Change base image to `dhi.io/node:24-alpine3.23-sfw-dev` by mathieu-benoit · Pull Request #302 · mathieu-benoit/deploy-backstage-with-score

mathieu-benoit · 2026-02-16T20:42:31Z

No description provided.

Updated base image to dhi.io/node:24-alpine3.23-sfw-dev and changed package manager commands from apt to apk.

github-actions · 2026-02-16T20:55:11Z

Overview

Image reference	`backstage:latest`	`backstage:latest`
- digest	`409360f2448c`	`2cb22b687ca1`
- tag	`latest`	`latest`
- provenance	`09cbb75`	`d762333`
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	317 MB	198 MB (-118 MB)
- packages	1512	1400 (-112)

Environment Variables (3 changes)

+ 1 added

- 1 removed

± 1 changed

4 unchanged

 NODE_ENV=production
 NODE_OPTIONS=--no-node-snapshot
 NODE_VERSION=24.13.1
+NPM_CONFIG_UPDATE_NOTIFIER=false
-PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+PATH=/opt/socket/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 PYTHON=/usr/bin/python3
-YARN_VERSION=1.22.22

Labels (15 changes)

+ 15 added

+com.docker.dhi.chain-id=sha256:c5d59ad03fbaf86fe73362e751e277449875e27550e4515a182d99eebdf71957
+com.docker.dhi.compliance=cis
+com.docker.dhi.created=2026-02-12T12:54:50Z
+com.docker.dhi.date.end-of-life=2028-04-30
+com.docker.dhi.date.release=2025-05-06
+com.docker.dhi.definition=image/node/alpine-3.23/24-sfw-dev
+com.docker.dhi.distro=alpine-3.23
+com.docker.dhi.flavor=sfw
+com.docker.dhi.name=dhi/node
+com.docker.dhi.package-manager=apk
+com.docker.dhi.shell=busybox
+com.docker.dhi.title=Node.js 24.x / Socket Firewall (sfw, dev)
+com.docker.dhi.url=https://dhi.io/catalog/node
+com.docker.dhi.variant=dev
+com.docker.dhi.version=24.13.1-alpine3.23-sfw-dev

Packages and Vulnerabilities (195 package changes and 78 vulnerability changes)

➕ 30 packages added

➖ 147 packages removed

♾️ 18 packages changed

1119 packages unchanged

❗ 8 vulnerabilities added

✔️ 70 vulnerabilities removed

Changes for packages of type apk (26 changes)

	Package	Version `backstage:latest`
➕	alpine-baselayout-data	`3.7.1-r8`
➕	apk-tools	`3.0.4-r0`
➕	brotli-libs	`1.2.0-r0`
➕	busybox	`1.37.0-r30`
➕	c-ares	`1.34.6-r0`
➕	ca-certificates-bundle	`20251003-r0`
➕	coreutils-env	`9.8-r1`

		Added vulnerabilities (1):
➕	git	`2.52.0-r0`
➕	git-init-template	`2.52.0-r0`
➕	libapk	`3.0.4-r0`
➕	libcrypto3	`3.5.5-r0`
➕	libcurl	`8.17.0-r1`

		Added vulnerabilities (6):
➕	libexpat	`2.7.4-r0`
➕	libgcc	`15.2.0-r2`
➕	libidn2	`2.3.8-r0`
➕	libpsl	`0.21.5-r3`
➕	libssl3	`3.5.5-r0`
➕	libstdc++	`15.2.0-r2`
➕	libunistring	`1.4.1-r0`
➕	musl	`1.2.5-r21`
➕	nghttp2-libs	`1.68.0-r0`
➕	nghttp3	`1.13.1-r0`
➕	pcre2	`10.47-r0`
➕	ssl_client	`1.37.0-r30`

		Added vulnerabilities (1):
➕	zlib	`1.3.1-r2`
➕	zstd-libs	`1.5.7-r2`

Changes for packages of type deb (147 changes)

	Package	Version `backstage:latest`
➖	adduser	`3.152`
➖	apt	`3.0.3`
➖	base-files	`13.8+deb13u3`
➖	base-passwd	`3.6.7`
➖	bash	`5.2.37-2+b7`
➖	binutils	`2.44-3`
➖	binutils-common	`2.44-3`
➖	binutils-x86-64-linux-gnu	`2.44-3`
➖	bsdutils	`1:2.41-5`
➖	build-essential	`12.12`
➖	bzip2	`1.0.8-6`
➖	coreutils	`9.7-3`

