Summary
dockerode is a production dependency currently at version 2.5.6. The latest version is 4.0.9.
This is a major version upgrade that may contain breaking changes.
Security Impact
The upgrade addresses several security vulnerabilities in transitive dependencies:
tar-fs vulnerabilities (symlink bypass, path traversal)- Various other CVEs in the dependency tree
Recommended Actions
- Review the dockerode releases for breaking changes
- Update
package.json to "dockerode": "^4.0.9"
- Run
npm install and verify the build passes
- Test Docker container creation/management functionality
- Update
@types/dockerode to version 4.x for TypeScript compatibility
Dependencies Also Requiring Update
@types/dockerode: 2.5.5 → 4.0.1
🤖 Generated by automated security sweep
Summary
dockerodeis a production dependency currently at version 2.5.6. The latest version is 4.0.9.This is a major version upgrade that may contain breaking changes.
Security Impact
The upgrade addresses several security vulnerabilities in transitive dependencies:
tar-fsvulnerabilities (symlink bypass, path traversal)Recommended Actions
package.jsonto"dockerode": "^4.0.9"npm installand verify the build passes@types/dockerodeto version 4.x for TypeScript compatibilityDependencies Also Requiring Update
@types/dockerode: 2.5.5 → 4.0.1🤖 Generated by automated security sweep