[Snyk] Security upgrade node from 16.13-alpine to 16.19.1-alpine #201
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE315-ZLIB-2976173 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-3035795 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5811867 - https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Type: Enhancement
PR Summary: This pull request addresses the need to update the Docker base image from node:16.13-alpine to node:16.19.1-alpine in order to mitigate known vulnerabilities associated with the older version. By upgrading to node:16.19.1-alpine, the project benefits from security fixes and reduced vulnerability exposure as highlighted by the automated analysis. The changes are confined to the Dockerfile, specifically updating the base and production image versions.
Decision: Comment
📝 Type: 'Enhancement' - not supported yet.
- Sourcery currently only approves 'Typo fix' PRs.
✅ Issue addressed: this change correctly addresses the issue or implements the desired feature.
No details provided.
✅ Small diff: the diff is small enough to approve with confidence.
No details provided.
General suggestions:
- Ensure thorough testing of the application with the new Docker base image to confirm that the upgrade does not introduce any breaking changes or unexpected behavior.
- Consider reviewing and updating the documentation to reflect the changes in the base image and any new requirements or considerations that come with it.
- Given the security context of this update, it might be beneficial to establish a regular schedule for reviewing and updating dependencies and base images to proactively manage vulnerabilities.
Thanks for using Sourcery. We offer it for free for open source projects and would be very grateful if you could help us grow. If you like it, would you consider sharing Sourcery on your favourite social media? ✨
This PR was automatically created by Snyk using the credentials of a real user.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Changes included in this PR
We recommend upgrading to
node:16.19.1-alpine, as this image has only 13 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Some of the most important vulnerabilities in your base image include:
SNYK-ALPINE315-ZLIB-2976173
SNYK-UPSTREAM-NODE-3035795
SNYK-UPSTREAM-NODE-5741793
SNYK-UPSTREAM-NODE-5811867
SNYK-UPSTREAM-NODE-5843454
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Improper Access Control