Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skip patch validation on branch push as well #38

Merged
merged 1 commit into from
Jan 24, 2025
Merged

Skip patch validation on branch push as well #38

merged 1 commit into from
Jan 24, 2025

Conversation

mikesir87
Copy link
Member

Part two of #35

@mikesir87 mikesir87 merged commit 8fd0d54 into main Jan 24, 2025
8 checks passed
@mikesir87 mikesir87 deleted the skip-patch-validation-on-push branch January 24, 2025 17:41
@github-actions GitHub Actions
Copy link

Your image dockerdevrel/catalog-service-node:pr-38 critical: 0 high: 0 medium: 0 low: 23
Current base image node:22-bookworm-slim critical: 0 high: 0 medium: 0 low: 23
Policy Status
policy status (4/7 policies met, 2 missing data)
Status Policy Results
Default non-root user
No AGPL v3 licenses 0 packages
No fixable critical or high vulnerabilities critical: 0 high: 0 medium: 0 low: 0
No high-profile vulnerabilities critical: 0 high: 0 medium: 0 low: 0
No outdated base images No data
Learn more ↗
No unapproved base images No data
⚠️ Missing supply chain attestation(s) 2 deviations

@github-actions GitHub Actions
Copy link

Overview

Image reference dockerdevrel/catalog-service-node:latest dockerdevrel/catalog-service-node:pr-38
- digest b630c97cef9b abceb6db5615
- tag latest pr-38
- environment production
- provenance 781663d 32c0fc7
- vulnerabilities critical: 0 high: 0 medium: 1 low: 23 critical: 0 high: 0 medium: 0 low: 23
- platform linux/amd64 linux/amd64
- size 84 MB 82 MB (-2.2 MB)
- packages 330 528 (+198)
Base Image node:22-bookworm-slim
also known as:
22-slim
22.13-bookworm-slim
22.13-slim
jod-bookworm-slim
jod-slim
lts-bookworm-slim
lts-slim		 node:22-bookworm-slim
also known as:
22-slim
22.13-bookworm-slim
22.13-slim
22.13.1-bookworm-slim
22.13.1-slim
jod-bookworm-slim
jod-slim
lts-bookworm-slim
lts-slim
- vulnerabilities critical: 0 high: 0 medium: 0 low: 23 critical: 0 high: 0 medium: 0 low: 23
Environment Variables (1 changes)
  • ± 1 changed
  • 3 unchanged
 NODE_ENV=production
-NODE_VERSION=22.13.0
+NODE_VERSION=22.13.1
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 YARN_VERSION=1.22.22
Labels (3 changes)
  • ± 3 changed
  • 5 unchanged
-org.opencontainers.image.created=2025-01-15T22:47:28.805Z
+org.opencontainers.image.created=2025-01-24T17:42:41.974Z
 org.opencontainers.image.description=
 org.opencontainers.image.licenses=CC0-1.0
-org.opencontainers.image.revision=781663d8eeebad7825a85796e942c08bc774cbd0
+org.opencontainers.image.revision=32c0fc76d4c1c74978b4e10bda0aeb3208d537b3
 org.opencontainers.image.source=https://github.com/dockersamples/catalog-service-node
 org.opencontainers.image.title=catalog-service-node
 org.opencontainers.image.url=https://github.com/dockersamples/catalog-service-node
-org.opencontainers.image.version=v0.2.0
+org.opencontainers.image.version=pr-38
Policies (0 improved, 1 worsened, 2 missing data)
