Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade node from 18.18-alpine3.17 to 20.8.0-alpine3.17 #332

Merged
merged 14 commits into from
Aug 30, 2024
Merged

[Snyk] Security upgrade node from 18.18-alpine3.17 to 20.8.0-alpine3.17 #332

merged 14 commits into from
Aug 30, 2024

Conversation

ludeknovy
Copy link
Owner

snyk-top-banner

Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

  • Dockerfile

We recommend upgrading to node:20.8.0-alpine3.17, as this image has only 13 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Out-of-bounds Write
SNYK-ALPINE317-BUSYBOX-6913412		   514  
medium severity Use After Free
SNYK-ALPINE317-BUSYBOX-7254940		   514  
medium severity Use After Free
SNYK-ALPINE317-BUSYBOX-7254941		   514  
medium severity Use After Free
SNYK-ALPINE317-BUSYBOX-7254942		   514  
medium severity Out-of-bounds Write
SNYK-ALPINE317-OPENSSL-6148880		   514  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use After Free

@codecov Codecov
Copy link

codecov bot commented Aug 30, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (master@14f64bf). Learn more about missing BASE report.
Report is 1 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff            @@
##             master     #332   +/-   ##
=========================================
  Coverage          ?   53.20%           
=========================================
  Files             ?      102           
  Lines             ?     1686           
  Branches          ?      153           
=========================================
  Hits              ?      897           
  Misses            ?      770           
  Partials          ?       19
Flag Coverage Δ
unittests 53.20% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

ludeknovy added 13 commits August 30, 2024 18:23
@ludeknovy
Merge branch 'master' into snyk-fix-c67f9b1cffa8138864386db5129276ed
e179f75
@ludeknovy
Update Node.js to v20 in GitHub Actions workflow
bd02aad
@ludeknovy
Merge remote-tracking branch 'origin/snyk-fix-c67f9b1cffa8138864386db…
d04c4e9 
…5129276ed' into snyk-fix-c67f9b1cffa8138864386db5129276ed

# Conflicts:
#	.github/workflows/tests.yml
@ludeknovy
Update Node.js to v20 in GitHub Actions workflow
387411a
@ludeknovy
Update axios dependency to version 1.7.5
25804e5
@ludeknovy
Revert "Update axios dependency to version 1.7.5"
926add2 
This reverts commit 25804e5.
@ludeknovy
Add Keep-Alive header to integration test requests
f5fc3d0
@ludeknovy
Update state.ts to set up HTTP Agent with keepAlive false
9c9373f
@ludeknovy
Refactor Axios client initialization and request logic
044db0b
@ludeknovy
Revert "Refactor Axios client initialization and request logic"
ddc0bd5 
This reverts commit 044db0b.
@ludeknovy
Revert "Update state.ts to set up HTTP Agent with keepAlive false"
8f6622c 
This reverts commit 9c9373f.
@ludeknovy
Revert "Add Keep-Alive header to integration test requests"
53b25ea 
This reverts commit f5fc3d0.
@ludeknovy
Revert "Update Node.js to v20 in GitHub Actions workflow"
03153c7 
This reverts commit 387411a.
@ludeknovy ludeknovy merged commit 7b22dc5 into master Aug 30, 2024
6 checks passed
@ludeknovy ludeknovy deleted the snyk-fix-c67f9b1cffa8138864386db5129276ed branch August 30, 2024 17:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ludeknovy @snyk-bot