Re-pin Docker base image in Dockerfile

[atomist]

This pull request re-pins the Docker base image node:lts in Dockerfile to the current digest.

github-secret-scanner-skill/Dockerfile

Line 2 in eaf471b

FROM node:lts@sha256:5f21943fe97b24ae1740da6d7b9c56ac43fe3495acb47c1b232b0a352b02a25c AS build

Digest sha256:5f21943fe97b24ae1740da6d7b9c56ac43fe3495acb47c1b232b0a352b02a25c references a multi-CPU architecture image manifest. This image supports the following architectures:

• sha256:96065975e8272a0df6b1ed456ade8185519a7fb5b7076e16dbf9fa9eae3d3dd7 linux/s390x

Changelog for node:lts

Commit

New image build caused by commit docker-library/official-images@0edd1eb to library/node:

Node: feat: Nodejs 20 LTS Iron codename

---

Comparison

Comparing Docker image node:lts at digests

Current sha256:d764525456dfe2f96a436ba00f864ee8ae3690bfb457c9f12a3a2a35b2d8be41 (963mb) and
Proposed sha256:5f21943fe97b24ae1740da6d7b9c56ac43fe3495acb47c1b232b0a352b02a25c (968mb):

Packages

The following package differences were detected:

Name	Current	Proposed	Type
corepack	0.19.0	0.20.0	Node
libssl-dev	3.0.11-1~deb12u1	3.0.11-1~deb12u2	Apt
libssl3	3.0.11-1~deb12u1	3.0.11-1~deb12u2	Apt
npm	9.8.1	10.1.0	Node
openssl	3.0.11-1~deb12u1	3.0.11-1~deb12u2	Apt

Files

The following file modifications were detected:

Name	Current	Proposed	Diff
/etc/apt/sources.list.d/debian.sources	443b	443b	0b
/etc/shadow	500b	500b	0b
/etc/shadow-	474b	474b	0b
/root/.gnupg		-	-80kb
/root/.gnupg/crls.d		-	-5b
/root/.gnupg/crls.d/DIR.txt		-	-5b
/root/.gnupg/private-keys-v1.d		+	0b
/root/.gnupg/pubring.kbx		-	-45kb
/root/.gnupg/pubring.kbx~		-	-34kb
/root/.gnupg/random_seed		-	-600b
/root/.gnupg/trustdb.gpg		-	-1.2kb
/root/.npm/_logs/2023-10-16T19_25_01_005Z-debug-0.log		-	-1.5kb
/root/.npm/_logs/2023-11-01T03_16_55_416Z-debug-0.log		+	1.5kb
/tmp/v8-compile-cache-0/10.2.154.26-node.26		-	-2.1mb
/tmp/v8-compile-cache-0/10.2.154.26-node.26/zSoptzSyarn-v1.22.19zSbinzSyarn.js.BLOB		-	-2.1mb
/tmp/v8-compile-cache-0/10.2.154.26-node.26/zSoptzSyarn-v1.22.19zSbinzSyarn.js.MAP		-	-88b
/tmp/v8-compile-cache-0/11.3.244.8-node.16		+	2.1mb
/tmp/v8-compile-cache-0/11.3.244.8-node.16/zSoptzSyarn-v1.22.19zSbinzSyarn.js.BLOB		+	2.1mb
/tmp/v8-compile-cache-0/11.3.244.8-node.16/zSoptzSyarn-v1.22.19zSbinzSyarn.js.MAP		+	88b
/usr/lib/s390x-linux-gnu/libcrypto.a	8.3mb	8.3mb	688b
/usr/lib/s390x-linux-gnu/libcrypto.so.3	4.2mb	4.2mb	0b
/usr/local/CHANGELOG.md	596kb	254kb	-341kb
/usr/local/LICENSE	113kb	113kb	20b
/usr/local/README.md	36kb	37kb	363b
/usr/local/bin/node	90mb	95mb	4.3mb
/usr/local/include/node (91 files changed)	772kb	1.1mb	332kb
/usr/local/lib/node_modules (537 files changed)	4.1mb	8.9mb	4.8mb
/usr/local/share/doc/node/gdbinit	6.9kb	8.7kb	1.7kb
/usr/local/share/man/man1/node.1	23kb	23kb	491b
/usr/local/share/systemtap		-	-10kb
/usr/share/doc/libssl-dev/changelog.Debian.gz	3.8kb	3.9kb	54b
/usr/share/doc/libssl3/changelog.Debian.gz	3.8kb	3.9kb	54b
/usr/share/doc/openssl/changelog.Debian.gz	3.8kb	3.9kb	54b
/usr/share/man/man1 (60 files changed)	318kb	318kb	-78b
/usr/share/man/man5 (3 files changed)	21kb	21kb	-3b
/usr/share/man/man7 (126 files changed)	463kb	462kb	-188b
/var/cache/fontconfig/3830d5c3ddfd5cd38a049b759396e72e-be64.cache-8	144b	144b	0b
/var/cache/fontconfig/4c599c202bc5c08e2d34565a40eac3b2-be64.cache-8	104b	104b	0b
/var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-be64.cache-8	160b	160b	0b
/var/cache/fontconfig/d589a48862398ed80a3d6066f4f56f4c-be64.cache-8	16kb	16kb	0b
/var/cache/ldconfig/aux-cache	16kb	16kb	0b
/var/lib/dpkg/info (3 files changed)	25kb	25kb	0b
/var/lib/dpkg/status	368kb	368kb	0b
/var/lib/dpkg/status-old	369kb	369kb	0b
/var/log/alternatives.log	11kb	11kb	0b
/var/log/apt/eipp.log.xz	17kb	17kb	-4b
/var/log/apt/history.log	14kb	14kb	0b
/var/log/apt/term.log	77kb	77kb	0b
/var/log/dpkg.log	150kb	150kb	0b

