search

atomist-skills / npm-vulnerability-scanner-skill

Atomist Skill to find and fix security vulnerabilities in npm dependencies
Apache License 2.0
0 stars 0 forks source link

Re-pin Docker base images in Dockerfile #212

Closed atomist[bot] closed 3 years ago

atomist[bot] commented 3 years ago

This pull request re-pins the following Docker base images in Dockerfile to their current digests.

https://github.com/atomist-skills/npm-vulnerability-scanner-skill/blob/9c67af7f380a9cd3aece22e99790bb4f412efa7b/Dockerfile#L2-L2

Changelog for node:lts

### Commit New image build caused by commit docker-library/official-images@dbc51bcc0164180dbb56ffc16008a13a275ad44f to [`library/node`](https://github.com/docker-library/official-images/blob/dbc51bcc0164180dbb56ffc16008a13a275ad44f/library/node): ``` Node: chore: update to node 14.17.1 ``` --- ### Comparison Comparing Docker image `node:lts` at digests _Current_ `sha256:43bb29ec0b053be1d9120b13ec26e1d978a1dcc9188446934ad7173232a5c479` (899mb) and _Proposed_ `sha256:52fe2e3604ca3d7d0bc017c0d60df5baaf54c3e261bab8334b0657f923092523` (900mb): #### Vulnerabilities No vulnerabilities detected #### Packages The following package differences were detected: | Name | Current | Proposed | Type | | ---- | ------- | -------- | ---- | | `libpython2.7-minimal` | `2.7.13-2 deb9u4` | `2.7.13-2 deb9u5` | Apt | | `libpython2.7-stdlib` | `2.7.13-2 deb9u4` | `2.7.13-2 deb9u5` | Apt | | `libsvn1` | `1.9.5-1 deb9u5` | `1.9.5-1 deb9u6` | Apt | | `libxml2` | `2.9.4 dfsg1-2.2+deb9u3` | `2.9.4 dfsg1-2.2+deb9u4` | Apt | | `libxml2-dev` | `2.9.4 dfsg1-2.2+deb9u3` | `2.9.4 dfsg1-2.2+deb9u4` | Apt | | `npm` | `6.14.12` | `6.14.13` | Node | | `python2.7` | `2.7.13-2 deb9u4` | `2.7.13-2 deb9u5` | Apt | | `python2.7-minimal` | `2.7.13-2 deb9u4` | `2.7.13-2 deb9u5` | Apt | | `subversion` | `1.9.5-1 deb9u5` | `1.9.5-1 deb9u6` | Apt | #### Files The following file modifications were detected: | Name | Current | Proposed | Diff | | ---- | ------- | -------- | ---- | | `/etc/apt/sources.list` | `427b` | `427b` | `0b` | | `/etc/machine-id` | `33b` | `33b` | `0b` | | `/etc/shadow` | `527b` | `527b` | `0b` | | `/etc/shadow-` | `501b` | `501b` | `0b` | | `/root/.gnupg/pubring.kbx` | `90kb` | `90kb` | `697b` | | `/root/.gnupg/pubring.kbx~` | `78kb` | `78kb` | `697b` | | `/root/.gnupg/random_seed` | `600b` | `600b` | `0b` | | `/root/.gnupg/trustdb.gpg` | `1.2kb` | `1.2kb` | `0b` | | `/tmp/v8-compile-cache-0/8.4.371.19-node.18` (2 files