node:22-alpine - new push overnight added critical vulnerability with apk / alpine/openssl / 3.1.4-r5Β #2282
Description
Environment
- Platform: bitbucket build for AWS Lambda
- Docker Version:
- Node.js Version: 22
- Image Tag: node:22-alpine
Expected Behavior
Build should be able to communicate via SSL - specifically to pull other libraries from other locations
Current Behavior
Open SSL error fails the build on bitbucket pipeline
npm error command git --no-replace-objects ls-remote ssh://[email protected]/{PRIVATE REPO URL}.git
npm error OpenSSL version mismatch. Built against 3050003f, you have 30500010
npm error fatal: Could not read from remote repository.
npm error Please make sure you have the correct access rights
npm error and the repository exists.
Possible Solution
Update image tag(s) to use correct version of Open SSL library
Steps to Reproduce
- Create bitbucket pipeline for AWS Lambda project from image tag: node:22-alpine
- Add external project which requires SSL connection to retrieve repo
- Build fails with OpenSSL error
Additional Information
This was working perfectly until an update on 24/09/2025