Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade node from 14-buster to 20.6-buster #12

Merged
merged 1 commit into from
Sep 6, 2023
Merged

[Snyk] Security upgrade node from 14-buster to 20.6-buster #12

merged 1 commit into from
Sep 6, 2023

Conversation

ankitnayan
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • ui/Dockerfile

We recommend upgrading to node:20.6-buster, as this image has only 390 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
critical severity 714 Unquoted Search Path or Element
SNYK-DEBIAN10-OPENSSH-5788320		 No Known Exploit
critical severity 714 Buffer Overflow
SNYK-DEBIAN10-PYTHON27-1063178		 No Known Exploit
critical severity 714 Buffer Overflow
SNYK-DEBIAN10-PYTHON27-1063178		 No Known Exploit
critical severity 714 Buffer Overflow
SNYK-DEBIAN10-PYTHON27-1063178		 No Known Exploit
critical severity 714 Buffer Overflow
SNYK-DEBIAN10-PYTHON27-1063178		 No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@ankitnayan ankitnayan merged commit 6ee2aea into main Sep 6, 2023
1 check passed
@ankitnayan ankitnayan deleted the snyk-fix-001e8a2969d0e784618ef83bd9f9e30a branch September 6, 2023 17:21
ankitnayan added a commit that referenced this pull request Sep 6, 2023
@ankitnayan
Revert "fix: ui/Dockerfile to reduce vulnerabilities (#12)"
48afade 
This reverts commit 6ee2aea.
@ankitnayan ankitnayan mentioned this pull request Sep 6, 2023
Merged
ankitnayan added a commit that referenced this pull request Sep 6, 2023
@ankitnayan
Revert "fix: ui/Dockerfile to reduce vulnerabilities (#12)" (#13)
72c46ae 
This reverts commit 6ee2aea.
srikanthccv pushed a commit that referenced this pull request Jun 22, 2024
@zecke
dep: Manually upgrade golang.org/x/net (#3674) (#3811)
5b99b12 
Addresses:
Scanning your code and 410 packages across 83 dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2024-2687
    HTTP/2 CONTINUATION flood in net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2687
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.20.0
    Fixed in: golang.org/x/net@v0.23.0
    Example traces found:
      #1: cli/root.go:122:52: cli.NewAlertmanagerClient calls config.NewClientFromConfig, which eventually calls http2.ConfigureTransports
      #2: types/types.go:290:28: types.MultiError.Error calls http2.ConnectionError.Error
      #3: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.ErrCode.String
      #4: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameHeader.String
      #5: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameType.String
      #6: types/types.go:290:28: types.MultiError.Error calls http2.GoAwayError.Error
      #7: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.Setting.String
      #8: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.SettingID.String
      #9: types/types.go:290:28: types.MultiError.Error calls http2.StreamError.Error
      #10: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.NewClientConn
      #11: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.RoundTrip
      #12: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.chunkWriter.Write
      #13: types/types.go:290:28: types.MultiError.Error calls http2.connError.Error
      #14: types/types.go:290:28: types.MultiError.Error calls http2.duplicatePseudoHeaderError.Error
      #15: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.gzipReader.Close
      #16: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.gzipReader.Read
      #17: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldNameError.Error
      #18: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldValueError.Error
      #19: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.noDialH2RoundTripper.RoundTrip
      #20: types/types.go:290:28: types.MultiError.Error calls http2.pseudoHeaderError.Error
      #21: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.stickyErrWriter.Write
      #22: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.transportResponseBody.Close
      #23: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.transportResponseBody.Read
      #24: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.writeData.String

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.

Signed-off-by: Holger Hans Peter Freyther <holger@freyther.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ankitnayan @snyk-bot