Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade node from 18.15-alpine to 18.20.5-alpine #39

Closed
wants to merge 1,149 commits into from
Closed

[Snyk] Security upgrade node from 18.15-alpine to 18.20.5-alpine #39

wants to merge 1,149 commits into from

Conversation

psyberjunkie
Copy link
Owner

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

  • Dockerfile.openapi_decorator

We recommend upgrading to node:18.20.5-alpine, as this image has only 4 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

Issue
low severity CVE-2024-9143
SNYK-ALPINE320-OPENSSL-8235201
low severity CVE-2024-9143
SNYK-ALPINE320-OPENSSL-8235201

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

isaacmbrown and others added 30 commits December 4, 2024 14:53
@isaacmbrown @patrick-knight
@subatoi @rachaelrenk
[Public preview] Repository policies & enterprise custom properties (…
f484652 
…#53279)

Co-authored-by: Patrick Knight <[email protected]>
Co-authored-by: Ben Ahmady <[email protected]>
Co-authored-by: Rachael Rose Renk <[email protected]>
@felicitymay
Add code-scanning and version copilot (#53351)
b983cb5
@docs-bot
Merge pull request github#35550 from github/repo-sync
a34ca63 
Repo sync
@docs-bot
Update audit log event data (#53458)
4fdc1f9
@docs-bot @heiskr
GraphQL schema update (#53459)
a8a4fcf 
Co-authored-by: heiskr <[email protected]>
@akordowski @nguyenalex836
Fix alert header (github#35545)
71d7410 
Co-authored-by: Alex Nguyen <[email protected]>
@hendrikvanantwerpen @felicitymay
@heiskr @myarb
Unship precise code navigation (#52258)
eac1b74 
Co-authored-by: Felicity Chapman <[email protected]>
Co-authored-by: Kevin Heis <[email protected]>
Co-authored-by: Melanie Yarbrough <[email protected]>
@patrick-knight @vgrl @myarb
Update available-rules-for-rulesets.md (#53268)
6894f93 
Co-authored-by: Vanessa <[email protected]>
Co-authored-by: Melanie Yarbrough <[email protected]>
@docs-bot
Merge pull request github#35551 from github/repo-sync
0279b64 
Repo sync
@docs-bot
Merge pull request #53463 from github/repo-sync
9e19738 
Repo sync
@ndonewar
Fix typo in building-copilot-skillsets.md (#53460)
13e7dc8
@hectorsector
Use a spotlight frontmatter property for category landing pages (#53443)
ccdeff3
@RonRicardo
Improve conditional in Codeowners Legal check workflow (#53456)
4616471
@docs-bot
Merge pull request github#35552 from github/repo-sync
bab26f4 
Repo sync
@docs-bot
Merge pull request #53466 from github/repo-sync
f9f3c90 
Repo sync
@docs-bot @myarb
Update OpenAPI Description (#53439)
471701d 
Co-authored-by: Melanie Yarbrough <[email protected]>
@docs-bot
Merge pull request github#35557 from github/repo-sync
ed1a3f7 
Repo sync
@pallsama @bonsohi
@phumpal @vgrl
Add a known issue for 3.15 (#53469)
0f9feeb 
Co-authored-by: bonsohi <[email protected]>
Co-authored-by: Patrick Humpal <[email protected]>
Co-authored-by: Vanessa <[email protected]>
@docs-bot
Merge pull request github#35558 from github/repo-sync
f197480 
Repo sync
@rpavlik
Update checking-for-existing-gpg-keys.md (github#35554)
623ea87
@docs-bot
Merge pull request #53474 from github/repo-sync
c52c71e 
Repo sync
@sophietheking @subatoi
[Copilot] Context Passing (Public Preview) (#53356)
1804c19 
Co-authored-by: Ben Ahmady <[email protected]>
@sophietheking @heiskr
Copilot Mixed Plans (GA) (#52918)
891bacb 
Co-authored-by: Kevin Heis <[email protected]>
@docs-bot
Merge pull request github#35559 from github/repo-sync
69ea8d7 
Repo sync
@hubwriter @saritai
Copilot cookbook: cross-cutting concerns (#53332)
62d2af4 
Co-authored-by: Sarita Iyer <[email protected]>
@docs-bot
Update audit log event data (#53479)
3b5f834
@hectorsector
Replace useLayoutEffect with useEffect on scroll button (#53483)
8cd4906
@docs-bot
Merge pull request github#35560 from github/repo-sync
1f977df 
Repo sync
@hectorsector
Revert "Use a spotlight frontmatter property for category landing pag…
2849b15 
…es" (#53492)
@felicitymay
Revert "Copilot Mixed Plans (GA)" (#53494)
ded9eb7
konradpabjan and others added 25 commits December 20, 2024 10:47
@konradpabjan
Update self-hosted runner required domains for accessing containers (…
d2a1b28 
…#53672)
@felicitymay @sophietheking
Add missing info and fix one link (#53707)
d2c1ce5 
Co-authored-by: Sophie <[email protected]>
@timrogers @sophietheking
Clarify in docs what models support Copilot Chat skills (#53667)
aa827c7 
Co-authored-by: Sophie <[email protected]>
@Pantelis-Santorinios @sophietheking
Update environment-example.md (#53684)
93c8546 
Co-authored-by: Sophie <[email protected]>
@docs-bot
Merge pull request github#35729 from github/repo-sync
2eedaa9 
Repo sync
@davidstaheli
Remove API Insights preview wording from docs (#53702)
3a46e83
@docs-bot
Merge pull request github#35733 from github/repo-sync
9160ef5 
Repo sync
@nisbet-hubbard @felicitymay
Document the fact that Rouge only recognises lower-case language iden…
fe0b7f0 
…tifiers (github#35697)

