[Snyk] Security upgrade nginx from 1.27.0-alpine to 1.29.2-alpine#43
[Snyk] Security upgrade nginx from 1.27.0-alpine to 1.29.2-alpine#43
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE319-EXPAT-7908400 - https://snyk.io/vuln/SNYK-ALPINE319-EXPAT-7908409 - https://snyk.io/vuln/SNYK-ALPINE319-CURL-7567383 - https://snyk.io/vuln/SNYK-ALPINE319-CURL-7567383 - https://snyk.io/vuln/SNYK-ALPINE319-EXPAT-7908399
There was a problem hiding this comment.
Pull Request Overview
Security upgrade of the frontend runtime image to address Snyk-flagged vulnerabilities by updating the Nginx base image.
- Update base image from nginx:1.27.0-alpine to nginx:1.29.2-alpine
- Retain existing multi-stage build structure and runtime setup
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| RUN npm run build | ||
|
|
||
| FROM nginx:1.27.0-alpine | ||
| FROM nginx:1.29.2-alpine |
There was a problem hiding this comment.
Consider pinning the image by digest to avoid supply-chain drift and ensure reproducible builds. Example: FROM nginx:1.29.2-alpine@sha256: (you can get the digest via docker pull and docker inspect or buildx imagetools).
| FROM nginx:1.29.2-alpine | |
| FROM nginx:1.29.2-alpine@sha256:2e2e7e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e |
| RUN npm run build | ||
|
|
||
| FROM nginx:1.27.0-alpine | ||
| FROM nginx:1.29.2-alpine |
There was a problem hiding this comment.
[nitpick] To control the underlying Alpine version and reduce unexpected changes from tag retargeting, consider using an OS-specific tag, e.g., nginx:1.29.2-alpine3.20 (or your chosen Alpine release). This makes upgrades explicit and improves build determinism.
| FROM nginx:1.29.2-alpine | |
| FROM nginx:1.29.2-alpine3.20 |
Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
docker/frontend/DockerfileWe recommend upgrading to
nginx:1.29.2-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-ALPINE319-EXPAT-7908400
SNYK-ALPINE319-EXPAT-7908409
SNYK-ALPINE319-CURL-7567383
SNYK-ALPINE319-CURL-7567383
SNYK-ALPINE319-EXPAT-7908399
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 XML External Entity (XXE) Injection