Do not merge - validate broken workflow #42

mikesir87 · 2025-01-24T18:02:21Z

Do not merge. This is validating the patch workflow still runs on non-demo branches. In this case, the workflow should be broken.

mikesir87 · 2025-01-24T18:03:00Z

Confirmed that the workflow ran and failed

github-actions · 2025-01-24T18:05:20Z


Your image	`dockerdevrel/catalog-service-node:pr-42`
Current base image	`node:18`
Updated base image	`node:23-slim`

Policy Status
(2/7 policies met, 2 missing data)

Status	Policy	Results
✅	Default non-root user
⚠️	AGPL v3 licenses found	4 packages
⚠️	Fixable critical or high vulnerabilities found
✅	No high-profile vulnerabilities
❓	No outdated base images	No data Learn more ↗
❓	No unapproved base images	No data
⚠️	Missing supply chain attestation(s)	2 deviations

github-actions · 2025-01-24T18:06:25Z

Overview

Image reference	`dockerdevrel/catalog-service-node:latest`	`dockerdevrel/catalog-service-node:pr-42`
- digest	`b630c97cef9b`	`4690cf13c231`
- tag	`latest`	`pr-42`
- environment	production
- provenance	`781663d`	`6b418c6`
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	84 MB	398 MB (+314 MB)
- packages	330	925 (+595)
Base Image	`node:22-bookworm-slim` also known as: • `22-slim` • `22.13-bookworm-slim` • `22.13-slim` • `jod-bookworm-slim` • `jod-slim` • `lts-bookworm-slim` • `lts-slim`	`node:18` also known as: • `18-bookworm` • `18.20` • `18.20-bookworm` • `18.20.6` • `18.20.6-bookworm` • `hydrogen` • `hydrogen-bookworm`
- vulnerabilities

Environment Variables (1 changes)

± 1 changed

3 unchanged

 NODE_ENV=production
-NODE_VERSION=22.13.0
+NODE_VERSION=18.20.6
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 YARN_VERSION=1.22.22

Labels (3 changes)

± 3 changed

5 unchanged

-org.opencontainers.image.created=2025-01-15T22:47:28.805Z
+org.opencontainers.image.created=2025-01-24T18:04:07.048Z
 org.opencontainers.image.description=
 org.opencontainers.image.licenses=CC0-1.0
-org.opencontainers.image.revision=781663d8eeebad7825a85796e942c08bc774cbd0
+org.opencontainers.image.revision=6b418c6c6f4d4dc1621ccc2a9e154b394b07dd7d
 org.opencontainers.image.source=https://github.com/dockersamples/catalog-service-node
 org.opencontainers.image.title=catalog-service-node
 org.opencontainers.image.url=https://github.com/dockersamples/catalog-service-node
-org.opencontainers.image.version=v0.2.0
+org.opencontainers.image.version=pr-42

Policies (0 improved, 3 worsened, 2 missing data)

Policy Name	`dockerdevrel/catalog-service-node:latest`	`dockerdevrel/catalog-service-node:pr-42`	Change	Standing
Default non-root user	✅	✅		No Change
No AGPL v3 licenses	✅	⚠️ 4	+4	Worsened
No fixable critical or high vulnerabilities	✅	⚠️ 5	+5	Worsened
No high-profile vulnerabilities	✅	✅		No Change
No outdated base images	⚠️	❓ No data
No unapproved base images	✅	❓ No data
Supply chain attestations	✅	⚠️ 2	+2	Worsened

Packages and Vulnerabilities (716 package changes and 103 vulnerability changes)

➕ 591 packages added

➖ 14 packages removed

♾️ 111 packages changed

198 packages unchanged

❗ 103 vulnerabilities added

Changes for packages of type deb (420 changes)

	Package	Version `dockerdevrel/catalog-service-node:pr-42`
➕	aom	`3.6.0-1+deb12u1`
➕	apr	`1.7.2-3+deb12u1`
➕	apr-util	`1.6.3-1`
➕	autoconf	`2.71-3`
➕	automake	`1:1.16.5-1.3`
➕	automake-1.16	`1:1.16.5-1.3`
➕	autotools-dev	`20220109.1`
➕	binutils	`2.40-2`

		Added vulnerabilities (8):
➕	binutils-common	`2.40-2`
➕	binutils-x86-64-linux-gnu	`2.40-2`
➕	brotli	`1.0.9-2`
➕	ca-certificates	`20230311`
➕	cairo	`1.16.0-7`
➕	comerr-dev	`2.1-1.47.0-2`
➕	cpp	`4:12.2.0-3`
➕	cpp-12	`12.2.0-14`
➕	curl	`7.88.1-10+deb12u8`

		Added vulnerabilities (1):
➕	cyrus-sasl2	`2.1.28+dfsg-10`
➕	dav1d	`1.0.0-2+deb12u1`
➕	db-defaults	`5.3.2`
➕	default-libmysqlclient-dev	`1.1.0`
➕	dirmngr	`2.2.40-1.1`
➕	djvulibre	`3.5.28-2`
➕	dpkg-dev	`1.21.22`
➕	elfutils	`0.188-2.1`

		Added vulnerabilities (1):
➕	expat	`2.5.0-1+deb12u1`

		Added vulnerabilities (2):
➕	fftw3	`3.3.10-1`
➕	file	`1:5.44-3`
➕	fontconfig	`2.14.1-4`
➕	fontconfig-config	`2.14.1-4`
➕	fonts-dejavu	`2.37-6`
➕	fonts-dejavu-core	`2.37-6`
➕	freetype	`2.12.1+dfsg-5+deb12u3`
➕	fribidi	`1.0.8-2.1`
➕	g++	`4:12.2.0-3`
➕	g++-12	`12.2.0-14`
➕	gcc	`4:12.2.0-3`
➕	gcc-defaults	`1.203`
➕	gdbm	`1.23-3`
➕	gdk-pixbuf	`2.42.10+dfsg-1+deb12u1`
➕	gir1.2-freedesktop	`1.74.0-3`
➕	gir1.2-gdkpixbuf-2.0	`2.42.10+dfsg-1+deb12u1`
➕	gir1.2-glib-2.0	`1.74.0-3`
➕	gir1.2-rsvg-2.0	`2.54.7+dfsg-1~deb12u1`
➕	git	`1:2.39.5-0+deb12u1`

