Skip to content

[Snyk] Security upgrade nginx from latest to 1.30.0-trixie #339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
TheRedHatter wants to merge 1 commit into
base: snyk-fix-93a3b41216b029e9cbcb9ec2fb0bdd3b
Choose a base branch
from
Open

[Snyk] Security upgrade nginx from latest to 1.30.0-trixie #339

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion public/Dockerfile.local
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ COPY vcs ./vcs

RUN npm run build

FROM nginx AS http
FROM nginx:1.30.0-trixie AS http
Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW  A user for the container has not been created
    Resource: /public/Dockerfile.local. | Checkov ID: CKV_DOCKER_3

Description

The policy's primary purpose is to verify that a dedicated user has been explicitly created for running the container. This is essential to avoid running the container with root privileges, which could introduce significant security risks in case of a compromise. Running containers as a non-root user reduces the potential impact of a security breach.

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW  Healthcheck instructions have not been added to container images
    Resource: /public/Dockerfile.local. | Checkov ID: CKV_DOCKER_2

Description

This rule detects whether HEALTHCHECK instructions have been added to Docker container images. These instructions provide a way to check the health of the running container, ensuring that issues are detected and handled promptly, improving the reliability and stability of your containerized applications. Adding HEALTHCHECK instructions to your Dockerfiles follows best practices for Docker container health management.

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

libxslt 1.1.35-1.2+deb13u2 / Dockerfile.local.FROM

Total vulnerabilities: 2

Critical: 0 High: 0 Medium: 0 Low: 2
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2025-10911 LOW LOW - - Open
CVE-2025-11731 LOW LOW - - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2 / Dockerfile.local.FROM

Total vulnerabilities: 3

Critical: 0 High: 0 Medium: 0 Low: 3
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2026-0989 LOW LOW - - Open
CVE-2026-0990 LOW LOW - - Open
CVE-2026-0992 LOW LOW - - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nghttp2 1.64.0-1.1 / Dockerfile.local.FROM

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 0 Low: 1
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2026-27135 LOW LOW - - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

libcap2 1:2.75-10 / Dockerfile.local.FROM

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 0 Low: 1
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2026-4878 LOW LOW - - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tar 1.35+dfsg-3.1 / Dockerfile.local.FROM

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 0 Low: 1
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2026-5704 LOW LOW - - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

util-linux 2.41-5 / Dockerfile.local.FROM

Total vulnerabilities: 2

Critical: 0 High: 0 Medium: 0 Low: 2
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2026-27456 LOW LOW - - Open
CVE-2026-3184 LOW LOW 3.7 - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

xz-utils 5.8.1-1 / Dockerfile.local.FROM

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 0 Low: 1
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2026-34743 LOW LOW 5.3 - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

zlib 1:1.3.dfsg+really1.3.1-1 / Dockerfile.local.FROM

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 0 Low: 1
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2026-27171 LOW LOW 5.5 - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

libheif 1.19.8-1 / Dockerfile.local.FROM

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 0 Low: 1
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2025-68431 LOW LOW 7.1 - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

libtasn1-6 4.20.0-2 / Dockerfile.local.FROM

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 0 Low: 1
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2025-13151 LOW LOW 7.5 - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

curl 8.14.1-2+deb13u2 / Dockerfile.local.FROM

Total vulnerabilities: 7

Critical: 0 High: 0 Medium: 0 Low: 7
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2025-14524 LOW LOW 5.3 - Open
CVE-2025-14819 LOW LOW 5.3 - Open
CVE-2026-3783 LOW LOW 5.3 - Open
CVE-2025-13034 LOW LOW 5.9 - Open
CVE-2026-1965 LOW LOW 6.5 - Open
CVE-2026-3784 LOW LOW 6.5 - Open
CVE-2026-3805 LOW LOW 7.5 - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

glibc 2.41-12+deb13u2 / Dockerfile.local.FROM

Total vulnerabilities: 3

Critical: 0 High: 0 Medium: 0 Low: 3
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2026-4438 LOW LOW 5.4 - Open
CVE-2026-4046 LOW LOW 7.5 - Open
CVE-2026-4437 LOW LOW 7.5 - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ncurses 6.5+20250216-2 / Dockerfile.local.FROM

Total vulnerabilities: 2

Critical: 0 High: 0 Medium: 0 Low: 2
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2025-6141 LOW LOW - - Open
CVE-2025-69720 LOW LOW 7.8 - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

expat 2.7.1-2 / Dockerfile.local.FROM

Total vulnerabilities: 7

Critical: 0 High: 0 Medium: 0 Low: 7
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2025-59375 LOW LOW - - Open
CVE-2026-24515 LOW LOW 2.5 - Open
CVE-2025-66382 LOW LOW 5.5 - Open
CVE-2026-32776 LOW LOW 5.5 - Open
CVE-2026-32777 LOW LOW 5.5 - Open
CVE-2026-32778 LOW LOW 5.5 - Open
CVE-2026-25210 LOW LOW 7.8 - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

systemd 257.9-1~deb13u1 / Dockerfile.local.FROM

Total vulnerabilities: 5

Critical: 0 High: 0 Medium: 1 Low: 4
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2026-4105 MEDIUM MEDIUM 6.7 - Open
CVE-2026-29111 LOW LOW - - Open
CVE-2026-40225 LOW LOW - - Open
CVE-2026-40226 LOW LOW - - Open
CVE-2026-40228 LOW LOW - - Open

Copy link
Copy Markdown

@prisma-cloud-devsecops prisma-cloud-devsecops Bot Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

libde265 1.0.15-1 / Dockerfile.local.FROM

Total vulnerabilities: 4

Critical: 0 High: 1 Medium: 1 Low: 2
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2026-33164 HIGH HIGH 7.5 - Open
CVE-2026-33165 MEDIUM MEDIUM 5 - Open
CVE-2024-38949 LOW LOW 6.5 - Open
CVE-2024-38950 LOW LOW 6.5 - Open


COPY --from=builder /home/node/bc/build /var/www/html
COPY ./nginx-config/default.conf /etc/nginx/conf.d/default.conf
Loading