From fd1f9bba9ffa8e70567f84199065ac9a43017d85 Mon Sep 17 00:00:00 2001
From: Raj-StepSecurity <rajkumar@stepsecurity.io>
Date: Tue, 14 Oct 2025 12:17:52 +0530
Subject: [PATCH] fix: fix both docker vulns and package vulns

---
 Dockerfile       | 2 +-
 osv-scanner.toml | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index f51181b..49b17ec 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:lts-alpine@sha256:9bef0ef1e268f60627da9ba7d7605e8831d5b56ad07487d24d1aa386336d1944
+FROM node:lts-alpine@sha256:dbcedd8aeab47fbc0f4dd4bffa55b7c3c729a707875968d467aaaea42d6225af
 
 RUN mkdir -p /var/task/
 
diff --git a/osv-scanner.toml b/osv-scanner.toml
index 955d79c..01fd447 100644
--- a/osv-scanner.toml
+++ b/osv-scanner.toml
@@ -5,3 +5,7 @@ reason = "Axios URL is not user-controlled"
 [[IgnoredVulns]]
 id = "GHSA-952p-6rrq-rcjv"
 reason = "It is a test dependency"
+
+[[IgnoredVulns]]
+id = "GHSA-52f5-9888-hmc6"
+reason = "It is dependency used to lint commit messages, hence can be ignored"
\ No newline at end of file