changed) | | `-` | `-4.3mb` | | `/tmp/v8-compile-cache-0/8.4.371.23-node.67` (2 files changed) | | `+` | `4.3mb` | | `/usr/bin/python2.7` | `3.6mb` | `3.6mb` | `-20kb` | | `/usr/bin/svn` | `286kb` | `286kb` | `0b` | | `/usr/bin/svnadmin` | `82kb` | `82kb` | `0b` | | `/usr/bin/svnauthz` | `22kb` | `22kb` | `0b` | | `/usr/bin/svnauthz-validate` | `22kb` | `22kb` | `0b` | | `/usr/bin/svnbench` | `58kb` | `58kb` | `0b` | | `/usr/bin/svndumpfilter` | `34kb` | `34kb` | `0b` | | `/usr/bin/svnfsfs` | `34kb` | `34kb` | `0b` | | `/usr/bin/svnlook` | `66kb` | `66kb` | `0b` | | `/usr/bin/svnmucc` | `26kb` | `26kb` | `0b` | | `/usr/bin/svnrdump` | `54kb` | `54kb` | `0b` | | `/usr/bin/svnserve` | `94kb` | `94kb` | `0b` | | `/usr/bin/svnsync` | `54kb` | `54kb` | `0b` | | `/usr/bin/svnversion` | `14kb` | `14kb` | `0b` | | `/usr/lib/python2.7` (611 files changed) | `7.5mb` | `7.5mb` | `1.9kb` | | `/usr/lib/python3.5` (8 files changed) | `329kb` | `329kb` | `0b` | | `/usr/lib/x86_64-linux-gnu` (19 files changed) | `8.5mb` | `8.5mb` | `8b` | | `/usr/local/CHANGELOG.md` | `52kb` | `515kb` | `463kb` | | `/usr/local/LICENSE` | `78kb` | `78kb` | `18b` | | `/usr/local/README.md` | `28kb` | `30kb` | `1.9kb` | | `/usr/local/bin/node` | `70mb` | `71mb` | `533kb` | | `/usr/local/include` (11 files changed) | `157kb` | `158kb` | `853b` | | `/usr/local/lib` (161 files changed) | `3.9mb` | `3.9mb` | `906b` | | `/usr/local/share/man/man1/node.1` | `20kb` | `20kb` | `784b` | | `/usr/share/doc` (8 files changed) | `275kb` | `275kb` | `1016b` | | `/var/cache/fontconfig` (4 files changed) | `15kb` | `15kb` | `0b` | | `/var/cache/ldconfig/aux-cache` | `17kb` | `17kb` | `0b` | | `/var/lib/dpkg` (11 files changed) | `787kb` | `787kb` | `107b` | | `/var/log/alternatives.log` | `14kb` | `14kb` | `0b` | | `/var/log/apt` (3 files changed) | `116kb` | `116kb` | `-12b` | | `/var/log/dpkg.log` | `189kb` | `189kb` | `0b` | #### History The following differences in [`docker history`](https://docs.docker.com/engine/reference/commandline/history/) were detected: ```diff -/bin/sh -c #(nop) ADD file:e3d37689e896a83d39040f2c95091ff88f3899b5b410dbf76908dd6c938b8cb5 in / +/bin/sh -c #(nop) ADD file:d9e4f6f4fc33703b766642a5642cabb2b01675bb55cf6050f2e91507577ff570 in / /bin/sh -c #(nop) CMD ["bash"] /bin/sh -c set -eux; apt-get update; apt-get install -y --no-install-recommends apt-transport-https ca-certificates curl netbase wget ; rm -rf /var/lib/apt/lists/* /bin/sh -c set -ex; if ! command -v gpg > /dev/null; then apt-get update; apt-get install -y --no-install-recommends gnupg dirmngr ; rm -rf /var/lib/apt/lists/*; fi /bin/sh -c apt-get update && apt-get install -y --no-install-recommends bzr git mercurial openssh-client subversion procps && rm -rf /var/lib/apt/lists/* /bin/sh -c set -ex; apt-get update; apt-get install -y --no-install-recommends autoconf automake bzip2 dpkg-dev file g++ gcc imagemagick libbz2-dev libc6-dev libcurl4-openssl-dev libdb-dev libevent-dev libffi-dev libgdbm-dev libglib2.0-dev libgmp-dev libjpeg-dev libkrb5-dev liblzma-dev libmagickcore-dev libmagickwand-dev libmaxminddb-dev libncurses5-dev libncursesw5-dev libpng-dev libpq-dev libreadline-dev libsqlite3-dev libssl-dev libtool libwebp-dev libxml2-dev libxslt-dev libyaml-dev make patch unzip xz-utils zlib1g-dev $( if apt-cache show 'default-libmysqlclient-dev' 2>/dev/null | grep -q '^Version:'; then echo 'default-libmysqlclient-dev'; else echo 'libmysqlclient-dev'; fi ) ; rm -rf /var/lib/apt/lists/* /bin/sh -c groupadd --gid 1000 node && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -/bin/sh -c #(nop) ENV NODE_VERSION=14.16.1 +/bin/sh -c #(nop) ENV NODE_VERSION=14.17.1 /bin/sh -c ARCH= && dpkgArch="$(dpkg --print-architecture)" && case "${dpkgArch##*-}" in amd64) ARCH='x64';; ppc64el) ARCH='ppc64le';; s390x) ARCH='s390x';; arm64) ARCH='arm64';; armhf) ARCH='armv7l';; i386) ARCH='x86';; *) echo "unsupported architecture"; exit 1 ;; esac && set -ex && for key in 4ED778F539E3634C779C87C6D7062848A1AB005C 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 74F12602B6F1C4E913FAA37AD3A89613643B6201 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C DD8F2338BAE7501E3DD5AC78C273792F7D83545D A48C2BEE680E841632CD4E44F07496B3EB3C1762 108F52B48DB57BB0CC439B2997B01419BD92F80A B9E2F5981AA6E0CD28160D9FF13993A75599653C ; do gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; done && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt && ln -s /usr/local/bin/node /usr/local/bin/nodejs && node --version && npm --version /bin/sh -c #(nop) ENV YARN_VERSION=1.22.5 /bin/sh -c set -ex && for key in 6A010C5166006599AA17F08146C2130DFD2497F5 ; do gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; done && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && mkdir -p /opt && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && yarn --version ``` #### Ports No different exposed ports detected #### Environment Variables The following different environment variables were detected: ```diff -NODE_VERSION 14.16.1 +NODE_VERSION 14.17.1 ``` ---