		Added vulnerabilities (5):
➕	git-man	`1:2.39.5-0+deb12u1`
➕	glib2.0	`2.74.6-2+deb12u5`

		Added vulnerabilities (1):
➕	gnupg	`2.2.40-1.1`
➕	gnupg-l10n	`2.2.40-1.1`
➕	gnupg-utils	`2.2.40-1.1`
➕	gobject-introspection	`1.74.0-3`
➕	gpg	`2.2.40-1.1`
➕	gpg-agent	`2.2.40-1.1`
➕	gpg-wks-client	`2.2.40-1.1`
➕	gpg-wks-server	`2.2.40-1.1`
➕	gpgconf	`2.2.40-1.1`
➕	gpgsm	`2.2.40-1.1`
➕	graphite2	`1.3.14-1`
➕	harfbuzz	`6.0.0+dfsg-3`
➕	hicolor-icon-theme	`0.17-2`
➕	icu	`72.1-3`
➕	icu-devtools	`72.1-3`
➕	imagemagick	`8:6.9.11.60+dfsg-1.6+deb12u2`

		Added vulnerabilities (9):
➕	imagemagick-6-common	`8:6.9.11.60+dfsg-1.6+deb12u2`
➕	imagemagick-6.q16	`8:6.9.11.60+dfsg-1.6+deb12u2`
➕	imath	`3.1.6-1`
➕	isl	`0.25-1.1`
➕	jansson	`2.14-2`

		Added vulnerabilities (1):
➕	jbigkit	`2.1-6.1`

		Added vulnerabilities (1):
➕	keyutils	`1.6.3-2`
➕	krb5	`1.20.1-2+deb12u2`

		Added vulnerabilities (3):
➕	krb5-multidev	`1.20.1-2+deb12u2`
➕	lcms2	`2.14-2`
➕	lerc	`4.0.0+ds-2`
➕	libaom3	`3.6.0-1+deb12u1`
➕	libapr1	`1.7.2-3+deb12u1`
➕	libaprutil1	`1.6.3-1`
➕	libasan8	`12.2.0-14`
➕	libassuan	`2.5.5-5`
➕	libassuan0	`2.5.5-5`
➕	libatomic1	`12.2.0-14`
➕	libbinutils	`2.40-2`
➕	libblkid-dev	`2.38.1-5+deb12u3`
➕	libbrotli-dev	`1.0.9-2+b6`
➕	libbrotli1	`1.0.9-2+b6`
➕	libbsd	`0.11.7-2`
➕	libbsd0	`0.11.7-2`
➕	libbz2-dev	`1.0.8-5+b1`
➕	libc-dev-bin	`2.36-9+deb12u9`
➕	libc6-dev	`2.36-9+deb12u9`
➕	libcairo-gobject2	`1.16.0-7`
➕	libcairo-script-interpreter2	`1.16.0-7`
➕	libcairo2	`1.16.0-7`
➕	libcairo2-dev	`1.16.0-7`
➕	libcbor	`0.8.0-2`
➕	libcbor0.8	`0.8.0-2+b1`
➕	libcc1-0	`12.2.0-14`
➕	libcrypt-dev	`1:4.4.33-2`
➕	libctf-nobfd0	`2.40-2`
➕	libctf0	`2.40-2`
➕	libcurl3-gnutls	`7.88.1-10+deb12u8`
➕	libcurl4	`7.88.1-10+deb12u8`
➕	libcurl4-openssl-dev	`7.88.1-10+deb12u8`
➕	libdatrie	`0.2.13-2`
➕	libdatrie1	`0.2.13-2+b1`
➕	libdav1d6	`1.0.0-2+deb12u1`
➕	libdb-dev	`5.3.2`
➕	libdb5.3-dev	`5.3.28+dfsg2-1`
➕	libde265	`1.0.11-1+deb12u2`
➕	libde265-0	`1.0.11-1+deb12u2`
➕	libdeflate	`1.14-1`
➕	libdeflate-dev	`1.14-1`
➕	libdeflate0	`1.14-1`
➕	libdjvulibre-dev	`3.5.28-2+b1`
➕	libdjvulibre-text	`3.5.28-2`
➕	libdjvulibre21	`3.5.28-2+b1`
➕	libdpkg-perl	`1.21.22`
➕	libedit	`3.1-20221030-2`
➕	libedit2	`3.1-20221030-2`
➕	libelf1	`0.188-2.1`
➕	liberror-perl	`0.17029-2`
➕	libevent	`2.1.12-stable-8`
➕	libevent-2.1-7	`2.1.12-stable-8`
➕	libevent-core-2.1-7	`2.1.12-stable-8`
➕	libevent-dev	`2.1.12-stable-8`
➕	libevent-extra-2.1-7	`2.1.12-stable-8`
➕	libevent-openssl-2.1-7	`2.1.12-stable-8`
➕	libevent-pthreads-2.1-7	`2.1.12-stable-8`
➕	libexif	`0.6.24-1`
➕	libexif-dev	`0.6.24-1+b1`
➕	libexif12	`0.6.24-1+b1`
➕	libexpat1	`2.5.0-1+deb12u1`
➕	libexpat1-dev	`2.5.0-1+deb12u1`
➕	libffi-dev	`3.4.4-1`
➕	libfftw3-double3	`3.3.10-1`
➕	libfido2	`1.12.0-2`
➕	libfido2-1	`1.12.0-2+b1`
➕	libfontconfig-dev	`2.14.1-4`
➕	libfontconfig1	`2.14.1-4`
➕	libfreetype-dev	`2.12.1+dfsg-5+deb12u3`
➕	libfreetype6	`2.12.1+dfsg-5+deb12u3`
➕	libfreetype6-dev	`2.12.1+dfsg-5+deb12u3`
➕	libfribidi0	`1.0.8-2.1`
➕	libgcc-12-dev	`12.2.0-14`
➕	libgdbm-compat4	`1.23-3`
➕	libgdbm-dev	`1.23-3`
➕	libgdbm6	`1.23-3`
➕	libgdk-pixbuf-2.0-0	`2.42.10+dfsg-1+deb12u1`
➕	libgdk-pixbuf-2.0-dev	`2.42.10+dfsg-1+deb12u1`
➕	libgdk-pixbuf2.0-bin	`2.42.10+dfsg-1+deb12u1`
➕	libgdk-pixbuf2.0-common	`2.42.10+dfsg-1+deb12u1`
➕	libgirepository-1.0-1	`1.74.0-3`
➕	libglib2.0-0	`2.74.6-2+deb12u5`
➕	libglib2.0-bin	`2.74.6-2+deb12u5`
➕	libglib2.0-data	`2.74.6-2+deb12u5`
➕	libglib2.0-dev	`2.74.6-2+deb12u5`
➕	libglib2.0-dev-bin	`2.74.6-2+deb12u5`
➕	libgmp-dev	`2:6.2.1+dfsg1-1.1`
➕	libgmpxx4ldbl	`2:6.2.1+dfsg1-1.1`
➕	libgomp1	`12.2.0-14`
➕	libgprofng0	`2.40-2`
➕	libgraphite2-3	`1.3.14-1`
➕	libgssapi-krb5-2	`1.20.1-2+deb12u2`
➕	libgssrpc4	`1.20.1-2+deb12u2`
➕	libharfbuzz0b	`6.0.0+dfsg-3`
➕	libheif	`1.15.1-1+deb12u1`

