Received: from sonic302-2.consmr.mail.bf2.yahoo.com (sonic302-2.consmr.mail.bf2.yahoo.com [74.6.135.41])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 8B803782CA6
	for <~alpine/devel@lists.alpinelinux.org>; Thu, 29 Apr 2021 11:46:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1619696811; bh=/4+wdzNEw+C5Yyw/fO9AaGJwWGCuiaLQaAn30Y9cs1g=; h=Date:From:To:In-Reply-To:References:Subject:From:Subject:Reply-To; b=mtqGGVqam6IJmXz8bEYZGy50keG5/SWSXSvNNVLtaCYzQyQ5OUl+Kz02piOERZ9Bk87QEw5o8kSLPSYII6mmY/xubz3YInIVj4InP4Uy+R2Jcj/94Gi70rD/FIoGAKzJbCjXSYkFUsvgj5d00qLxXVlcI90LFSkrxrdCWObdrMIB/vl+VfGJUFFt9M3RYCwO/XPGPixqsspkLlxSgdOFUo10tyawWybk36hR2esYhJ82eH91AcZT7+vdkeqsYoTWEWuwb5a7zSXBRYeWs/kzKHQLA5GNiU8YbEFBJTILiqedbjbrGJvJbbLHDoNXjDPWueQVbibajgKQGbJqVzPHGQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1619696811; bh=Ysyv6wPiwwbNWpYvHVRUVjbfL93MyNOL3uzeyAZWcOX=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=ORVF1MHdzbBL81YqshMq/e4XoIalOfV4qeO3mJnxBMGXYIA8/fypf/AA+CoxJSwGxLllvmNf0CFlDLEyaTIqlZWCA4I1RYXq7ZdgoILoOw/4XuytVWSCAbO5EEanZwAbYfWR0vNG68Dw9zY+IVuQ1wuy0j3wpvUvc1TZe4uX4QcDrVmcKsHdCRClHTY51xc6QqgBy8JO2dxNgZMNIhDPN9qbeFQnH58rqDZcSAGTpkeZA1Zly0Kl9g66bcvMvNHwDTJRUxthwJlglkTDztziu9J62lJsMeFpHjqoDzDFSqbpoKnksr57AwkkN25iDnS6SML7u5QOc7N+pKfpXokQ9A==
X-YMail-OSG: eopMKOYVM1m.1MNvdIGKC_9T_6MBVbD6PEFTmW09FvqiOKfuEm4tszaOxBPmDrY
 T8fcJR7C_Yh8Eti3CC_3LFtQcmMDkwZ5hkai7f6iFoGui5hkB8uvBHP3sDcl4qqIQn26o5ZZb.6m
 hnPenf0oDnmPSHArQoyFajZQOYp3_jLwbd528xrnihkt5xdTFJxExr6CoRNhqhWUtpTXT46kn_QZ
 r7RuCSjSyzgYUuBYxPMCEIutw3nY2MNAxa8X94rswlOvJ0XUcsXleFGh7JS0UyoLCWFPu81CoGa5
 mj9BJ3IVz3YLYj6_AKz.msjAOcFfG5wMzeE3b89JJ_bFWpzB2seuyxDrDVJFEc_o4zN40QGxf8KU
 L8Y36WJpFYR6.V5_atktliK7r6lnNqmjdSqeOCI3TDYD.adoPiI0_ltxgBofz6fXeTdmmAaRA.89
 ijM79q2aHQlQEW9F4HBUBk7cPF_rTgsYhv3dUgpPEIcY_huZnxLzrcaad1AhP62y3N0uucg1jmqr
 K1jMBymYjkiM.KA9TUrz3TtnYji6.VRuH1MwfNa5B0EVTSDhC5JzjsiSi6oFsf1w1XQQgzIIgimH
 HytRydfQ4gtfgjZpegG4PgZWvMhotOJbVBtaf98GtPyG_nkDhwyV1jLPqapG.ieVN2Ezss_6yheq
 jgt0d3hSzCcVb8iyv9GApVpvvkQwAxcRMQ2FOu6RiB38BM3gVG7CHGUipaPWQkyFLclVNq7sngau
 q4vY.UxhMkadZCL9cPOqpw9lFh3LsWL_Z7rHJpaWOHdgraTVQ7pevFXJRtQMGgZUuib_CuTtwv5l
 uO8qWP2lDIUbxkAoWtiako94Gxnaqu0W_jp4t2REKOpkxQ2cd_.bSY.LY9kSc_YEGMFVSLjLR8mK
 TImph3avkfv8KiDCbQVVgOF_ZYj3jpkDOJp48uXkMchmHdS804UdlEnu.Qb_Cn601ITddcFzkStg
 AaokXScvmCdlpqAAZBrk5RqVmcMeIZo6dH1Y0skAlAduLSYfTljDIcT0tvl.3.goPi44XJ1.bCP5
 nbyoAq1v6l.NseoKypKTi8xhyXpVzWJVxjhEZJAexprRgSnwm58WFDFoFg1moRaShCvj4Sb6z0OT
 YLLY9vJPIRAOSrzOJwf7pWTrqfduRvmUnZdXbQVG5ecLn3_e4nHD5sOXKqWUY.nlVrU1gihDbmzS
 lgHnVAe3Yz1aIjJZEGBjhlOvB4ofPyFah855CV1f6wFj0QBtQgC7buHEq3Ciz2o6SLh.c.BHD5pD
 S2n_C5G7ZBEgyiAmADWTKI90XvLJRyksOMKmqQILJzKW7ZjwvLnxY8NmmQGwKSX0PZ3vMJmGFJ5_
