Do not merge - test

[mikesir87]

Do not merge. This is validating the patch workflow isn't run on this PR due to it being a branch that starts with demo-*.

[mikesir87]

Duh... this doesn't work right now because the action is using the definition of the target branch, not the source 🤦

[github-actions]

Your image	dockerdevrel/catalog-service-node:pr-36
Current base image	node:22-bookworm-slim

Policy Status

(4/7 policies met, 2 missing data)

Status	Policy	Results
✅	Default non-root user
✅	No AGPL v3 licenses	0 packages
✅	No fixable critical or high vulnerabilities
✅	No high-profile vulnerabilities
❓	No outdated base images	No data Learn more ↗
❓	No unapproved base images	No data
⚠️	Missing supply chain attestation(s)	2 deviations

[github-actions]

Overview

Image reference	dockerdevrel/catalog-service-node:latest	dockerdevrel/catalog-service-node:pr-36
- digest	b630c97cef9b	1e801e724d09
- tag	latest	pr-36
- environment	production
- provenance	781663d	7896a4c
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	84 MB	82 MB (-2.2 MB)
- packages	330	528 (+198)
Base Image	node:22-bookworm-slim also known as: • 22-slim • 22.13-bookworm-slim • 22.13-slim • jod-bookworm-slim • jod-slim • lts-bookworm-slim • lts-slim	node:22-bookworm-slim also known as: • 22-slim • 22.13-bookworm-slim • 22.13-slim • 22.13.1-bookworm-slim • 22.13.1-slim • jod-bookworm-slim • jod-slim • lts-bookworm-slim • lts-slim
- vulnerabilities

Environment Variables (1 changes)

• ± 1 changed
• 3 unchanged

 NODE_ENV=production
-NODE_VERSION=22.13.0
+NODE_VERSION=22.13.1
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 YARN_VERSION=1.22.22

Labels (3 changes)

• ± 3 changed
• 5 unchanged

-org.opencontainers.image.created=2025-01-15T22:47:28.805Z
+org.opencontainers.image.created=2025-01-24T17:34:42.239Z
 org.opencontainers.image.description=
 org.opencontainers.image.licenses=CC0-1.0
-org.opencontainers.image.revision=781663d8eeebad7825a85796e942c08bc774cbd0
+org.opencontainers.image.revision=7896a4cdc36f6ec3415c4ff318d78ccc34de7348
 org.opencontainers.image.source=https://github.com/dockersamples/catalog-service-node
 org.opencontainers.image.title=catalog-service-node
 org.opencontainers.image.url=https://github.com/dockersamples/catalog-service-node
-org.opencontainers.image.version=v0.2.0
+org.opencontainers.image.version=pr-36

Policies (0 improved, 1 worsened, 2 missing data)

Policy Name	dockerdevrel/catalog-service-node:latest	dockerdevrel/catalog-service-node:pr-36	Change	Standing
Default non-root user	✅	✅		No Change
No AGPL v3 licenses	✅	✅		No Change
No fixable critical or high vulnerabilities	✅	✅		No Change
No high-profile vulnerabilities	✅	✅		No Change
No outdated base images	⚠️	❓ No data
No unapproved base images	✅	❓ No data
Supply chain attestations	✅	⚠️ 2	+2	Worsened

Packages and Vulnerabilities (280 package changes and 1 vulnerability changes)

• ➕ 180 packages added
• ➖ 5 packages removed
• ♾️ 95 packages changed
• 223 packages unchanged

• ✔️ 1 vulnerabilities removed

Changes for packages of type github (1 changes)

	Package	Version dockerdevrel/catalog-service-node:latest	Version dockerdevrel/catalog-service-node:pr-36
♾️	node	22.13.0	22.13.1

Changes for packages of type npm (279 changes)

	Package	Version dockerdevrel/catalog-service-node:latest	Version dockerdevrel/catalog-service-node:pr-36
♾️	@aws-sdk/client-s3	3.670.0	3.729.0
♾️	@aws-sdk/client-sso	3.670.0	3.726.0
♾️	@aws-sdk/client-sso-oidc	3.670.0	3.726.0
♾️	@aws-sdk/client-sts	3.670.0	3.726.1
♾️	@aws-sdk/core	3.667.0	3.723.0
♾️	@aws-sdk/credential-provider-env	3.667.0	3.723.0
♾️	@aws-sdk/credential-provider-http	3.667.0	3.723.0
♾️	@aws-sdk/credential-provider-ini	3.670.0	3.726.0
♾️	@aws-sdk/credential-provider-node	3.670.0	3.726.0
♾️	@aws-sdk/credential-provider-process	3.667.0	3.723.0
♾️	@aws-sdk/credential-provider-sso	3.670.0	3.726.0
♾️	@aws-sdk/credential-provider-web-identity	3.667.0	3.723.0
♾️	@aws-sdk/middleware-bucket-endpoint	3.667.0	3.726.0
♾️	@aws-sdk/middleware-expect-continue	3.667.0	3.723.0
♾️	@aws-sdk/middleware-flexible-checksums	3.669.0	3.729.0
♾️	@aws-sdk/middleware-host-header	3.667.0	3.723.0
♾️	@aws-sdk/middleware-location-constraint	3.667.0	3.723.0
♾️	@aws-sdk/middleware-logger	3.667.0	3.723.0
♾️	@aws-sdk/middleware-recursion-detection	3.667.0	3.723.0
♾️	@aws-sdk/middleware-sdk-s3	3.669.0	3.723.0
♾️	@aws-sdk/middleware-ssec	3.667.0	3.723.0
♾️	@aws-sdk/middleware-user-agent	3.669.0	3.726.0
♾️	@aws-sdk/region-config-resolver	3.667.0	3.723.0
♾️	@aws-sdk/signature-v4-multi-region	3.669.0	3.723.0
♾️	@aws-sdk/token-providers	3.667.0	3.723.0
♾️	@aws-sdk/types	3.667.0	3.723.0
♾️	@aws-sdk/util-arn-parser	3.568.0	3.723.0
♾️	@aws-sdk/util-endpoints	3.667.0	3.726.0
♾️	@aws-sdk/util-locate-window	3.568.0	3.723.0
♾️	@aws-sdk/util-user-agent-browser	3.670.0	3.723.0
♾️	@aws-sdk/util-user-agent-node	3.669.0	3.726.0
♾️	@aws-sdk/xml-builder	3.662.0	3.723.0
➕	@isaacs/cliui		8.0.2
➕	@isaacs/fs-minipass		4.0.1
➕	@isaacs/string-locale-compare		1.1.0
➕	@npmcli/agent		3.0.0
➕	@npmcli/arborist		8.0.0
➕	@npmcli/config		9.0.0
➕	@npmcli/fs		4.0.0
➕	@npmcli/git		6.0.1
➕	@npmcli/installed-package-contents		3.0.0
➕	@npmcli/map-workspaces		4.0.2
➕	@npmcli/metavuln-calculator		8.0.1
➕	@npmcli/name-from-folder		3.0.0
➕	@npmcli/node-gyp		4.0.0
➕	@npmcli/package-json		6.1.0
➕	@npmcli/promise-spawn		8.0.2
➕	@npmcli/query		4.0.0
➕	@npmcli/redact		3.0.0
➕	@npmcli/run-script		9.0.2
➕	@pkgjs/parseargs		0.11.0
➕	@sigstore/bundle		3.0.0
➕	@sigstore/core		2.0.0
➕	@sigstore/protobuf-specs		0.3.2
➕	@sigstore/sign		3.0.0
➕	@sigstore/tuf		3.0.0
➕	@sigstore/verify		2.0.0
♾️	@smithy/abort-controller	3.1.5	4.0.1
♾️	@smithy/chunked-blob-reader	3.0.0	5.0.0
♾️	@smithy/chunked-blob-reader-native	3.0.0	4.0.0
♾️	@smithy/config-resolver	3.0.9	4.0.1
♾️	@smithy/core	2.4.8	3.1.1
♾️	@smithy/credential-provider-imds	3.2.4	4.0.1
♾️	@smithy/eventstream-codec	3.1.6	4.0.1
♾️	@smithy/eventstream-serde-browser	3.0.10	4.0.1
♾️	@smithy/eventstream-serde-config-resolver	3.0.7	4.0.1
♾️	@smithy/eventstream-serde-node	3.0.9	4.0.1
♾️	@smithy/eventstream-serde-universal	3.0.9	4.0.1
♾️	@smithy/fetch-http-handler	3.2.9	5.0.1
♾️	@smithy/hash-blob-browser	3.1.6	4.0.1
♾️	@smithy/hash-node	3.0.7	4.0.1
♾️	@smithy/hash-stream-node	3.1.6	4.0.1
♾️	@smithy/invalid-dependency	3.0.7	4.0.1
♾️	@smithy/is-array-buffer	3.0.0	4.0.0
♾️	@smithy/md5-js	3.0.7	4.0.1
♾️	@smithy/middleware-content-length	3.0.9	4.0.1
♾️	@smithy/middleware-endpoint	3.1.4	4.0.2
♾️	@smithy/middleware-retry	3.0.23	4.0.3
♾️	@smithy/middleware-serde	3.0.7	4.0.1
♾️	@smithy/middleware-stack	3.0.7	4.0.1
♾️	@smithy/node-config-provider	3.1.8	4.0.1
♾️	@smithy/node-http-handler	3.2.4	4.0.2
♾️	@smithy/property-provider	3.1.7	4.0.1
♾️	@smithy/protocol-http	4.1.4	5.0.1
♾️	@smithy/querystring-builder	3.0.7	4.0.1
♾️	@smithy/querystring-parser	3.0.7	4.0.1
♾️	@smithy/service-error-classification	3.0.7	4.0.1
♾️	@smithy/shared-ini-file-loader	3.1.8	4.0.1
♾️	@smithy/signature-v4	4.2.0	5.0.1
♾️	@smithy/smithy-client	3.4.0	4.1.2
♾️	@smithy/types	3.5.0	4.1.0
♾️	@smithy/url-parser	3.0.7	4.0.1
♾️	@smithy/util-base64	3.0.0	4.0.0
♾️	@smithy/util-body-length-browser	3.0.0	4.0.0
♾️	@smithy/util-body-length-node	3.0.0	4.0.0
♾️	@smithy/util-buffer-from	3.0.0	4.0.0
♾️	@smithy/util-config-provider	3.0.0	4.0.0
♾️	@smithy/util-defaults-mode-browser	3.0.23	4.0.3
♾️	@smithy/util-defaults-mode-node	3.0.23	4.0.3
♾️	@smithy/util-endpoints	2.1.3	3.0.1
♾️	@smithy/util-hex-encoding	3.0.0	4.0.0
♾️	@smithy/util-middleware	3.0.7	4.0.1
♾️	@smithy/util-retry	3.0.7	4.0.1
♾️	@smithy/util-stream	3.1.9	4.0.2
♾️	@smithy/util-uri-escape	3.0.0	4.0.0
♾️	@smithy/util-utf8	3.0.0	4.0.0
♾️	@smithy/util-waiter	3.1.6	4.0.2
➕	@tufjs/canonical-json		2.0.0
➕	@tufjs/models		3.0.1
➕	abbrev		3.0.0
➕	agent-base		7.1.1
➕	aggregate-error		3.1.0
➕	ansi-regex		6.1.0
➕	ansi-styles		6.2.1
➕	aproba		2.0.0
➕	archy		1.0.0
➕	balanced-match		1.0.2
➕	bin-links		5.0.0
➕	binary-extensions		2.3.0
➕	brace-expansion		2.0.1
➕	cacache		19.0.1
➖	call-bind	1.0.7
➕	call-bind-apply-helpers		1.0.1
➕	call-bound		1.0.3
➕	chalk		5.3.0
➕	chownr		3.0.0
➕	ci-info		4.1.0
➕	cidr-regex		4.1.1
➕	clean-stack		2.2.0
➕	cli-columns		4.0.0
➕	cmd-shim		7.0.0
➕	color-convert		2.0.1
➕	color-name		1.1.4
➕	common-ancestor-path		1.0.1
➕	cross-spawn		7.0.6
➕	cssesc		3.0.0
♾️	debug	2.6.9	4.3.7
➖	define-data-property	1.1.4
➕	diff		5.2.0
♾️	dotenv	16.4.5	16.4.7
➕	dunder-proto		1.0.1
➕	eastasianwidth		0.2.0
➕	emoji-regex		9.2.2
➕	encoding		0.1.13
➕	env-paths		2.2.1
➕	err-code		2.0.3
♾️	es-define-property	1.0.0	1.0.1
➕	es-object-atoms		1.1.1
➕	exponential-backoff		3.1.1
♾️	express	4.21.1	4.21.2
➕	fastest-levenshtein		1.0.16
➕	foreground-child		3.3.0
➕	fs-minipass		3.0.3
♾️	get-intrinsic	1.2.4	1.2.7
➕	get-proto		1.0.1
➕	glob		10.4.5
➕	graceful-fs		4.2.11
➖	has-property-descriptors	1.0.2
➖	has-proto	1.1.0
➕	hosted-git-info		8.0.2
➕	http-cache-semantics		4.1.1
➕	http-proxy-agent		7.0.2
➕	https-proxy-agent		7.0.5
♾️	iconv-lite	0.4.24	0.6.3
➕	ignore-walk		7.0.0
➕	imurmurhash		0.1.4
➕	indent-string		4.0.0
➕	ini		5.0.0
➕	init-package-json		7.0.2
➕	ip-address		9.0.5
➕	ip-regex		5.0.0
➕	is-cidr		5.1.0
➕	is-fullwidth-code-point		3.0.0
➕	isexe		3.1.1
➕	jackspeak		3.4.3
➕	jsbn		1.1.0
➕	json-parse-even-better-errors		4.0.0
➕	json-stringify-nice		1.1.4
➕	jsonparse		1.3.1
➕	just-diff		6.0.2
➕	just-diff-apply		5.5.0
➕	libnpmaccess		9.0.0
➕	libnpmdiff		7.0.0
➕	libnpmexec		9.0.0
➕	libnpmfund		6.0.0
➕	libnpmhook		11.0.0
➕	libnpmorg		7.0.0
➕	libnpmpack		8.0.0
➕	libnpmpublish		10.0.1
➕	libnpmsearch		8.0.0
➕	libnpmteam		7.0.0
➕	libnpmversion		7.0.0
➕	lru-cache		10.4.3
➕	make-fetch-happen		14.0.3
➕	math-intrinsics		1.1.0
➕	minimatch		9.0.5
➕	minipass		7.1.2
➕	minipass-collect		2.0.1
➕	minipass-fetch		4.0.0
➕	minipass-flush		1.0.5
➕	minipass-pipeline		1.2.4
➕	minipass-sized		1.0.3
➕	minizlib		3.0.1
♾️	mkdirp	0.5.6	3.0.1
➕	mute-stream		2.0.0
♾️	negotiator	0.6.3	1.0.0
➕	node-gyp		11.0.0
➕	nopt		8.0.0
➕	normalize-package-data		7.0.0
➕	npm		10.9.2
➕	npm-audit-report		6.0.0
➕	npm-bundled		4.0.0
➕	npm-install-checks		7.1.1
➕	npm-normalize-package-bin		4.0.0
➕	npm-package-arg		12.0.0
➕	npm-packlist		9.0.0
➕	npm-pick-manifest		10.0.0
➕	npm-profile		11.0.1
➕	npm-registry-fetch		18.0.2
➕	npm-user-validate		3.0.0
➕	p-map		7.0.2
➕	package-json-from-dist		1.0.1
➕	pacote		20.0.0
➕	parse-conflict-json		4.0.0
➕	path-key		3.1.1
➕	path-scurry		1.11.1
♾️	path-to-regexp	0.1.10	0.1.12
		Removed vulnerabilities (1):
♾️	pg	8.13.0	8.13.1
➕	postcss-selector-parser		6.1.2
➕	proc-log		5.0.0
➕	proggy		3.0.0
➕	promise-all-reject-late		1.0.1
➕	promise-call-limit		3.0.2
➕	promise-inflight		1.0.1
➕	promise-retry		2.0.1
➕	promzard		2.0.0
➕	qrcode-terminal		0.12.0
➕	read		4.0.0
➕	read-cmd-shim		5.0.0
➕	read-package-json-fast		4.0.0
➕	retry		0.12.0
➕	rimraf		5.0.10
➕	semver		7.6.3
➖	set-function-length	1.2.2
➕	shebang-command		2.0.0
➕	shebang-regex		3.0.0
♾️	side-channel	1.0.6	1.1.0
➕	side-channel-list		1.0.0
➕	side-channel-map		1.0.1
➕	side-channel-weakmap		1.0.2
➕	signal-exit		4.1.0
➕	sigstore		3.0.0
➕	smart-buffer		4.2.0
➕	socks		2.8.3
➕	socks-proxy-agent		8.0.4
➕	spdx-correct		3.2.0
➕	spdx-exceptions		2.5.0
➕	spdx-expression-parse		4.0.0
➕	spdx-license-ids		3.0.20
➕	sprintf-js		1.1.3
➕	ssri		12.0.0
➕	string-width		5.1.2
➕	strip-ansi		7.1.0
➕	supports-color		9.4.0
➕	tar		7.4.3
➕	text-table		0.2.0
➕	tiny-relative-date		1.3.0
➕	treeverse		3.0.0
♾️	tslib	2.7.0	2.8.1
➕	tuf-js		3.0.1
➕	unique-filename		4.0.0
➕	unique-slug		5.0.0
➕	validate-npm-package-license		3.0.4
➕	validate-npm-package-name		6.0.0
➕	walk-up-path		3.0.1
➕	which		5.0.0
➕	wrap-ansi		8.1.0
➕	write-file-atomic		6.0.0
➕	yallist		5.0.0