		Added vulnerabilities (2):
➕	libheif1	`1.15.1-1+deb12u1`
➕	libice	`2:1.0.10-1`
➕	libice-dev	`2:1.0.10-1`
➕	libice6	`2:1.0.10-1`
➕	libicu-dev	`72.1-3`
➕	libicu72	`72.1-3`
➕	libimath-3-1-29	`3.1.6-1`
➕	libimath-dev	`3.1.6-1`
➕	libisl23	`0.25-1.1`
➕	libitm1	`12.2.0-14`
➕	libjansson4	`2.14-2`
➕	libjbig-dev	`2.1-6.1`
➕	libjbig0	`2.1-6.1`
➕	libjpeg-dev	`1:2.1.5-2`
➕	libjpeg-turbo	`1:2.1.5-2`
➕	libjpeg62-turbo	`1:2.1.5-2`
➕	libjpeg62-turbo-dev	`1:2.1.5-2`
➕	libk5crypto3	`1.20.1-2+deb12u2`
➕	libkadm5clnt-mit12	`1.20.1-2+deb12u2`
➕	libkadm5srv-mit12	`1.20.1-2+deb12u2`
➕	libkdb5-10	`1.20.1-2+deb12u2`
➕	libkeyutils1	`1.6.3-2`
➕	libkrb5-3	`1.20.1-2+deb12u2`
➕	libkrb5-dev	`1.20.1-2+deb12u2`
➕	libkrb5support0	`1.20.1-2+deb12u2`
➕	libksba	`1.6.3-2`
➕	libksba8	`1.6.3-2`
➕	liblcms2-2	`2.14-2`
➕	liblcms2-dev	`2.14-2`
➕	libldap-2.5-0	`2.5.13+dfsg-5`
➕	liblerc-dev	`4.0.0+ds-2`
➕	liblerc4	`4.0.0+ds-2`
➕	liblqr	`0.4.2-2.1`
➕	liblqr-1-0	`0.4.2-2.1`
➕	liblqr-1-0-dev	`0.4.2-2.1`
➕	liblsan0	`12.2.0-14`
➕	libltdl-dev	`2.4.7-7~deb12u1`
➕	libltdl7	`2.4.7-7~deb12u1`
➕	liblzma-dev	`5.4.1-0.2`
➕	liblzo2-2	`2.10-2`
➕	libmagic-mgc	`1:5.44-3`
➕	libmagic1	`1:5.44-3`
➕	libmagickcore-6-arch-config	`8:6.9.11.60+dfsg-1.6+deb12u2`
➕	libmagickcore-6-headers	`8:6.9.11.60+dfsg-1.6+deb12u2`
➕	libmagickcore-6.q16-6	`8:6.9.11.60+dfsg-1.6+deb12u2`
➕	libmagickcore-6.q16-6-extra	`8:6.9.11.60+dfsg-1.6+deb12u2`
➕	libmagickcore-6.q16-dev	`8:6.9.11.60+dfsg-1.6+deb12u2`
➕	libmagickcore-dev	`8:6.9.11.60+dfsg-1.6+deb12u2`
➕	libmagickwand-6-headers	`8:6.9.11.60+dfsg-1.6+deb12u2`
➕	libmagickwand-6.q16-6	`8:6.9.11.60+dfsg-1.6+deb12u2`
➕	libmagickwand-6.q16-dev	`8:6.9.11.60+dfsg-1.6+deb12u2`
➕	libmagickwand-dev	`8:6.9.11.60+dfsg-1.6+deb12u2`
➕	libmariadb-dev	`1:10.11.6-0+deb12u1`
➕	libmariadb-dev-compat	`1:10.11.6-0+deb12u1`
➕	libmariadb3	`1:10.11.6-0+deb12u1`
➕	libmaxminddb	`1.7.1-1`
➕	libmaxminddb-dev	`1.7.1-1`
➕	libmaxminddb0	`1.7.1-1`
➕	libmount-dev	`2.38.1-5+deb12u3`
➕	libmpc3	`1.3.1-1`
➕	libmpfr6	`4.2.0-1`
➕	libncurses-dev	`6.4-4`
➕	libncurses5-dev	`6.4-4`
➕	libncurses6	`6.4-4`
➕	libncursesw5-dev	`6.4-4`
➕	libncursesw6	`6.4-4`
➕	libnghttp2-14	`1.52.0-1+deb12u2`
➕	libnpth0	`1.6-3`
➕	libnsl	`1.3.0-2`
➕	libnsl-dev	`1.3.0-2`
➕	libnsl2	`1.3.0-2`
➕	libnuma1	`2.0.16-1`
➕	libopenexr-3-1-30	`3.1.5-5`
➕	libopenexr-dev	`3.1.5-5`
➕	libopenjp2-7	`2.5.0-2`
➕	libopenjp2-7-dev	`2.5.0-2`
➕	libpango-1.0-0	`1.50.12+ds-1`
➕	libpangocairo-1.0-0	`1.50.12+ds-1`
➕	libpangoft2-1.0-0	`1.50.12+ds-1`
➕	libpcre2-16-0	`10.42-1`
➕	libpcre2-32-0	`10.42-1`
➕	libpcre2-dev	`10.42-1`
➕	libpcre2-posix3	`10.42-1`
➕	libperl5.36	`5.36.0-7+deb12u1`
➕	libpixman-1-0	`0.42.2-1`
➕	libpixman-1-dev	`0.42.2-1`
➕	libpkgconf3	`1.8.1-1`
➕	libpng-dev	`1.6.39-2`
➕	libpng1.6	`1.6.39-2`

