 1.0.2
utils-merge 1.0.1
uuid 9.0.1
vary 1.1.2
webidl-conversions 3.0.1
whatwg-url 5.0.0
xtend 4.0.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@ajeetraina ajeetraina

@mikesir87 mikesir87

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mikesir87 @ajeetraina