sphinx_rtd_theme icon indicating copy to clipboard operation
sphinx_rtd_theme copied to clipboard
verified publisher icon readthedocs

Security Issue: Node.js 14 EOL Vulnerability in Dockerfile

Open AbdessamadEnabih opened this issue 10 months ago • 0 comments

Overview

The project's Dockerfile currently uses Node.js 14, which reached End-of-Life (EOL) on April 30, 2023, and no longer receives security updates.

Current Vulnerable Configuration

FROM node:14-alpine

Security Risk

  • Severity: High
  • Impact: Exposure to unpatched security vulnerabilities
  • Status: Node.js 14 no longer receives security patches

Recommended Fix

Update to Node.js 18 LTS (Long Term Support):

Benefits

  • ✅ Active security support until April 2025
  • ✅ Performance improvements
  • ✅ Better compatibility with modern npm packages
  • ✅ Continued maintenance and bug fixes

Compatibility Notes

Node.js 18 is generally backward compatible with Node.js 14. Minimal breaking changes are expected for this project's use case.

AbdessamadEnabih avatar May 24 '25 22:05 AbdessamadEnabih