[Snyk] Security upgrade node from 20.7.0-alpine to 20.18.1-alpine #30

gabrielpastori1 · 2024-12-10T05:55:43Z

Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

Dockerfile

We recommend upgrading to node:20.18.1-alpine, as this image has only 1 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Path Traversal SNYK-UPSTREAM-NODE-6255385	721
	Server-Side Request Forgery (SSRF) SNYK-UPSTREAM-NODE-8379641	721
	Path Traversal SNYK-UPSTREAM-NODE-6252334	621
	CVE-2023-5363 SNYK-ALPINE318-OPENSSL-6032386	614
	Code Injection SNYK-UPSTREAM-NODE-6252332	614

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-Side Request Forgery (SSRF)
🦉 Path Traversal
🦉 Code Injection

Heroku button

1.5.4

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-6255385 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-8379641 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-6252334 - https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332

gabrielpastori1 and others added 30 commits September 9, 2023 15:29

feat: env to hide index and manager

d962915

fix: add PORT as env alias to SERVER_PORT

d48ce9f

fix: default options to CORS_ORIGIN and CORS_METHODS

bd7294c

add heroku app.json

b63648c

fix: heroku non required env

f6efb7d

fix: RABBITMQ_URI non required

a371164

feat: alias to DATABASE_CONNECTION_URI for heroku deploy

42d0c30

feat: add Procfile

05c9732

add heroku to readme

391c10e

fix: removal of very expensive heroku mongoDB

88011da

fix: add HEROKU_ENV

0505338

fix: DATABASE_CONNECTION_URI required

af2f883

fix: add LOG_LEVEL env

93d255f

fix: force http in heroku

b99f099

fix: revert delete instance router

d775a45

add Procfile

2d51647

fix: procfile

c2a8685

fix: procfile

cf58498

comment env force 8080

7a74cea

hide index

dead37d

add rabbitMQ log

a020eb2

fix: rabbitMQ event hook

f0b9353

feat: link preview and hide manager

18d52a7

Merge branch 'main' into heroku-button

9e977d4

Merge pull request #5 from gabrielpastori1/heroku-button

215f3d5

Heroku button

Merge pull request #6 from EvolutionAPI/main

26d1f83

1.5.4

Update issue templates

8e362a9

Merge branch 'EvolutionAPI:main' into main

f5ecd8e

Merge remote-tracking branch 'upstream/main'

236af88

gabrielpastori1 force-pushed the main branch from 236af88 to 1665654 Compare January 4, 2025 04:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade node from 20.7.0-alpine to 20.18.1-alpine #30

[Snyk] Security upgrade node from 20.7.0-alpine to 20.18.1-alpine #30

gabrielpastori1 commented Dec 10, 2024

[Snyk] Security upgrade node from 20.7.0-alpine to 20.18.1-alpine #30

Are you sure you want to change the base?

[Snyk] Security upgrade node from 20.7.0-alpine to 20.18.1-alpine #30

Conversation

gabrielpastori1 commented Dec 10, 2024

Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade: