BWDB-8518 [Snyk] Security upgrade node from 22-alpine3.18 to 22.22.0-alpine3.23

[bwappsec]

Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• Dockerfile

We recommend upgrading to node:22.22.0-alpine3.23, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Race Condition SNYK-UPSTREAM-NODE-14928492	366
	UNIX Symbolic Link (Symlink) Following SNYK-UPSTREAM-NODE-14928586	344
	Directory Traversal SNYK-UPSTREAM-NODE-10847885	272
	Uncaught Exception SNYK-UPSTREAM-NODE-14929624	242
	Reliance on Undefined, Unspecified, or Implementation-Defined Behavior SNYK-UPSTREAM-NODE-14975915	189

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Race Condition
🦉 Directory Traversal
🦉 Uncaught Exception

[bwappsec]

This upgrade involves a significant change in the underlying operating system, moving from Alpine 3.18 to 3.23. The Node.js version update is minor within the v22 release line and is not expected to cause breaking changes.

Key Environment Changes (Alpine Linux):

This is an environment change that requires verification. The risk is rated medium because of the potential for impact on native Node.js modules or applications sensitive to system library changes.

• apk-tools v3: Alpine 3.23 introduces apk-tools v3. While designed to be a seamless upgrade, it may introduce breaking changes for consumers of libapk.
• Package Removals and Renaming:
  • Redis: Replaced by the Valkey fork in Alpine 3.20 due to licensing changes. A valkey-compat package is available.
  • HashiCorp Packages: Products like Terraform and Vault were removed in Alpine 3.19 due to license changes. opentofu is available as a Terraform alternative.
  • ISC DHCP: Removed in Alpine 3.21 as it reached its end-of-life.
  • yq was renamed to yq-go in Alpine 3.20.
• System Libraries: The upgrade spans multiple versions of core libraries like GCC, LLVM, and the Linux Kernel, which could affect compilation of native modules.

Recommendation:
Rebuild and thoroughly test your application in a staging environment before deploying to production. Pay close attention to the installation of system dependencies and the compilation of any native Node.js modules to ensure compatibility with the updated OS libraries.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.