parse-community
fix: Security upgrade node from 20.14.0-alpine3.20 to 20.17.0-alpine3.20
Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
Dockerfile
We recommend upgrading to node:20.17.0-alpine3.20, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Vulnerabilities that will be fixed with an upgrade:
| Issue | Score | |
|---|---|---|
 |
Improper Control of Generation of Code ('Code Injection') SNYK-UPSTREAM-NODE-7430900 |
514 |
|
Access Restriction Bypass SNYK-UPSTREAM-NODE-7430905 |
514 |
 |
CVE-2024-6119 SNYK-ALPINE320-OPENSSL-7895537 |
436 |
|
CVE-2024-6119 SNYK-ALPINE320-OPENSSL-7895537 |
436 |
|
CVE-2024-5535 SNYK-ALPINE320-OPENSSL-7413532 |
364 |
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
- This PR was automatically created by Snyk using the credentials of a real user.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Improper Control of Generation of Code ('Code Injection') 🦉 Access Restriction Bypass
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"node","from":"20.14.0-alpine3.20","to":"20.17.0-alpine3.20"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-UPSTREAM-NODE-7430900","priority_score":514,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"medium","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Control of Generation of Code ('Code Injection')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-UPSTREAM-NODE-7430905","priority_score":514,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"medium","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Access Restriction Bypass"},{"exploit_maturity":"No Known Exploit","id":"SNYK-ALPINE320-OPENSSL-7895537","priority_score":436,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"severity","label":"low","score":150},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"CVE-2024-6119"},{"exploit_maturity":"No Known Exploit","id":"SNYK-ALPINE320-OPENSSL-7895537","priority_score":436,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"severity","label":"low","score":150},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"CVE-2024-6119"},{"exploit_maturity":"No Known Exploit","id":"SNYK-ALPINE320-OPENSSL-7413532","priority_score":364,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"low","score":150},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"CVE-2024-5535"}],"prId":"0f8b3462-55a6-4df4-a416-3224f5836b57","prPublicId":"0f8b3462-55a6-4df4-a416-3224f5836b57","packageManager":"dockerfile","priorityScoreList":[514,514,436,364],"projectPublicId":"97d4a509-c0e9-4e42-b828-e68d99a21012","projectUrl":"https://app.snyk.io/org/acinader/project/97d4a509-c0e9-4e42-b828-e68d99a21012?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-ALPINE320-OPENSSL-7413532","SNYK-ALPINE320-OPENSSL-7895537","SNYK-ALPINE320-OPENSSL-7895537","SNYK-UPSTREAM-NODE-7430900","SNYK-UPSTREAM-NODE-7430905"],"vulns":["SNYK-UPSTREAM-NODE-7430900","SNYK-UPSTREAM-NODE-7430905","SNYK-ALPINE320-OPENSSL-7895537","SNYK-ALPINE320-OPENSSL-7413532"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'
I will reformat the title to use the proper commit message syntax.
![parse-github-assistant[bot] avatar](https://avatars.githubusercontent.com/in/136195?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks for opening this pull request!
- ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as
Closes: #123in the PR description, so I can recognize it.
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 93.48%. Comparing base (
dfd5a8e) to head (18b67e6). Report is 6 commits behind head on alpha.
Additional details and impacted files
@@ Coverage Diff @@
## alpha #9300 +/- ##
=======================================
Coverage 93.48% 93.48%
=======================================
Files 186 186
Lines 14811 14812 +1
=======================================
+ Hits 13846 13847 +1
Misses 965 965
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}