Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Up Ubuntu to 24.04 and Node.js to 22 with security fixes #2143

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Up Ubuntu to 24.04 and Node.js to 22 with security fixes #2143

wants to merge 3 commits into from

Conversation

goshander
Copy link
Collaborator

No description provided.

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 17, 2025
edited
Loading

📦 Statoscope quick diff with main-branch:

⏱ Build time: -7.6 sec (-4.01%)

⚖️ Initial size: 0.00 kb (0%)

🕵️ Validation errors: 0

Full Statoscope report could be found here ↗️

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 17, 2025
View reviewed changes
Dockerfile
@@ -1,26 +1,27 @@
ARG UBUNTU_VERSION=24.04

Check warning

Code scanning / Snyk Container

Low severity - Improper Input Validation vulnerability in coreutils

This file introduces a vulnerable coreutils package with a low severity vulnerability.
Dockerfile
@@ -1,26 +1,27 @@
ARG UBUNTU_VERSION=24.04

Check failure

Code scanning / Snyk Container

Low severity - Allocation of Resources Without Limits or Throttling vulnerability in glibc

This file introduces a vulnerable glibc package with a low severity vulnerability.
Dockerfile
@@ -1,26 +1,27 @@
ARG UBUNTU_VERSION=24.04

Check notice

Code scanning / Snyk Container

Low severity - Out-of-bounds Write vulnerability in gnupg2

This file introduces a vulnerable gnupg2 package with a low severity vulnerability.
Dockerfile
@@ -1,26 +1,27 @@
ARG UBUNTU_VERSION=24.04

Check notice

Code scanning / Snyk Container

Low severity - CVE-2024-26458 vulnerability in krb5

This file introduces a vulnerable krb5 package with a low severity vulnerability.
Dockerfile
@@ -1,26 +1,27 @@
ARG UBUNTU_VERSION=24.04

Check warning

Code scanning / Snyk Container

Medium severity - Memory Leak vulnerability in krb5

This file introduces a vulnerable krb5 package with a medium severity vulnerability.
Dockerfile
@@ -1,26 +1,27 @@
ARG UBUNTU_VERSION=24.04

Check notice

Code scanning / Snyk Container

Low severity - Information Exposure vulnerability in libgcrypt20

This file introduces a vulnerable libgcrypt20 package with a low severity vulnerability.
Dockerfile
@@ -1,26 +1,27 @@
ARG UBUNTU_VERSION=24.04

Check notice

Code scanning / Snyk Container

Low severity - CVE-2024-41996 vulnerability in openssl

This file introduces a vulnerable openssl package with a low severity vulnerability.
Dockerfile
@@ -1,26 +1,27 @@
ARG UBUNTU_VERSION=24.04

Check warning

Code scanning / Snyk Container

Medium severity - Insecure Storage of Sensitive Information vulnerability in pam

This file introduces a vulnerable pam package with a medium severity vulnerability.
Dockerfile
@@ -1,26 +1,27 @@
ARG UBUNTU_VERSION=24.04

Check failure

Code scanning / Snyk Container

Medium severity - Improper Authentication vulnerability in pam

This file introduces a vulnerable pam package with a medium severity vulnerability.
Dockerfile
@@ -1,26 +1,27 @@
ARG UBUNTU_VERSION=24.04

Check warning

Code scanning / Snyk Container

Medium severity - CVE-2024-56433 vulnerability in shadow

This file introduces a vulnerable shadow package with a medium severity vulnerability.
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 17, 2025
edited
Loading

E2E Report is ready.

@goshander goshander changed the title [Ubuntu 24.04] [Node.js 22] Fix security container problems [] [] Up Ubuntu to 24.04 and Node.js to 22 with security fixes Feb 17, 2025
@goshander goshander changed the title [] [] Up Ubuntu to 24.04 and Node.js to 22 with security fixes Up Ubuntu to 24.04 and Node.js to 22 with security fixes Feb 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@melikhov-dev melikhov-dev melikhov-dev approved these changes

Assignees
No one assigned
Labels
changelog component/general type/sec
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@goshander @melikhov-dev