		Added vulnerabilities (1):
➕	libpng16-16	`1.6.39-2`
➕	libpq-dev	`15.10-0+deb12u1`
➕	libpq5	`15.10-0+deb12u1`
➕	libproc2-0	`2:4.0.2-3`
➕	libpsl	`0.21.2-1`
➕	libpsl5	`0.21.2-1`
➕	libpthread-stubs	`0.4-1`
➕	libpthread-stubs0-dev	`0.4-1`
➕	libpython3-stdlib	`3.11.2-1+b1`
➕	libpython3.11-minimal	`3.11.2-6+deb12u5`
➕	libpython3.11-stdlib	`3.11.2-6+deb12u5`
➕	libquadmath0	`12.2.0-14`
➕	libreadline-dev	`8.2-1.3`
➕	libreadline8	`8.2-1.3`
➕	librsvg	`2.54.7+dfsg-1~deb12u1`
➕	librsvg2-2	`2.54.7+dfsg-1~deb12u1`
➕	librsvg2-common	`2.54.7+dfsg-1~deb12u1`
➕	librsvg2-dev	`2.54.7+dfsg-1~deb12u1`
➕	librtmp1	`2.4+20151223.gitfa8646d.1-2+b2`
➕	libsasl2-2	`2.1.28+dfsg-10`
➕	libsasl2-modules-db	`2.1.28+dfsg-10`
➕	libselinux1-dev	`3.4-1+b6`
➕	libsepol-dev	`3.4-2.1`
➕	libserf-1-1	`1.3.9-11`
➕	libsm	`2:1.2.3-1`
➕	libsm-dev	`2:1.2.3-1`
➕	libsm6	`2:1.2.3-1`
➕	libsqlite3-0	`3.40.1-2+deb12u1`
➕	libsqlite3-dev	`3.40.1-2+deb12u1`
➕	libssh2	`1.10.0-3`
➕	libssh2-1	`1.10.0-3+b1`
➕	libssl-dev	`3.0.15-1~deb12u1`
➕	libssl3	`3.0.15-1~deb12u1`
➕	libstdc++-12-dev	`12.2.0-14`
➕	libsvn1	`1.14.2-4+b2`
➕	libthai	`0.1.29-1`
➕	libthai-data	`0.1.29-1`
➕	libthai0	`0.1.29-1`
➕	libtiff-dev	`4.5.0-6+deb12u2`
➕	libtiff6	`4.5.0-6+deb12u2`
➕	libtiffxx6	`4.5.0-6+deb12u2`
➕	libtirpc	`1.3.3+ds-1`
➕	libtirpc-common	`1.3.3+ds-1`
➕	libtirpc-dev	`1.3.3+ds-1`
➕	libtirpc3	`1.3.3+ds-1`
➕	libtool	`2.4.7-7~deb12u1`
➕	libtsan2	`12.2.0-14`
➕	libubsan1	`12.2.0-14`
➕	libutf8proc2	`2.8.0-1`
➕	libwebp	`1.2.4-0.2+deb12u1`
➕	libwebp-dev	`1.2.4-0.2+deb12u1`
➕	libwebp7	`1.2.4-0.2+deb12u1`
➕	libwebpdemux2	`1.2.4-0.2+deb12u1`
➕	libwebpmux3	`1.2.4-0.2+deb12u1`
➕	libwmf	`0.2.12-5.1`

