Skip to content

Comments

Update Node.js image to specific SHA256 digest#45

Merged
mageroni merged 1 commit intomainfrom
mageroni-patch-dockerfile
Feb 15, 2026
Merged

Update Node.js image to specific SHA256 digest#45
mageroni merged 1 commit intomainfrom
mageroni-patch-dockerfile

Conversation

@mageroni
Copy link
Collaborator

@mageroni mageroni commented Feb 15, 2026

No description provided.

Copilot AI review requested due to automatic review settings February 15, 2026 20:58
@mageroni mageroni merged commit 12290b8 into main Feb 15, 2026
8 checks passed
@mageroni mageroni deleted the mageroni-patch-dockerfile branch February 15, 2026 20:59
Copilot AI reviewed Feb 15, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Pins the Docker base image to a specific immutable Node.js 18 slim image digest to make builds reproducible and prevent unintentional base-image drift.

Changes:

  • Update FROM node:18-slim to a specific @sha256 digest

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Dockerfile
@@ -1,4 +1,4 @@
FROM node:18-slim
FROM node:18-slim@sha256:f9ab18e354e6855ae56ef2b290dd225c1e51a564f87584b9bd21dd651838830e
Copy link

Copilot AI Feb 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Node.js 18 is end-of-life (no security updates). Since this image is now pinned to a Node 18 digest, we’ll be locked onto an unsupported runtime; please upgrade the base image to an actively supported LTS (e.g., Node 20/22) and update the pinned digest accordingly.

Suggested change
FROM node:18-slim@sha256:f9ab18e354e6855ae56ef2b290dd225c1e51a564f87584b9bd21dd651838830e
FROM node:20-slim

Copilot uses AI. Check for mistakes.
Dockerfile
@@ -1,4 +1,4 @@
FROM node:18-slim
FROM node:18-slim@sha256:f9ab18e354e6855ae56ef2b290dd225c1e51a564f87584b9bd21dd651838830e
Copy link

Copilot AI Feb 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pinning the image by digest disables automatic base-image updates (including Debian security patches). Please ensure there is an automated process (e.g., Dependabot/Renovate for Docker) or a documented runbook to regularly bump this digest; otherwise the container will accumulate known CVEs over time.

Suggested change
FROM node:18-slim@sha256:f9ab18e354e6855ae56ef2b290dd225c1e51a564f87584b9bd21dd651838830e
FROM node:18-slim

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mageroni