Skip to content

security(deps): upgrade to dockerode@5.0.0#1307

Closed
AviVahl wants to merge 1 commit into
testcontainers:mainfrom
AviVahl:dockerode5
Closed

security(deps): upgrade to dockerode@5.0.0#1307
AviVahl wants to merge 1 commit into
testcontainers:mainfrom
AviVahl:dockerode5

Conversation

@AviVahl
Copy link
Copy Markdown

@AviVahl AviVahl commented Apr 24, 2026

  • new release drops usage of vulnerable uuid, reducing the vulnerability count.
  • also fixed up package-lock.json installing older testcontainers versions for internal packages. they should all be linked now. this deduped several depedencies.

ref: apocas/dockerode#829

@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 24, 2026
edited
Loading

Deploy Preview for testcontainers-node ready!

Name Link
🔨 Latest commit 8d05dda
🔍 Latest deploy log https://app.netlify.com/projects/testcontainers-node/deploys/69ebfa10b23aca0008785f94
😎 Deploy Preview https://deploy-preview-1307--testcontainers-node.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@AviVahl
security(deps): upgrade to dockerode@5.0.0
8d05dda 
- new release drops usage of vulnerable uuid, reducing the vulnerability count.
- also fixed up package-lock.json installing older testcontainers versions for internal packages. they should all be linked now. this deduped several depedencies.
@AviVahl
Copy link
Copy Markdown
Author

AviVahl commented May 15, 2026

Heya @cristianrgreco
Any chance you've got time to review/merge this?
We're using testcontainers and currently forcibly override dockerode to fix alerts.

@cristianrgreco
Copy link
Copy Markdown
Collaborator

cristianrgreco commented May 15, 2026
edited
Loading

Hi @AviVahl, I typically defer to Dependabot for updating deps. See #1322 which updates Dockerode + several others.

The reason it's taking a while is because many deps have now dropped support for node 20 (EOL), meaning that I have to too, meaning I have to plan a major release (as I have to bump the minimum node engine requirement). That's why this is taking a while (as well as fitting in this work around my job 😄).

Current issues:

I'm hoping to get this all resolved within the next few days.

@AviVahl
Copy link
Copy Markdown
Author

AviVahl commented May 15, 2026

Thank you for the response and explanation.
I'll close this one in favor of the dependabot PR, and will wait for the next major.
Much appreciated.

@AviVahl AviVahl closed this May 15, 2026
@AviVahl AviVahl deleted the dockerode5 branch May 15, 2026 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AviVahl @cristianrgreco