Skip to content

fix: Security upgrade node from 20.17.0-alpine3.20 to 20.18.2-alpine3.20 #9597

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 6, 2025
Merged

fix: Security upgrade node from 20.17.0-alpine3.20 to 20.18.2-alpine3.20 #9597

merged 1 commit into from
Feb 6, 2025

Conversation

parseplatformorg
Copy link
Contributor

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

  • Dockerfile

We recommend upgrading to node:20.18.2-alpine3.20, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
low severity CVE-2024-9143
SNYK-ALPINE320-OPENSSL-8235201		   364  
low severity CVE-2024-9143
SNYK-ALPINE320-OPENSSL-8235201		   364  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@parse-github-assistant Parse GitHub Assistant
Copy link

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant bot changed the title [Snyk] Security upgrade node from 20.17.0-alpine3.20 to 20.18.2-alpine3.20 refactor: Security upgrade node from 20.17.0-alpine3.20 to 20.18.2-alpine3.20 Feb 6, 2025
@parse-github-assistant Parse GitHub Assistant
Copy link

parse-github-assistant bot commented Feb 6, 2025
edited
Loading

Thanks for opening this pull request!

  • ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.

@codecov Codecov
Copy link

codecov bot commented Feb 6, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 93.50%. Comparing base (6cf2876) to head (17ba12c).
Report is 6 commits behind head on release-7.x.x.

Additional details and impacted files 
@@              Coverage Diff               @@
##           release-7.x.x    #9597   +/-   ##
==============================================
  Coverage          93.50%   93.50%           
==============================================
  Files                186      186           
  Lines              14804    14804           
==============================================
  Hits               13842    13842           
  Misses               962      962

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mtrezza mtrezza changed the title refactor: Security upgrade node from 20.17.0-alpine3.20 to 20.18.2-alpine3.20 fix: Security upgrade node from 20.17.0-alpine3.20 to 20.18.2-alpine3.20 Feb 6, 2025
@mtrezza mtrezza merged commit 6114cd9 into release-7.x.x Feb 6, 2025
27 of 30 checks passed
@mtrezza mtrezza deleted the snyk-fix-055002154e635f23fe5a5d2b79a12c30 branch February 6, 2025 21:28
This was referenced Feb 6, 2025
Closed
Closed
@parseplatformorg parseplatformorg mentioned this pull request Feb 24, 2025
Closed
parseplatformorg pushed a commit that referenced this pull request Mar 12, 2025
@semantic-release-bot
chore(release): 7.5.0 [skip ci]
b2df741 
# [7.5.0](7.4.0...7.5.0) (2025-03-12)

### Bug Fixes

* LiveQueryServer crashes using cacheAdapter on disconnect from Redis 4 server ([#9615](#9615)) ([0769215](0769215))
* Push adapter not loading on some versions of Node 22 ([#9525](#9525)) ([5447c22](5447c22))
* Security upgrade node from 20.17.0-alpine3.20 to 20.18.2-alpine3.20 ([#9597](#9597)) ([6114cd9](6114cd9))

### Features

* Add support for MongoDB `databaseOptions` keys `minPoolSize`, `connectTimeoutMS`, `socketTimeoutMS`, `autoSelectFamily`, `autoSelectFamilyAttemptTimeout` ([#9577](#9577)) ([20f2071](20f2071))
@parseplatformorg
Copy link
Contributor Author

🎉 This change has been released in version 7.5.0

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
state:released-7.x.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@parseplatformorg @mtrezza @snyk-bot