		Added vulnerabilities (4):
➕	libwmf-0.2-7	`0.2.12-5.1`
➕	libwmf-dev	`0.2.12-5.1`
➕	libwmflite-0.2-7	`0.2.12-5.1`
➕	libx11	`2:1.8.4-2+deb12u2`
➕	libx11-6	`2:1.8.4-2+deb12u2`
➕	libx11-data	`2:1.8.4-2+deb12u2`
➕	libx11-dev	`2:1.8.4-2+deb12u2`
➕	libx265-199	`3.5-2+b1`
➕	libxau	`1:1.0.9-1`
➕	libxau-dev	`1:1.0.9-1`
➕	libxau6	`1:1.0.9-1`
➕	libxcb	`1.15-1`
➕	libxcb-render0	`1.15-1`
➕	libxcb-render0-dev	`1.15-1`
➕	libxcb-shm0	`1.15-1`
➕	libxcb-shm0-dev	`1.15-1`
➕	libxcb1	`1.15-1`
➕	libxcb1-dev	`1.15-1`
➕	libxdmcp	`1:1.1.2-3`
➕	libxdmcp-dev	`1:1.1.2-3`
➕	libxdmcp6	`1:1.1.2-3`
➕	libxext	`2:1.3.4-1`
➕	libxext-dev	`2:1.3.4-1+b1`
➕	libxext6	`2:1.3.4-1+b1`
➕	libxml2	`2.9.14+dfsg-1.3~deb12u1`

		Added vulnerabilities (1):
➕	libxml2-dev	`2.9.14+dfsg-1.3~deb12u1`
➕	libxrender	`1:0.9.10-1.1`
➕	libxrender-dev	`1:0.9.10-1.1`
➕	libxrender1	`1:0.9.10-1.1`
➕	libxslt	`1.1.35-1`

		Added vulnerabilities (1):
➕	libxslt1-dev	`1.1.35-1`
➕	libxslt1.1	`1.1.35-1`
➕	libxt	`1:1.2.1-1.1`
➕	libxt-dev	`1:1.2.1-1.1`
➕	libxt6	`1:1.2.1-1.1`
➕	libyaml	`0.2.5-1`

		Added vulnerabilities (2):
➕	libyaml-0-2	`0.2.5-1`
➕	libyaml-dev	`0.2.5-1`
➕	libzstd-dev	`1.5.4+dfsg2-5`
➕	linux	`6.1.123-1`
➕	linux-libc-dev	`6.1.123-1`
➕	lzo2	`2.10-2`
➕	m4	`1.4.19-3`

		Added vulnerabilities (2):
➕	make	`4.3-4.1`
➕	make-dfsg	`4.3-4.1`
➕	mariadb	`1:10.11.6-0+deb12u1`
➕	mariadb-common	`1:10.11.6-0+deb12u1`
➕	media-types	`10.0.0`
➕	mercurial	`6.3.2-1`
➕	mercurial-common	`6.3.2-1`
➕	mpclib3	`1.3.1-1`
➕	mpfr4	`4.2.0-1`
➕	mysql-common	`5.8+1.1.0`
➕	mysql-defaults	`1.1.0`
➕	netbase	`6.4`
➕	nghttp2	`1.52.0-1+deb12u2`
➕	npth	`1.6-3`
➕	numactl	`2.0.16-1`
➕	openexr	`3.1.5-5`

		Added vulnerabilities (1):
➕	openjpeg2	`2.5.0-2`

		Added vulnerabilities (14):
➕	openldap	`2.5.13+dfsg-5`

		Added vulnerabilities (4):
➕	openssh	`1:9.2p1-2+deb12u4`

		Added vulnerabilities (9):
➕	openssh-client	`1:9.2p1-2+deb12u4`
➕	openssl	`3.0.15-1~deb12u1`

		Added vulnerabilities (1):
➕	pango1.0	`1.50.12+ds-1`
➕	patch	`2.7.6-7`

		Added vulnerabilities (4):
➕	perl-modules-5.36	`5.36.0-7+deb12u1`
➕	pinentry	`1.2.1-1`
➕	pinentry-curses	`1.2.1-1`
➕	pixman	`0.42.2-1`

		Added vulnerabilities (1):
➕	pkg-config	`1.8.1-1`
➕	pkgconf	`1.8.1-1`
➕	pkgconf-bin	`1.8.1-1`
➕	postgresql-15	`15.10-0+deb12u1`
➕	procps	`2:4.0.2-3`
➕	python3	`3.11.2-1+b1`
➕	python3-defaults	`3.11.2-1`
➕	python3-distutils	`3.11.2-3`
➕	python3-lib2to3	`3.11.2-3`
➕	python3-minimal	`3.11.2-1+b1`
➕	python3-stdlib-extensions	`3.11.2-3`
➕	python3.11	`3.11.2-6+deb12u5`
➕	python3.11-minimal	`3.11.2-6+deb12u5`
➕	readline	`8.2-1.3`
➕	readline-common	`8.2-1.3`
➕	rpcsvc-proto	`1.4.3-1`
➕	rtmpdump	`2.4+20151223.gitfa8646d.1-2`
➕	rust-sequoia-sq	`0.27.0-2`
➕	sensible-utils	`0.0.17+nmu1`
➕	serf	`1.3.9-11`
➕	shared-mime-info	`2.2-1`
➕	sq	`0.27.0-2+b1`
➕	sqlite3	`3.40.1-2+deb12u1`

		Added vulnerabilities (2):
➕	subversion	`1.14.2-4`
➕	tiff	`4.5.0-6+deb12u2`

		Added vulnerabilities (12):
➕	ucf	`3.0043+nmu1+deb12u1`
➕	unzip	`6.0-28`

		Added vulnerabilities (1):
➕	utf8proc	`2.8.0-1`
➕	uuid-dev	`2.38.1-5+deb12u3`
➕	wget	`1.21.3-1+b2`
➕	x11-common	`1:7.7+23`
➕	x11proto-core-dev	`2022.1-1`
➕	x11proto-dev	`2022.1-1`
➕	x265	`3.5-2`
➕	xorg	`1:7.7+23`
➕	xorg-sgml-doctools	`1:1.11-1.1`
➕	xorgproto	`2022.1-1`
➕	xtrans	`1.4.0-1`
➕	xtrans-dev	`1.4.0-1`
➕	zlib1g-dev	`1:1.2.13.dfsg-1`

Changes for packages of type github (1 changes)

	Package	Version `dockerdevrel/catalog-service-node:latest`	Version `dockerdevrel/catalog-service-node:pr-42`
♾️	node	`22.13.0`	`18.20.6`

Changes for packages of type npm (294 changes)

	Package	Version `dockerdevrel/catalog-service-node:latest`	Version `dockerdevrel/catalog-service-node:pr-42`
♾️	@aws-sdk/client-s3	`3.670.0`	`3.729.0`
♾️	@aws-sdk/client-sso	`3.670.0`	`3.726.0`
♾️	@aws-sdk/client-sso-oidc	`3.670.0`	`3.726.0`
♾️	@aws-sdk/client-sts	`3.670.0`	`3.726.1`
♾️	@aws-sdk/core	`3.667.0`	`3.723.0`
♾️	@aws-sdk/credential-provider-env	`3.667.0`	`3.723.0`
♾️	@aws-sdk/credential-provider-http	`3.667.0`	`3.723.0`
♾️	@aws-sdk/credential-provider-ini	`3.670.0`	`3.726.0`
♾️	@aws-sdk/credential-provider-node	`3.670.0`	`3.726.0`
♾️	@aws-sdk/credential-provider-process	`3.667.0`	`3.723.0`
♾️	@aws-sdk/credential-provider-sso	`3.670.0`	`3.726.0`
♾️	@aws-sdk/credential-provider-web-identity	`3.667.0`	`3.723.0`
♾️	@aws-sdk/middleware-bucket-endpoint	`3.667.0`	`3.726.0`
♾️	@aws-sdk/middleware-expect-continue	`3.667.0`	`3.723.0`
♾️	@aws-sdk/middleware-flexible-checksums	`3.669.0`	`3.729.0`
♾️	@aws-sdk/middleware-host-header	`3.667.0`	`3.723.0`
♾️	@aws-sdk/middleware-location-constraint	`3.667.0`	`3.723.0`
♾️	@aws-sdk/middleware-logger	`3.667.0`	`3.723.0`
♾️	@aws-sdk/middleware-recursion-detection	`3.667.0`	`3.723.0`
♾️	@aws-sdk/middleware-sdk-s3	`3.669.0`	`3.723.0`
♾️	@aws-sdk/middleware-ssec	`3.667.0`	`3.723.0`
♾️	@aws-sdk/middleware-user-agent	`3.669.0`	`3.726.0`
♾️	@aws-sdk/region-config-resolver	`3.667.0`	`3.723.0`
♾️	@aws-sdk/signature-v4-multi-region	`3.669.0`	`3.723.0`
♾️	@aws-sdk/token-providers	`3.667.0`	`3.723.0`
♾️	@aws-sdk/types	`3.667.0`	`3.723.0`
♾️	@aws-sdk/util-arn-parser	`3.568.0`	`3.723.0`
♾️	@aws-sdk/util-endpoints	`3.667.0`	`3.726.0`
♾️	@aws-sdk/util-locate-window	`3.568.0`	`3.723.0`
♾️	@aws-sdk/util-user-agent-browser	`3.670.0`	`3.723.0`
♾️	@aws-sdk/util-user-agent-node	`3.669.0`	`3.726.0`
♾️	@aws-sdk/xml-builder	`3.662.0`	`3.723.0`
➕	@isaacs/cliui		`8.0.2`
➕	@isaacs/string-locale-compare		`1.1.0`
➕	@npmcli/agent		`2.2.2`
➕	@npmcli/arborist		`7.5.4`
➕	@npmcli/config		`8.3.4`
➕	@npmcli/fs		`3.1.1`
➕	@npmcli/git		`5.0.8`
➕	@npmcli/installed-package-contents		`2.1.0`
➕	@npmcli/map-workspaces		`3.0.6`
➕	@npmcli/metavuln-calculator		`7.1.1`
➕	@npmcli/name-from-folder		`2.0.0`
➕	@npmcli/node-gyp		`3.0.0`
➕	@npmcli/package-json		`5.2.0`
➕	@npmcli/promise-spawn		`7.0.2`
➕	@npmcli/query		`3.1.0`
➕	@npmcli/redact		`2.0.1`
➕	@npmcli/run-script		`8.1.0`
➕	@pkgjs/parseargs		`0.11.0`
➕	@sigstore/bundle		`2.3.2`
➕	@sigstore/core		`1.1.0`
➕	@sigstore/protobuf-specs		`0.3.2`
➕	@sigstore/sign		`2.3.2`
➕	@sigstore/tuf		`2.3.4`
➕	@sigstore/verify		`1.2.1`
♾️	@smithy/abort-controller	`3.1.5`	`4.0.1`
♾️	@smithy/chunked-blob-reader	`3.0.0`	`5.0.0`
♾️	@smithy/chunked-blob-reader-native	`3.0.0`	`4.0.0`
♾️	@smithy/config-resolver	`3.0.9`	`4.0.1`
♾️	@smithy/core	`2.4.8`	`3.1.1`
♾️	@smithy/credential-provider-imds	`3.2.4`	`4.0.1`
♾️	@smithy/eventstream-codec	`3.1.6`	`4.0.1`
♾️	@smithy/eventstream-serde-browser	`3.0.10`	`4.0.1`
♾️	@smithy/eventstream-serde-config-resolver	`3.0.7`	`4.0.1`
♾️	@smithy/eventstream-serde-node	`3.0.9`	`4.0.1`
♾️	@smithy/eventstream-serde-universal	`3.0.9`	`4.0.1`
♾️	@smithy/fetch-http-handler	`3.2.9`	`5.0.1`
♾️	@smithy/hash-blob-browser	`3.1.6`	`4.0.1`
♾️	@smithy/hash-node	`3.0.7`	`4.0.1`
♾️	@smithy/hash-stream-node	`3.1.6`	`4.0.1`
♾️	@smithy/invalid-dependency	`3.0.7`	`4.0.1`
♾️	@smithy/is-array-buffer	`3.0.0`	`4.0.0`
♾️	@smithy/md5-js	`3.0.7`	`4.0.1`
♾️	@smithy/middleware-content-length	`3.0.9`	`4.0.1`
♾️	@smithy/middleware-endpoint	`3.1.4`	`4.0.2`
♾️	@smithy/middleware-retry	`3.0.23`	`4.0.3`
♾️	@smithy/middleware-serde	`3.0.7`	`4.0.1`
♾️	@smithy/middleware-stack	`3.0.7`	`4.0.1`
♾️	@smithy/node-config-provider	`3.1.8`	`4.0.1`
♾️	@smithy/node-http-handler	`3.2.4`	`4.0.2`
♾️	@smithy/property-provider	`3.1.7`	`4.0.1`
♾️	@smithy/protocol-http	`4.1.4`	`5.0.1`
♾️	@smithy/querystring-builder	`3.0.7`	`4.0.1`
♾️	@smithy/querystring-parser	`3.0.7`	`4.0.1`
♾️	@smithy/service-error-classification	`3.0.7`	`4.0.1`
♾️	@smithy/shared-ini-file-loader	`3.1.8`	`4.0.1`
♾️	@smithy/signature-v4	`4.2.0`	`5.0.1`
♾️	@smithy/smithy-client	`3.4.0`	`4.1.2`
♾️	@smithy/types	`3.5.0`	`4.1.0`
♾️	@smithy/url-parser	`3.0.7`	`4.0.1`
♾️	@smithy/util-base64	`3.0.0`	`4.0.0`
♾️	@smithy/util-body-length-browser	`3.0.0`	`4.0.0`
♾️	@smithy/util-body-length-node	`3.0.0`	`4.0.0`
♾️	@smithy/util-buffer-from	`3.0.0`	`4.0.0`
♾️	@smithy/util-config-provider	`3.0.0`	`4.0.0`
♾️	@smithy/util-defaults-mode-browser	`3.0.23`	`4.0.3`
♾️	@smithy/util-defaults-mode-node	`3.0.23`	`4.0.3`
♾️	@smithy/util-endpoints	`2.1.3`	`3.0.1`
♾️	@smithy/util-hex-encoding	`3.0.0`	`4.0.0`
♾️	@smithy/util-middleware	`3.0.7`	`4.0.1`
♾️	@smithy/util-retry	`3.0.7`	`4.0.1`
♾️	@smithy/util-stream	`3.1.9`	`4.0.2`
♾️	@smithy/util-uri-escape	`3.0.0`	`4.0.0`
♾️	@smithy/util-utf8	`3.0.0`	`4.0.0`
♾️	@smithy/util-waiter	`3.1.6`	`4.0.2`
➕	@tufjs/canonical-json		`2.0.0`
➕	@tufjs/models		`2.0.1`
➕	abbrev		`2.0.0`
➕	agent-base		`7.1.1`
➕	aggregate-error		`3.1.0`
➕	ansi-regex		`6.0.1`
➕	ansi-styles		`6.2.1`
➕	aproba		`2.0.0`
➕	archy		`1.0.0`
➕	balanced-match		`1.0.2`
➕	bin-links		`4.0.4`
➕	binary-extensions		`2.3.0`
♾️	body-parser	`1.20.3`	`1.19.0`