		Removed vulnerabilities (2):
➖	cpp	`4:14.2.0-1`
➖	cpp-14	`14.2.0-19`
➖	cpp-14-x86-64-linux-gnu	`14.2.0-19`
➖	cpp-x86-64-linux-gnu	`4:14.2.0-1`
➖	dash	`0.5.12-12`
➖	debconf	`1.5.91`
➖	debian-archive-keyring	`2025.1`
➖	debianutils	`5.23.2`
➖	diffutils	`1:3.10-4`
➖	dpkg	`1.22.21`
➖	dpkg-dev	`1.22.21`
➖	findutils	`4.10.0-3`
➖	g++	`4:14.2.0-1`
➖	g++-14	`14.2.0-19`
➖	g++-14-x86-64-linux-gnu	`14.2.0-19`
➖	g++-x86-64-linux-gnu	`4:14.2.0-1`
➖	gcc	`4:14.2.0-1`
➖	gcc-14	`14.2.0-19`
➖	gcc-14-base	`14.2.0-19`
➖	gcc-14-x86-64-linux-gnu	`14.2.0-19`
➖	gcc-x86-64-linux-gnu	`4:14.2.0-1`
➖	grep	`3.11-4`
➖	gzip	`1.13-1`
➖	hostname	`3.25`
➖	init-system-helpers	`1.69~deb13u1`
➖	libacl1	`2.3.2-2+b1`
➖	libapt-pkg7.0	`3.0.3`

		Removed vulnerabilities (1):
➖	libasan8	`14.2.0-19`
➖	libatomic1	`14.2.0-19`
➖	libattr1	`1:2.5.2-3`
➖	libaudit-common	`1:4.0.2-2`
➖	libaudit1	`1:4.0.2-2+b2`
➖	libbinutils	`2.44-3`
➖	libblkid1	`2.41-5`
➖	libbsd0	`0.12.2-2`
➖	libbz2-1.0	`1.0.8-6`
➖	libc-bin	`2.41-12+deb13u1`
➖	libc-dev-bin	`2.41-12+deb13u1`
➖	libc6	`2.41-12+deb13u1`

		Removed vulnerabilities (7):
➖	libc6-dev	`2.41-12+deb13u1`
➖	libcap-ng0	`0.8.5-4+b1`
➖	libcap2	`1:2.75-10+b3`
➖	libcc1-0	`14.2.0-19`
➖	libcrypt-dev	`1:4.4.38-1`
➖	libcrypt1	`1:4.4.38-1`
➖	libctf-nobfd0	`2.44-3`
➖	libctf0	`2.44-3`
➖	libdb5.3t64	`5.3.28+dfsg2-9`
➖	libdebconfclient0	`0.280`
➖	libdpkg-perl	`1.22.21`
➖	libexpat1	`2.7.1-2`
➖	libffi8	`3.4.8-2`
➖	libgcc-14-dev	`14.2.0-19`
➖	libgcc-s1	`14.2.0-19`
➖	libgdbm-compat4t64	`1.24-2`
➖	libgdbm6t64	`1.24-2`
➖	libgmp10	`2:6.3.0+dfsg-3`
➖	libgomp1	`14.2.0-19`
➖	libgprofng0	`2.44-3`
➖	libhogweed6t64	`3.10.1-1`
➖	libhwasan0	`14.2.0-19`
➖	libisl23	`0.27-1`
➖	libitm1	`14.2.0-19`
➖	libjansson4	`2.14-2+b3`

		Removed vulnerabilities (1):
➖	liblastlog2-2	`2.41-5`
➖	liblsan0	`14.2.0-19`
➖	liblz4-1	`1.10.0-4`
➖	liblzma5	`5.8.1-1`
➖	libmd0	`1.1.0-2+b1`
➖	libmount1	`2.41-5`
➖	libmpc3	`1.3.1-1+b3`
➖	libmpfr6	`4.2.2-1`
➖	libncursesw6	`6.5+20250216-2`
➖	libnettle8t64	`3.10.1-1`
➖	libpam-modules	`1.7.0-5`
➖	libpam-modules-bin	`1.7.0-5`
➖	libpam-runtime	`1.7.0-5`
➖	libpam0g	`1.7.0-5`
➖	libpcre2-8-0	`10.46-1~deb13u1`
➖	libperl5.40	`5.40.1-6`
➖	libpython3-stdlib	`3.13.5-1`
➖	libpython3.13-minimal	`3.13.5-2`
➖	libpython3.13-stdlib	`3.13.5-2`
➖	libquadmath0	`14.2.0-19`
➖	libreadline8t64	`8.2-6`
➖	libseccomp2	`2.6.0-2`
➖	libselinux1	`3.8.1-1`
➖	libsemanage-common	`3.8.1-1`
➖	libsemanage2	`3.8.1-1`
➖	libsepol2	`3.8.1-1`
➖	libsframe1	`2.44-3`

		Removed vulnerabilities (39):
➖	libsmartcols1	`2.41-5`
➖	libsqlite3-0	`3.46.1-7`
➖	libsqlite3-dev	`3.46.1-7`

		Removed vulnerabilities (1):
➖	libssl3t64	`3.5.4-1~deb13u2`
➖	libstdc++-14-dev	`14.2.0-19`
➖	libstdc++6	`14.2.0-19`
➖	libsystemd0	`257.9-1~deb13u1`
➖	libtinfo6	`6.5+20250216-2`
➖	libtsan2	`14.2.0-19`
➖	libubsan1	`14.2.0-19`
➖	libudev1	`257.9-1~deb13u1`