Policy Name dockerdevrel/catalog-service-node:latest dockerdevrel/catalog-service-node:pr-38 Change Standing
Default non-root user No Change
No AGPL v3 licenses No Change
No fixable critical or high vulnerabilities No Change
No high-profile vulnerabilities No Change
No outdated base images ⚠️ ❓ No data
No unapproved base images ❓ No data
Supply chain attestations ⚠️ 2 +2 Worsened
Packages and Vulnerabilities (280 package changes and 1 vulnerability changes)
  • ➕ 180 packages added
  • ➖ 5 packages removed
  • ♾️ 95 packages changed
  • 223 packages unchanged
  • ✔️ 1 vulnerabilities removed
Changes for packages of type github (1 changes)
Package Version
dockerdevrel/catalog-service-node:latest		 Version
dockerdevrel/catalog-service-node:pr-38
♾️ node 22.13.0 22.13.1
Changes for packages of type npm (279 changes)
Package Version
dockerdevrel/catalog-service-node:latest		 Version
dockerdevrel/catalog-service-node:pr-38
♾️ @aws-sdk/client-s3 3.670.0 3.729.0
♾️ @aws-sdk/client-sso 3.670.0 3.726.0
♾️ @aws-sdk/client-sso-oidc 3.670.0 3.726.0
♾️ @aws-sdk/client-sts 3.670.0 3.726.1
♾️ @aws-sdk/core 3.667.0 3.723.0
♾️ @aws-sdk/credential-provider-env 3.667.0 3.723.0
♾️ @aws-sdk/credential-provider-http 3.667.0 3.723.0
♾️ @aws-sdk/credential-provider-ini 3.670.0 3.726.0
♾️ @aws-sdk/credential-provider-node 3.670.0 3.726.0
♾️ @aws-sdk/credential-provider-process 3.667.0 3.723.0
♾️ @aws-sdk/credential-provider-sso 3.670.0 3.726.0
♾️ @aws-sdk/credential-provider-web-identity 3.667.0 3.723.0
♾️ @aws-sdk/middleware-bucket-endpoint 3.667.0 3.726.0
♾️ @aws-sdk/middleware-expect-continue 3.667.0 3.723.0
♾️ @aws-sdk/middleware-flexible-checksums 3.669.0 3.729.0
♾️ @aws-sdk/middleware-host-header 3.667.0 3.723.0
♾️ @aws-sdk/middleware-location-constraint 3.667.0 3.723.0
♾️ @aws-sdk/middleware-logger 3.667.0 3.723.0
♾️ @aws-sdk/middleware-recursion-detection 3.667.0 3.723.0
♾️ @aws-sdk/middleware-sdk-s3 3.669.0 3.723.0
♾️ @aws-sdk/middleware-ssec 3.667.0 3.723.0
♾️ @aws-sdk/middleware-user-agent 3.669.0 3.726.0
♾️ @aws-sdk/region-config-resolver 3.667.0 3.723.0
♾️ @aws-sdk/signature-v4-multi-region 3.669.0 3.723.0
♾️ @aws-sdk/token-providers 3.667.0 3.723.0
♾️ @aws-sdk/types 3.667.0 3.723.0
♾️ @aws-sdk/util-arn-parser 3.568.0 3.723.0
♾️ @aws-sdk/util-endpoints 3.667.0 3.726.0
♾️ @aws-sdk/util-locate-window 3.568.0 3.723.0
♾️ @aws-sdk/util-user-agent-browser 3.670.0 3.723.0
♾️ @aws-sdk/util-user-agent-node 3.669.0 3.726.0
♾️ @aws-sdk/xml-builder 3.662.0 3.723.0
@isaacs/cliui 8.0.2
@isaacs/fs-minipass 4.0.1
@isaacs/string-locale-compare 1.1.0
@npmcli/agent 3.0.0
@npmcli/arborist 8.0.0
@npmcli/config 9.0.0
@npmcli/fs 4.0.0
@npmcli/git 6.0.1
@npmcli/installed-package-contents 3.0.0
@npmcli/map-workspaces 4.0.2
@npmcli/metavuln-calculator 8.0.1
@npmcli/name-from-folder 3.0.0
@npmcli/node-gyp 4.0.0
@npmcli/package-json 6.1.0
@npmcli/promise-spawn 8.0.2
@npmcli/query 4.0.0
@npmcli/redact 3.0.0
@npmcli/run-script 9.0.2
@pkgjs/parseargs 0.11.0
@sigstore/bundle 3.0.0
@sigstore/core 2.0.0
@sigstore/protobuf-specs 0.3.2
@sigstore/sign 3.0.0
@sigstore/tuf 3.0.0
@sigstore/verify 2.0.0
♾️ @smithy/abort-controller 3.1.5 4.0.1
♾️ @smithy/chunked-blob-reader 3.0.0 5.0.0
♾️ @smithy/chunked-blob-reader-native 3.0.0 4.0.0
♾️ @smithy/config-resolver 3.0.9 4.0.1
♾️ @smithy/core 2.4.8 3.1.1
♾️ @smithy/credential-provider-imds 3.2.4 4.0.1
♾️ @smithy/eventstream-codec 3.1.6 4.0.1
♾️ @smithy/eventstream-serde-browser 3.0.10 4.0.1
♾️ @smithy/eventstream-serde-config-resolver 3.0.7 4.0.1
♾️ @smithy/eventstream-serde-node 3.0.9 4.0.1
♾️ @smithy/eventstream-serde-universal 3.0.9 4.0.1
♾️ @smithy/fetch-http-handler 3.2.9 5.0.1
♾️ @smithy/hash-blob-browser 3.1.6 4.0.1
♾️ @smithy/hash-node 3.0.7 4.0.1
♾️ @smithy/hash-stream-node 3.1.6 4.0.1
♾️ @smithy/invalid-dependency 3.0.7 4.0.1
♾️ @smithy/is-array-buffer 3.0.0 4.0.0
♾️ @smithy/md5-js 3.0.7 4.0.1
♾️ @smithy/middleware-content-length 3.0.9 4.0.1
♾️ @smithy/middleware-endpoint 3.1.4 4.0.2
♾️ @smithy/middleware-retry 3.0.23 4.0.3
♾️ @smithy/middleware-serde 3.0.7 4.0.1
♾️ @smithy/middleware-stack 3.0.7 4.0.1
♾️ @smithy/node-config-provider 3.1.8 4.0.1
♾️ @smithy/node-http-handler 3.2.4 4.0.2
♾️ @smithy/property-provider 3.1.7 4.0.1
♾️ @smithy/protocol-http 4.1.4 5.0.1
♾️ @smithy/querystring-builder 3.0.7 4.0.1
♾️ @smithy/querystring-parser 3.0.7 4.0.1
♾️ @smithy/service-error-classification 3.0.7 4.0.1
♾️ @smithy/shared-ini-file-loader 3.1.8 4.0.1
♾️ @smithy/signature-v4 4.2.0 5.0.1
♾️ @smithy/smithy-client 3.4.0 4.1.2
♾️ @smithy/types 3.5.0 4.1.0
♾️ @smithy/url-parser 3.0.7 4.0.1
♾️ @smithy/util-base64 3.0.0 4.0.0
♾️ @smithy/util-body-length-browser 3.0.0 4.0.0
♾️ @smithy/util-body-length-node 3.0.0 4.0.0
♾️ @smithy/util-buffer-from 3.0.0 4.0.0
♾️ @smithy/util-config-provider 3.0.0 4.0.0
♾️ @smithy/util-defaults-mode-browser 3.0.23 4.0.3
♾️ @smithy/util-defaults-mode-node 3.0.23 4.0.3
♾️ @smithy/util-endpoints 2.1.3 3.0.1
♾️ @smithy/util-hex-encoding 3.0.0 4.0.0
♾️ @smithy/util-middleware 3.0.7 4.0.1
♾️ @smithy/util-retry 3.0.7 4.0.1
♾️ @smithy/util-stream 3.1.9 4.0.2
♾️ @smithy/util-uri-escape 3.0.0 4.0.0
♾️ @smithy/util-utf8 3.0.0 4.0.0
♾️ @smithy/util-waiter 3.1.6 4.0.2
@tufjs/canonical-json 2.0.0
@tufjs/models 3.0.1
abbrev 3.0.0
agent-base 7.1.1
aggregate-error 3.1.0
ansi-regex 6.1.0
ansi-styles 6.2.1
aproba 2.0.0
archy 1.0.0
balanced-match 1.0.2
bin-links 5.0.0
binary-extensions 2.3.0
brace-expansion 2.0.1
cacache 19.0.1
call-bind 1.0.7
call-bind-apply-helpers 1.0.1
call-bound 1.0.3
chalk 5.3.0
chownr 3.0.0
ci-info 4.1.0
cidr-regex 4.1.1
clean-stack 2.2.0
cli-columns 4.0.0
cmd-shim 7.0.0
color-convert 2.0.1
color-name 1.1.4
common-ancestor-path 1.0.1
cross-spawn 7.0.6
cssesc 3.0.0
♾️ debug 2.6.9 4.3.7
define-data-property 1.1.4
diff 5.2.0
♾️ dotenv 16.4.5 16.4.7
dunder-proto 1.0.1
eastasianwidth 0.2.0
emoji-regex 9.2.2
encoding 0.1.13
env-paths 2.2.1
err-code 2.0.3
♾️ es-define-property 1.0.0 1.0.1
es-object-atoms 1.1.1
exponential-backoff 3.1.1
♾️ express 4.21.1 4.21.2
fastest-levenshtein 1.0.16
foreground-child 3.3.0
fs-minipass 3.0.3
♾️ get-intrinsic 1.2.4 1.2.7
get-proto 1.0.1
glob 10.4.5
graceful-fs 4.2.11
has-property-descriptors 1.0.2
has-proto 1.1.0
hosted-git-info 8.0.2
http-cache-semantics 4.1.1
http-proxy-agent 7.0.2
https-proxy-agent 7.0.5
♾️ iconv-lite 0.4.24 0.6.3
ignore-walk 7.0.0
imurmurhash 0.1.4
indent-string 4.0.0
ini 5.0.0
init-package-json 7.0.2
ip-address 9.0.5
ip-regex 5.0.0
is-cidr 5.1.0
is-fullwidth-code-point 3.0.0
isexe 3.1.1
jackspeak 3.4.3
jsbn 1.1.0
json-parse-even-better-errors 4.0.0
json-stringify-nice 1.1.4
jsonparse 1.3.1
just-diff 6.0.2
just-diff-apply 5.5.0
libnpmaccess 9.0.0
libnpmdiff 7.0.0
libnpmexec 9.0.0
libnpmfund 6.0.0
libnpmhook 11.0.0
libnpmorg 7.0.0
libnpmpack 8.0.0
libnpmpublish 10.0.1
libnpmsearch 8.0.0
libnpmteam 7.0.0
libnpmversion 7.0.0
lru-cache 10.4.3
make-fetch-happen 14.0.3
math-intrinsics 1.1.0
minimatch 9.0.5
minipass 7.1.2
minipass-collect 2.0.1
minipass-fetch 4.0.0
minipass-flush 1.0.5
minipass-pipeline 1.2.4
minipass-sized 1.0.3
minizlib 3.0.1
♾️ mkdirp 0.5.6 3.0.1
mute-stream 2.0.0
♾️ negotiator 0.6.3 1.0.0
node-gyp 11.0.0
nopt 8.0.0
normalize-package-data 7.0.0
npm 10.9.2
npm-audit-report 6.0.0
npm-bundled 4.0.0
npm-install-checks 7.1.1
npm-normalize-package-bin 4.0.0
npm-package-arg 12.0.0
npm-packlist 9.0.0
npm-pick-manifest 10.0.0
npm-profile 11.0.1
npm-registry-fetch 18.0.2
npm-user-validate 3.0.0
p-map 7.0.2
package-json-from-dist 1.0.1
pacote 20.0.0
parse-conflict-json 4.0.0
path-key 3.1.1
path-scurry 1.11.1
♾️ path-to-regexp 0.1.10 0.1.12
critical: 0 high: 0 medium: 1 low: 0
Removed vulnerabilities (1):
  • medium : CVE--2024--52798
♾️ pg 8.13.0 8.13.1
postcss-selector-parser 6.1.2
proc-log 5.0.0
proggy 3.0.0
promise-all-reject-late 1.0.1
promise-call-limit 3.0.2
promise-inflight 1.0.1
promise-retry 2.0.1
promzard 2.0.0
qrcode-terminal 0.12.0
read 4.0.0
read-cmd-shim 5.0.0
read-package-json-fast 4.0.0
retry 0.12.0
rimraf 5.0.10
semver 7.6.3
set-function-length 1.2.2
shebang-command 2.0.0
shebang-regex 3.0.0
♾️ side-channel 1.0.6 1.1.0
side-channel-list 1.0.0
side-channel-map 1.0.1
side-channel-weakmap 1.0.2
signal-exit 4.1.0
sigstore 3.0.0
smart-buffer 4.2.0
socks 2.8.3
socks-proxy-agent 8.0.4
spdx-correct 3.2.0
spdx-exceptions 2.5.0
spdx-expression-parse 4.0.0
spdx-license-ids 3.0.20
sprintf-js 1.1.3
ssri 12.0.0
string-width 5.1.2
strip-ansi 7.1.0
supports-color 9.4.0
tar 7.4.3
text-table 0.2.0
tiny-relative-date 1.3.0
treeverse 3.0.0
♾️ tslib 2.7.0 2.8.1
tuf-js 3.0.1
unique-filename 4.0.0
unique-slug 5.0.0
validate-npm-package-license 3.0.4
validate-npm-package-name 6.0.0
walk-up-path 3.0.1
which 5.0.0
wrap-ansi 8.1.0
write-file-atomic 6.0.0
yallist 5.0.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mikesir87