https://github.com/atomist-skills/npm-vulnerability-scanner-skill/blob/9c67af7f380a9cd3aece22e99790bb4f412efa7b/Dockerfile#L12-L12

Changelog for atomist/skill:node14

### Commit New image build caused by commit atomist-skills/skill-base@d4b6323bf53a9e56fc3e28ac9b956d36a96f8c71 to [`Dockerfile`](https://github.com/atomist-skills/skill-base/blob/d4b6323bf53a9e56fc3e28ac9b956d36a96f8c71/Dockerfile): ``` Update Dockerfile ``` --- ### Comparison Comparing Docker image `atomist/skill:node14` at digests _Current_ `sha256:1f5574256296251d381a78d1987b83723534b419409d54a1a12b5595e23fb47f` (424mb) and _Proposed_ `sha256:240961aa7d2479db9e0e953909b54ef6ac39ac7d83c695293356c72786bf7ff9` (634mb): #### Vulnerabilities Detected 13 (+10|-3) medium and 42 (+21|-1) low vulnerabilities in proposed image. ##### New Vulnerabilities | CVE | Severity | CVSS Base Score | Affected | Fix | | --- | :------: | --------------- | -------- | :---: | | [CVE-2021-26932](https://nvd.nist.gov/vuln/detail/CVE-2021-26932) | _medium_ | `1.9` | `linux-libc-dev` | x | | [CVE-2021-3587](https://nvd.nist.gov/vuln/detail/CVE-2021-3587) | _medium_ | `n/a` | `linux-libc-dev` | | | [CVE-2021-3564](https://nvd.nist.gov/vuln/detail/CVE-2021-3564) | _medium_ | `n/a` | `linux-libc-dev` | | | [CVE-2020-26541](https://nvd.nist.gov/vuln/detail/CVE-2020-26541) | _medium_ | `6.9` | `linux-libc-dev` | | | [CVE-2020-24504](https://nvd.nist.gov/vuln/detail/CVE-2020-24504) | _medium_ | `2.1` | `linux-libc-dev` | | | [CVE-2020-13844](https://nvd.nist.gov/vuln/detail/CVE-2020-13844) | _medium_ | `2.1` | `cpp` `g++` `gcc` | | | [CVE-2018-17977](https://nvd.nist.gov/vuln/detail/CVE-2018-17977) | _medium_ | `4.9` | `linux-libc-dev` | | | [CVE-2016-8660](https://nvd.nist.gov/vuln/detail/CVE-2016-8660) | _medium_ | `4.9` | `linux-libc-dev` | | | [CVE-2015-8553](https://nvd.nist.gov/vuln/detail/CVE-2015-8553) | _medium_ | `2.1` | `linux-libc-dev` | | | [CVE-2013-7445](https://nvd.nist.gov/vuln/detail/CVE-2013-7445) | _medium_ | `7.8` | `linux-libc-dev` | | | [CVE-2021-3530](https://nvd.nist.gov/vuln/detail/CVE-2021-3530) | _low_ | `5` | `binutils` `binutils-common`
`binutils-x86-64-linux-gnu` `libbinutils`
`libctf-nobfd0` `libctf0` | | | [CVE-2020-14304](https://nvd.nist.gov/vuln/detail/CVE-2020-14304) | _low_ | `2.1` | `linux-libc-dev` | | | [CVE-2020-11725](https://nvd.nist.gov/vuln/detail/CVE-2020-11725) | _low_ | `4.6` | `linux-libc-dev` | | | [CVE-2019-1010204](https://nvd.nist.gov/vuln/detail/CVE-2019-1010204) | _low_ | `4.3` | `binutils` `binutils-common`
`binutils-x86-64-linux-gnu` `libbinutils`
`libctf-nobfd0` `libctf0` | | | [CVE-2019-19814](https://nvd.nist.gov/vuln/detail/CVE-2019-19814) | _low_ | `9.3` | `linux-libc-dev` | | | [CVE-2019-19378](https://nvd.nist.gov/vuln/detail/CVE-2019-19378) | _low_ | `6.8` | `linux-libc-dev` | | | [CVE-2019-16230](https://nvd.nist.gov/vuln/detail/CVE-2019-16230) | _low_ | `4.7` | `linux-libc-dev` | | | [CVE-2019-15213](https://nvd.nist.gov/vuln/detail/CVE-2019-15213) | _low_ | `4.9` | `linux-libc-dev` | | | [CVE-2019-14899](https://nvd.nist.gov/vuln/detail/CVE-2019-14899) | _low_ | `4.9` | `linux-libc-dev` | | | [CVE-2018-20657](https://nvd.nist.gov/vuln/detail/CVE-2018-20657) | _low_ | `5` | `binutils` `binutils-common`
`binutils-x86-64-linux-gnu` `libbinutils`