		Removed vulnerabilities (4):
➖	libuuid1	`2.41-5`
➖	libxxhash0	`0.8.3-2`
➖	libzstd1	`1.5.7+dfsg-1`
➖	linux-libc-dev	`6.12.69-1`
➖	login	`1:4.16.0-2+really2.41-5`
➖	login.defs	`1:4.17.4-2`
➖	make	`4.4.1-2`
➖	mawk	`1.3.4.20250131-1`
➖	media-types	`13.0.0`
➖	mount	`2.41-5`
➖	ncurses-base	`6.5+20250216-2`
➖	ncurses-bin	`6.5+20250216-2`
➖	netbase	`6.5`
➖	openssl-provider-legacy	`3.5.4-1~deb13u2`

		Removed vulnerabilities (1):
➖	passwd	`1:4.17.4-2`

		Removed vulnerabilities (1):
➖	patch	`2.8-2`

		Removed vulnerabilities (4):
➖	perl	`5.40.1-6`

		Removed vulnerabilities (1):
➖	perl-base	`5.40.1-6`
➖	perl-modules-5.40	`5.40.1-6`
➖	python3	`3.13.5-1`
➖	python3-minimal	`3.13.5-1`
➖	python3.13	`3.13.5-2`

		Removed vulnerabilities (4):
➖	python3.13-minimal	`3.13.5-2`
➖	readline-common	`8.2-6`
➖	rpcsvc-proto	`1.4.3-1`
➖	sed	`4.9-2`
➖	sqv	`1.3.0-3+b2`
➖	sysvinit-utils	`3.14-4`
➖	tar	`1.35+dfsg-3.1`

		Removed vulnerabilities (2):
➖	tzdata	`2025b-4+deb13u1`
➖	util-linux	`2.41-5`

		Removed vulnerabilities (1):
➖	xz-utils	`5.8.1-1`
➖	zlib1g	`1:1.3.dfsg+really1.3.1-1+b1`

Changes for packages of type dhi (2 changes)

	Package	Version `backstage:latest`	Version `backstage:latest`
➕	nodejs		`24.13.1`
➕	yarn		`1.22.22`

Changes for packages of type docker (2 changes)

	Package	Version `backstage:latest`	Version `backstage:latest`
➕	node		`24.13.1-alpine3.23-sfw-dev`
➕	pkg-node		`24.13.1-alpine3.23`

Changes for packages of type npm (18 changes)

	Package	Version `backstage:latest`	Version `backstage:latest`
♾️	@isaacs/brace-expansion	`5.0.0`	`5.0.1`

		Removed vulnerabilities (1):
♾️	@npmcli/arborist	`9.1.10`	`9.3.0`
♾️	@npmcli/config	`10.5.0`	`10.7.0`
♾️	ci-info	`4.3.1`	`4.4.0`
♾️	cidr-regex	`5.0.1`	`5.0.2`
♾️	is-cidr	`6.0.1`	`6.0.3`
♾️	isexe	`3.1.1`	`4.0.0`
♾️	libnpmdiff	`8.0.13`	`8.1.1`
♾️	libnpmexec	`10.1.12`	`10.2.1`
♾️	libnpmfund	`7.0.13`	`7.0.15`
♾️	libnpmpack	`9.0.13`	`9.1.1`
♾️	minipass-fetch	`5.0.0`	`5.0.1`
♾️	minipass-sized	`1.0.3`	`2.0.0`
♾️	npm	`11.8.0`	`11.10.0`
♾️	pacote	`21.0.4`	`21.3.1`
♾️	semver	`7.7.3`	`7.7.4`
♾️	ssri	`13.0.0`	`13.0.1`
♾️	which	`6.0.0`	`6.0.1`

Change base image and update package installation method

d8f9db2

Updated base image to dhi.io/node:24-alpine3.23-sfw-dev and changed package manager commands from apt to apk.

mathieu-benoit changed the title ~~Change base image and update package installation method~~ Change base image to dhi.io/node:24-alpine3.23-sfw-dev Feb 16, 2026

mathieu-benoit changed the title ~~Change base image to dhi.io/node:24-alpine3.23-sfw-dev~~ Change base image to dhi.io/node:24-alpine3.23-sfw-dev Feb 16, 2026

mathieu-benoit marked this pull request as draft February 16, 2026 20:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

Change base image to `dhi.io/node:24-alpine3.23-sfw-dev`#302

Change base image to `dhi.io/node:24-alpine3.23-sfw-dev`#302
mathieu-benoit wants to merge 1 commit intodemo-originalfrom
demo-dhi-alpine-dev

mathieu-benoit commented Feb 16, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Feb 16, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Comments

Conversation

mathieu-benoit commented Feb 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Feb 16, 2026

Overview

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

mathieu-benoit commented Feb 16, 2026 •

edited

Loading