Skip to content

chore: security upgrade nginx from 1.21-alpine to 1.29.0-alpine #1938

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 17, 2025
Merged

chore: security upgrade nginx from 1.21-alpine to 1.29.0-alpine #1938

merged 1 commit into from
Jul 17, 2025

Conversation

Junjiequan
Copy link
Member

@Junjiequan Junjiequan commented Jul 15, 2025
edited by sourcery-ai bot
Loading

snyk-top-banner

Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

  • CI/to_be_deleted/ESS/Dockerfile

We recommend upgrading to nginx:1.29.0-alpine, as this image has only 1 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Out-of-bounds Write
SNYK-ALPINE315-LIBWEBP-5902238		   829  
high severity CVE-2023-44487
SNYK-ALPINE315-NGHTTP2-5964211		   829  
critical severity Out-of-bounds Write
SNYK-ALPINE315-CURL-5958915		   714  
critical severity Out-of-bounds Read
SNYK-ALPINE315-PCRE2-2869383		   714  
critical severity Out-of-bounds Read
SNYK-ALPINE315-PCRE2-2869384		   714  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Summary by Sourcery

Upgrade the Nginx base image in the ESS Dockerfile from 1.21-alpine to 1.29.0-alpine to resolve multiple security vulnerabilities.

Bug Fixes:

  • Address five high and critical severity CVE and out-of-bounds vulnerabilities by updating the Nginx base image.

Enhancements:

  • Bump Nginx version in CI/to_be_deleted/ESS/Dockerfile for better security posture.

@Junjiequan Junjiequan changed the title [Snyk] Security upgrade nginx from 1.21-alpine to 1.29.0-alpine chore: security upgrade nginx from 1.21-alpine to 1.29.0-alpine Jul 17, 2025
@Junjiequan Junjiequan requested a review from abdimo101 July 17, 2025 12:23
@Junjiequan Junjiequan merged commit 5f56da2 into master Jul 17, 2025
8 of 10 checks passed
@Junjiequan Junjiequan deleted the snyk-fix-ceb448c5cabf9b5990e94e332efbac5b branch July 17, 2025 13:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abdimo101 abdimo101 abdimo101 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Junjiequan @abdimo101 @snyk-bot