Co-authored-by: Felicity Chapman <[email protected]>
@lalithaar @nguyenalex836
Removed Ambiguity :workflow_dispatch statement about "default branch" (
a6dca88 
…github#35727)

Co-authored-by: Alex Nguyen <[email protected]>
@docs-bot
Update audit log event data (#53710)
de04efe
@beliaev-maksim @nguyenalex836
Update automatically-redelivering-failed-deliveries-for-a-github-app-…
dd98f14 
…webhook.md (github#35605)

Co-authored-by: Alex Nguyen <[email protected]>
@timrogers @sophietheking
Document the new o1 model, sitting alongside o1-mini, and sometim…
9eb562c 
…es `o1-preview` (#53624)

Co-authored-by: Sophie <[email protected]>
@jsoref @nguyenalex836
Fix case of ruleId (github#35730)
a8f2943 
Co-authored-by: Alex Nguyen <[email protected]>
@felicitymay
Update code-languages.yml to include Swift (github#35732)
c44092c
@jaroshevskii @felicitymay
Update Xcode source completion sample (github#35724)
d1e2842 
Co-authored-by: Felicity Chapman <[email protected]>
@docs-bot
Merge pull request github#35736 from github/repo-sync
1c47b51 
Repo sync
@docs-bot
Merge pull request #53713 from github/repo-sync
9237179 
Repo sync
@RonRicardo @ashishkeshan @mchammer01
[Quote removal] Remove quotes from data/reusables/actions and data/re…
a8c7801 
…usables/accounts (#53657)

Co-authored-by: Ashish Keshan <[email protected]>
Co-authored-by: mc <[email protected]>
@RonRicardo @mchammer01
[Quote removal] Remove quotes from data/reusables/dependency-graph th…
540d58b 
…rough data/reusables/files (#53676)

Co-authored-by: mc <[email protected]>
@docs-bot
Merge pull request github#35737 from github/repo-sync
7af5a00 
Repo sync
@docs-bot
Merge pull request #53717 from github/repo-sync
43829b5 
Repo sync
@dependabot
Bump nanoid from 3.3.7 to 3.3.8 in the npm_and_yarn group (#53604)
e9af025 
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@rachmari
Remove mdast package (#53716)
ffbbcf3
@docs-bot
Merge pull request github#35740 from github/repo-sync
d25344a 
Repo sync
@snyk-bot
fix: Dockerfile.openapi_decorator to reduce vulnerabilities
9d83053 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201
- https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201
@snyk-io Snyk.io
Copy link

snyk-io bot commented Dec 30, 2024
edited
Loading

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

license/snyk check is complete. No issues have been found. (View Details)

@psyberjunkie psyberjunkie changed the base branch from main to dependabot/npm_and_yarn/cross-spawn-7.0.6 December 30, 2024 07:06
@psyberjunkie
Copy link
Owner Author

git merge dependabot/npm_and_yarn/cross-spawn-7.0.6

@psyberjunkie psyberjunkie deleted the snyk-fix-df34e17daa306e28041a7c1fd0f6af9e branch December 30, 2024 09:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.