			Added vulnerabilities (1):
➕	brace-expansion		`2.0.1`
♾️	bytes	`3.1.2`	`3.1.0`
➕	cacache		`18.0.3`
➖	call-bind	`1.0.7`
➕	chalk		`5.3.0`
➕	chownr		`2.0.0`
➕	ci-info		`4.0.0`
➕	cidr-regex		`4.1.1`
➕	clean-stack		`2.2.0`
➕	cli-columns		`4.0.0`
➕	cmd-shim		`6.0.3`
➕	color-convert		`2.0.1`
➕	color-name		`1.1.4`
➕	common-ancestor-path		`1.0.1`
♾️	content-disposition	`0.5.4`	`0.5.3`
♾️	cookie	`0.7.1`	`0.4.0`

			Added vulnerabilities (1):
♾️	corepack	`0.30.0`	`0.29.4`
➕	cross-spawn		`7.0.3`

			Added vulnerabilities (1):
➕	cssesc		`3.0.0`
♾️	debug	`2.6.9`	`4.3.5`
➖	define-data-property	`1.1.4`
♾️	depd	`2.0.0`	`1.1.2`
♾️	destroy	`1.2.0`	`1.0.4`
➕	diff		`5.2.0`
♾️	dotenv	`16.4.5`	`16.4.7`
➕	eastasianwidth		`0.2.0`
➕	emoji-regex		`9.2.2`
♾️	encodeurl	`2.0.0`	`1.0.2`
➕	encoding		`0.1.13`
➕	env-paths		`2.2.1`
➕	err-code		`2.0.3`
➖	es-define-property	`1.0.0`
➖	es-errors	`1.3.0`
➕	exponential-backoff		`3.1.1`
♾️	express	`4.21.1`	`4.17.1`

			Added vulnerabilities (3):
➕	fastest-levenshtein		`1.0.16`
♾️	finalhandler	`1.3.1`	`1.1.2`
➕	foreground-child		`3.2.1`
➕	fs-minipass		`3.0.3`
➖	function-bind	`1.1.2`
➖	get-intrinsic	`1.2.4`
➕	glob		`10.4.2`
➖	gopd	`1.2.0`
➕	graceful-fs		`4.2.11`
➖	has-property-descriptors	`1.0.2`
➖	has-proto	`1.1.0`
➖	has-symbols	`1.1.0`
➖	hasown	`2.0.2`
➕	hosted-git-info		`7.0.2`
➕	http-cache-semantics		`4.1.1`
♾️	http-errors	`2.0.0`	`1.7.2`
➕	http-proxy-agent		`7.0.2`
➕	https-proxy-agent		`7.0.5`
♾️	iconv-lite	`0.4.24`	`0.6.3`
➕	ignore-walk		`6.0.5`
➕	imurmurhash		`0.1.4`
➕	indent-string		`4.0.0`
➕	ini		`4.1.3`
➕	init-package-json		`6.0.3`
➕	ip-address		`9.0.5`
➕	ip-regex		`5.0.0`
➕	is-cidr		`5.1.0`
➕	is-fullwidth-code-point		`3.0.0`
➕	is-lambda		`1.0.1`
➕	isexe		`3.1.1`
➕	jackspeak		`3.4.0`
➕	jsbn		`1.1.0`
➕	json-parse-even-better-errors		`3.0.2`
➕	json-stringify-nice		`1.1.4`
➕	jsonparse		`1.3.1`
➕	just-diff		`6.0.2`
➕	just-diff-apply		`5.5.0`
➕	libnpmaccess		`8.0.6`
➕	libnpmdiff		`6.1.4`
➕	libnpmexec		`8.1.3`
➕	libnpmfund		`5.0.12`
➕	libnpmhook		`10.0.5`
➕	libnpmorg		`6.0.6`
➕	libnpmpack		`7.0.4`
➕	libnpmpublish		`9.0.9`
➕	libnpmsearch		`7.0.6`
➕	libnpmteam		`6.0.5`
➕	libnpmversion		`6.0.3`
➕	lru-cache		`10.2.2`
➕	make-fetch-happen		`13.0.1`
♾️	merge-descriptors	`1.0.3`	`1.0.1`
➕	minimatch		`9.0.5`
➕	minipass		`7.1.2`
➕	minipass-collect		`2.0.1`
➕	minipass-fetch		`3.0.5`
➕	minipass-flush		`1.0.5`
➕	minipass-pipeline		`1.2.4`
➕	minipass-sized		`1.0.3`
➕	minizlib		`2.1.2`
♾️	mkdirp	`0.5.6`	`1.0.4`
➕	mute-stream		`1.0.0`
➕	node-gyp		`10.1.0`
➕	nopt		`7.2.1`
➕	normalize-package-data		`6.0.2`
➕	npm		`10.8.2`
➕	npm-audit-report		`5.0.0`
➕	npm-bundled		`3.0.1`
➕	npm-install-checks		`6.3.0`
➕	npm-normalize-package-bin		`3.0.1`
➕	npm-package-arg		`11.0.2`
➕	npm-packlist		`8.0.2`
➕	npm-pick-manifest		`9.1.0`
➕	npm-profile		`10.0.0`
➕	npm-registry-fetch		`17.1.0`
➕	npm-user-validate		`2.0.1`
➖	object-inspect	`1.13.3`
♾️	on-finished	`2.4.1`	`2.3.0`
➕	p-map		`4.0.0`
➕	package-json-from-dist		`1.0.0`
➕	pacote		`18.0.6`
➕	parse-conflict-json		`3.0.1`
➕	path-key		`3.1.1`
➕	path-scurry		`1.11.1`
♾️	path-to-regexp	`0.1.10`	`0.1.7`

			Added vulnerabilities (1):
♾️	pg	`8.13.0`	`8.13.1`
➕	postcss-selector-parser		`6.1.0`
➕	proc-log		`4.2.0`
➕	proggy		`2.0.0`
➕	promise-all-reject-late		`1.0.1`
➕	promise-call-limit		`3.0.1`
➕	promise-inflight		`1.0.1`
➕	promise-retry		`2.0.1`
➕	promzard		`1.0.2`
➕	qrcode-terminal		`0.12.0`
♾️	qs	`6.13.0`	`6.7.0`

			Added vulnerabilities (1):
♾️	raw-body	`2.5.2`	`2.4.0`
➕	read		`3.0.1`
➕	read-cmd-shim		`4.0.0`
➕	read-package-json-fast		`3.0.2`
➕	retry		`0.12.0`
♾️	safe-buffer	`5.2.1`	`5.1.2`
➕	semver		`7.6.2`
♾️	send	`0.19.0`	`0.17.1`

			Added vulnerabilities (1):
♾️	serve-static	`1.16.2`	`1.14.1`

			Added vulnerabilities (1):
➖	set-function-length	`1.2.2`
♾️	setprototypeof	`1.2.0`	`1.1.1`
➕	shebang-command		`2.0.0`
➕	shebang-regex		`3.0.0`
➖	side-channel	`1.0.6`
➕	signal-exit		`4.1.0`
➕	sigstore		`2.3.1`
➕	smart-buffer		`4.2.0`
➕	socks		`2.8.3`
➕	socks-proxy-agent		`8.0.4`
➕	spdx-correct		`3.2.0`
➕	spdx-exceptions		`2.5.0`
➕	spdx-expression-parse		`4.0.0`
➕	spdx-license-ids		`3.0.18`
➕	sprintf-js		`1.1.3`
➕	ssri		`10.0.6`
♾️	statuses	`2.0.1`	`1.5.0`
➕	string-width		`5.1.2`
➕	strip-ansi		`7.1.0`
➕	supports-color		`9.4.0`
➕	tar		`6.2.1`
➕	text-table		`0.2.0`
➕	tiny-relative-date		`1.3.0`
♾️	toidentifier	`1.0.1`	`1.0.0`
➕	treeverse		`3.0.0`
♾️	tslib	`2.7.0`	`2.8.1`
➕	tuf-js		`2.2.1`
➕	unique-filename		`3.0.0`
➕	unique-slug		`4.0.0`
➕	validate-npm-package-license		`3.0.4`
➕	validate-npm-package-name		`5.0.1`
➕	walk-up-path		`3.0.1`
➕	which		`4.0.0`
➕	wrap-ansi		`8.1.0`
➕	write-file-atomic		`5.0.1`
➕	yallist		`4.0.0`