History

The following differences in docker history were detected:

-/bin/sh -c #(nop) ADD file:2dc117136732884ad4b058065700dd66cc49d6ce56b0fdbb672915e3ad8adb84 in /
+/bin/sh -c #(nop) ADD file:6d8ee60b2fe4604969d8feeeb7e0dc8b9619a778d1a905c8bfdde5ede5e1eb54 in /
 /bin/sh -c #(nop)  CMD ["bash"]
 /bin/sh -c set -eux; 	apt-get update; 	apt-get install -y --no-install-recommends 		ca-certificates 		curl 		gnupg 		netbase 		sq 		wget 	; 	rm -rf /var/lib/apt/lists/*
 /bin/sh -c apt-get update && apt-get install -y --no-install-recommends 		git 		mercurial 		openssh-client 		subversion 				procps 	&& rm -rf /var/lib/apt/lists/*
 /bin/sh -c set -ex; 	apt-get update; 	apt-get install -y --no-install-recommends 		autoconf 		automake 		bzip2 		dpkg-dev 		file 		g++ 		gcc 		imagemagick 		libbz2-dev 		libc6-dev 		libcurl4-openssl-dev 		libdb-dev 		libevent-dev 		libffi-dev 		libgdbm-dev 		libglib2.0-dev 		libgmp-dev 		libjpeg-dev 		libkrb5-dev 		liblzma-dev 		libmagickcore-dev 		libmagickwand-dev 		libmaxminddb-dev 		libncurses5-dev 		libncursesw5-dev 		libpng-dev 		libpq-dev 		libreadline-dev 		libsqlite3-dev 		libssl-dev 		libtool 		libwebp-dev 		libxml2-dev 		libxslt-dev 		libyaml-dev 		make 		patch 		unzip 		xz-utils 		zlib1g-dev 				$( 			if apt-cache show 'default-libmysqlclient-dev' 2>/dev/null | grep -q '^Version:'; then 				echo 'default-libmysqlclient-dev'; 			else 				echo 'libmysqlclient-dev'; 			fi 		) 	; 	rm -rf /var/lib/apt/lists/*
 /bin/sh -c groupadd --gid 1000 node   && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
-/bin/sh -c #(nop)  ENV NODE_VERSION=18.18.2
-/bin/sh -c ARCH= && dpkgArch="$(dpkg --print-architecture)"   && case "${dpkgArch##*-}" in     amd64) ARCH='x64';;     ppc64el) ARCH='ppc64le';;     s390x) ARCH='s390x';;     arm64) ARCH='arm64';;     armhf) ARCH='armv7l';;     i386) ARCH='x86';;     *) echo "unsupported architecture"; exit 1 ;;   esac   && set -ex   && for key in     4ED778F539E3634C779C87C6D7062848A1AB005C     141F07595B7B3FFE74309A937405533BE57C7D57     74F12602B6F1C4E913FAA37AD3A89613643B6201     DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7     61FC681DFB92A079F1685E77973F295594EC4689     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8     890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4     C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C     108F52B48DB57BB0CC439B2997B01419BD92F80A     A363A499291CBBC940DD62E41F10027AF002F8B0   ; do       gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||       gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz"   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc"   && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc   && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c -   && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner   && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt   && ln -s /usr/local/bin/node /usr/local/bin/nodejs   && node --version   && npm --version
+/bin/sh -c #(nop)  ENV NODE_VERSION=20.9.0
+/bin/sh -c ARCH= && dpkgArch="$(dpkg --print-architecture)"   && case "${dpkgArch##*-}" in     amd64) ARCH='x64';;     ppc64el) ARCH='ppc64le';;     s390x) ARCH='s390x';;     arm64) ARCH='arm64';;     armhf) ARCH='armv7l';;     i386) ARCH='x86';;     *) echo "unsupported architecture"; exit 1 ;;   esac   && export GNUPGHOME="$(mktemp -d)"   && set -ex   && for key in     4ED778F539E3634C779C87C6D7062848A1AB005C     141F07595B7B3FFE74309A937405533BE57C7D57     74F12602B6F1C4E913FAA37AD3A89613643B6201     DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7     61FC681DFB92A079F1685E77973F295594EC4689     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8     890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4     C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C     108F52B48DB57BB0CC439B2997B01419BD92F80A     A363A499291CBBC940DD62E41F10027AF002F8B0   ; do       gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||       gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz"   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc"   && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc   && gpgconf --kill all   && rm -rf "$GNUPGHOME"   && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c -   && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner   && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt   && ln -s /usr/local/bin/node /usr/local/bin/nodejs   && node --version   && npm --version
 /bin/sh -c #(nop)  ENV YARN_VERSION=1.22.19
-/bin/sh -c set -ex   && for key in     6A010C5166006599AA17F08146C2130DFD2497F5   ; do     gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz"   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc"   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && mkdir -p /opt   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg   && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && yarn --version
+/bin/sh -c set -ex   && export GNUPGHOME="$(mktemp -d)"   && for key in     6A010C5166006599AA17F08146C2130DFD2497F5   ; do     gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz"   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc"   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && gpgconf --kill all   && rm -rf "$GNUPGHOME"   && mkdir -p /opt   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg   && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && yarn --version
 /bin/sh -c #(nop) COPY file:4d192565a7220e135cab6c77fbc1c73211b69f3d9fb37e62857b2c6eb9363d51 in /usr/local/bin/
 /bin/sh -c #(nop)  ENTRYPOINT ["docker-entrypoint.sh"]
 /bin/sh -c #(nop)  CMD ["node"]

Ports

No different exposed ports detected

Environment Variables

The following different environment variables were detected:

-NODE_VERSION 18.18.2
+NODE_VERSION 20.9.0

---

Pinning FROM lines to digests makes your builds repeatable. Atomist will raise new pull requests whenever the tag moves, so that you know when the base image has been updated. You can follow a new tag at any time. Just replace the digest with the new tag you want to follow. Atomist, will switch to following this new tag.

---

File changed:

• Dockerfile