Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snyk Critical Vulnerabilities #271

Closed
Cristian-Vt opened this issue Aug 4, 2022 · 1 comment
Closed

Snyk Critical Vulnerabilities #271

Cristian-Vt opened this issue Aug 4, 2022 · 1 comment

Comments

@Cristian-Vt
Copy link

Hello,

Based on Snyk report there are 5 Crytical vulnerabilities.
Is this something Circle Ci would be interested in fixing?
How does Circle Ci manage dependency management for the docker/orbs provided
Screenshot 2022-08-04 at 13 07 32
?

thank you
@felicianotech
Copy link
Contributor

Hi,

Great question. Images are snapshots in time. So we typically don't go back to a released image to update it for any reason. We will for certain security fixes but this is rare because most security problems we come across don't have have an effect in the sandboxed Docker environment that we run.

In this particular case, which image was this run on? The screenshot leads me to believe it was node:18.7.0-bullseye. If so, that is not a supported CircleCI image.

@felicianotech felicianotech closed this as not planned Won't fix, can't repro, duplicate, stale Aug 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@felicianotech @Cristian-Vt