From ccc690c369fde844b1e1cc12891aa52f0598a9be Mon Sep 17 00:00:00 2001 From: Knee Cola Date: Wed, 7 Jan 2026 21:12:20 +0100 Subject: [PATCH] chore: upgrade Node.js versions and improve Docker security MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Upgrade email-worker from Node 18 to Node 20 - Update distroless images to nodejs20-debian12:nonroot for both services - Improves security by running containers as nonroot user 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 --- email-worker/Dockerfile | 4 ++-- mailgun-webhook/Dockerfile | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/email-worker/Dockerfile b/email-worker/Dockerfile index f0fcfc7..a43608f 100644 --- a/email-worker/Dockerfile +++ b/email-worker/Dockerfile @@ -1,7 +1,7 @@ #-------------------------------------------- # Stage: building TypeScript #-------------------------------------------- -FROM node:18 as build-stage +FROM node:20 as build-stage ENV WORKDIR=/app WORKDIR /app @@ -30,7 +30,7 @@ RUN npm i --only=production && npm cache clean --force #-------------------------------------------- # Stage: priprema finalnog image-a #-------------------------------------------- -FROM gcr.io/distroless/nodejs:18 as assembly-stage +FROM gcr.io/distroless/nodejs20-debian12:nonroot as assembly-stage WORKDIR /app diff --git a/mailgun-webhook/Dockerfile b/mailgun-webhook/Dockerfile index 79b0cb2..f749989 100644 --- a/mailgun-webhook/Dockerfile +++ b/mailgun-webhook/Dockerfile @@ -30,7 +30,7 @@ RUN npm i --omit=dev && npm cache clean --force #-------------------------------------------- # Stage: preparing final image #-------------------------------------------- -FROM gcr.io/distroless/nodejs:20 AS assembly-stage +FROM gcr.io/distroless/nodejs20-debian12:nonroot AS assembly-stage WORKDIR /app