 JmIcrINdTUUaVpldUMwN8aZLhccT6IjA8G9XJgqlFPJHPNyTB50uzxE_HlzoM__BclFZQoPelF.n
 uVsWI_Y0peD7g9UPBZuXxVSh6JZ1zFqPNXP0_iFY54xKAN.sXn.QvwoLQg0HtMdwUU.fogcwHflr
 yBC6IuHPPXfjfXFdGvqIDvbzfXWWzKfeMPekjevganT3GWGZufXv_hh1vJJ9A03hlRpXSAWWskyG
 I41f8jOfgSpLcmFHFwCnGneyYId5iYDqenOyh2o7n61H2iZEB4obEVPWf2iV6MycWsLIakGw9LfJ
 Vpl.Mhlb9FdVVPhsFf1x.6gmjtG0AgYMBO9V0swz9migqFUcBcImQGnLrZ1Pe_4xvqurLZt6fyWt
 EZs_Eo.Sts3UaXiG7vpaICnVazMGInJgq4fILvdHKnt.tn1X.AYMUSYamvgXv1YXfv5YSTOP8hhu
 DKXcjOIH_IXHTc31PZrLNgi2cPMONjDEP.qoBmu30X5MvMiSP3TQMslTOaoZDWb4.lvE6wwYgxP9
 uMSRYhg8bvMGjz20zTOfQXNM9lEiZgzqy_1oSjF1sx6DU3m022If_c7m.7We7c7xl9ZfAo36R2wv
 zSAH12igwK0_Q.w48eUndMPabJQVokJWTYtgC5Nl8lXIz6PfETSof1h5QgyTIQx.ns6SjlaHXkfZ
 mEaGcwxvipmxgFe99mWM3bZaUOO_alDoyzMh2fAsiC3L6pfMCzJ1_QnpmbQEwNIODhbudCQhcPHO
 kxm.yLShtdh4EQZ9xmbG8q70o5soLG238ZcfF4ebRzfD7Y8pEPB6GzSwqnGKTRNAGCPH18gC_05l
 ifk1AL3.HxENP6fzVbGx34hSdFL3eu__mDpeaQK1C9GXmvMtZgMordOipyle5ucoMwZFNSglyz1B
 b3u8EPmyIqBC4kRnvP0qIuWBOBL.mLUfi.81KE36jyeOsphwJXEid_aW.DInOl1H4tGUKnkm2r0O
 5rfoWn1jkRkcmlv4xeL90GSlzOeJ3hcaHzNcJyCw1_OAAHZm5QFPrZ3R3CMJUz_l7rMuCqDSQp7D
 qw0N0RJKvAMEa_xznZuf30BtUuzNj7EZuykw7rwLAFhkFTFOZaHX6qGNe3LgSPiywKPICDZOnVLh
 QtrWC0eBOwweqRjU_5EC.Vv7GFukzGozhcC5XWO9FBpRe4n_5_r3O44K0e5JX8.3BmFvvgmwlUTL
 g01i6JJOolJwuqiTSjSoC
X-Sonic-MF: <ttrask01@yahoo.com>
Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.bf2.yahoo.com with HTTP; Thu, 29 Apr 2021 11:46:51 +0000
Date: Thu, 29 Apr 2021 11:46:48 +0000 (UTC)
From: Ted Trask <ttrask01@yahoo.com>
To: 
	"~alpine/devel@lists.alpinelinux.org" <~alpine/devel@lists.alpinelinux.org>, 
	Nir Ben-Eliezer <nir.ben-eliezer@aquasec.com>
Message-ID: <755786165.1114022.1619696808923@mail.yahoo.com>
In-Reply-To: <AM6PR03MB4711B475D15586303F7AD1B8B35F9@AM6PR03MB4711.eurprd03.prod.outlook.com>
References: <AM6PR03MB4711B475D15586303F7AD1B8B35F9@AM6PR03MB4711.eurprd03.prod.outlook.com>
Subject: Re: Security dispute over nodejs vulnerability in Alpine - Help!
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Mailer: WebService/1.1.18138 YMailNorrin Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36

> But one thing still bugs me here. Consider the following scenario: I inst=
all Alpine 3.13. I then install nodejs V12.20.1 through APK - this is possi=
ble.

How exactly are you loading nodejs 12.20.1 when you are already running Alp=
ine 3.13? The current nodejs version in Alpine 3.13 is 14.16.1. I think the=
 problem comes from a mismatch between your Alpine version and your nodejs =
package. If you upgraded your Alpine version after installing nodejs, you a=
pparently did not upgrade properly. Try running =E2=80=9Capk upgrade =E2=80=
=94available=E2=80=9D.

Ted Trask