`libctf-nobfd0` `libctf0` | | | [CVE-2018-12931](https://nvd.nist.gov/vuln/detail/CVE-2018-12931) | _low_ | `7.2` | `linux-libc-dev` | | | [CVE-2018-12930](https://nvd.nist.gov/vuln/detail/CVE-2018-12930) | _low_ | `7.2` | `linux-libc-dev` | | | [CVE-2018-12929](https://nvd.nist.gov/vuln/detail/CVE-2018-12929) | _low_ | `4.9` | `linux-libc-dev` | | | [CVE-2018-12928](https://nvd.nist.gov/vuln/detail/CVE-2018-12928) | _low_ | `4.9` | `linux-libc-dev` | | | [CVE-2018-10126](https://nvd.nist.gov/vuln/detail/CVE-2018-10126) | _low_ | `4.3` | `libtiff5` | | | [CVE-2018-1121](https://nvd.nist.gov/vuln/detail/CVE-2018-1121) | _low_ | `4.3` | `linux-libc-dev` | | | [CVE-2017-13716](https://nvd.nist.gov/vuln/detail/CVE-2017-13716) | _low_ | `7.1` | `binutils` `binutils-common`
`binutils-x86-64-linux-gnu` `libbinutils`
`libctf-nobfd0` `libctf0` | | | [CVE-2017-13693](https://nvd.nist.gov/vuln/detail/CVE-2017-13693) | _low_ | `4.9` | `linux-libc-dev` | | | [CVE-2017-13165](https://nvd.nist.gov/vuln/detail/CVE-2017-13165) | _low_ | `4.6` | `linux-libc-dev` | | | [CVE-2017-9937](https://nvd.nist.gov/vuln/detail/CVE-2017-9937) | _low_ | `4.3` | `libjbig0` | | | [CVE-2017-0537](https://nvd.nist.gov/vuln/detail/CVE-2017-0537) | _low_ | `2.6` | `linux-libc-dev` | | ##### Fixed Vulnerabilities | CVE | Severity | CVSS Base Score | Affected | | --- | :------: | --------------- | -------- | | [CVE-2021-31535](https://nvd.nist.gov/vuln/detail/CVE-2021-31535) | _medium_ | `7.5` | `libx11-6` `libx11-data` | | [CVE-2021-29921](https://nvd.nist.gov/vuln/detail/CVE-2021-29921) | _medium_ | `7.5` | `libpython3.9-minimal` `libpython3.9-stdlib`
`python3.9` `python3.9-minimal` | | [CVE-2021-3520](https://nvd.nist.gov/vuln/detail/CVE-2021-3520) | _medium_ | `7.5` | `liblz4-1` | | [CVE-2021-3426](https://nvd.nist.gov/vuln/detail/CVE-2021-3426) | _low_ | `2.7` | `libpython3.9-minimal` `libpython3.9-stdlib`
`python3.9` `python3.9-minimal` | #### Packages The following package differences were detected: | Name | Current | Proposed | Type | | ---- | ------- | -------- | ---- | | `gcc-11-base` | `11-20210417-1ubuntu1` | `11.1.0-1ubuntu1~21.04` | Apt | | `libgcc-s1` | `11-20210417-1ubuntu1` | `11.1.0-1ubuntu1~21.04` | Apt | | `liblz4-1` | `1.9.3-1build1` | `1.9.3-1ubuntu0.1` | Apt | | `libpython3.9-minimal` | `3.9.4-1` | `3.9.5-3~21.04` | Apt | | `libpython3.9-stdlib` | `3.9.4-1` | `3.9.5-3~21.04` | Apt | | `libstdc++6` | `11-20210417-1ubuntu1` | `11.1.0-1ubuntu1~21.04` | Apt | | `libx11-6` | `2:1.7.0-2build2` | `2:1.7.0-2ubuntu0.1` | Apt | | `libx11-data` | `2:1.7.0-2build2` | `2:1.7.0-2ubuntu0.1` | Apt | | `nodejs` | `14.16.1-deb-1nodesource1` | `14.17.1-deb-1nodesource1` | Apt | | `python3.9` | `3.9.4-1` | `3.9.5-3~21.04` | Apt | | `python3.9-minimal` | `3.9.4-1` | `3.9.5-3~21.04` | Apt | #### Files The following file modifications were detected: | Name | Current | Proposed | Diff | | ---- | ------- | -------- | ---- | | `/etc/alternatives` (16 files changed) | | `+` | `234b` | | `/etc/dpkg` (2 files changed) | | `+` | `513b` | | `/etc/fonts` (83 files changed) | | `+` | `281kb` | | `/etc/ld.so.cache` | `8.0kb` | `11kb` | `2.5kb` | | `/etc/ld.so.conf.d/fakeroot-x86_64-linux-gnu.conf` | | `+` | `38b` | | `/etc/shadow` | `501b` | `501b` | `0b` | | `/etc/ucf.conf` | | `+` | `1.2kb` | | `/root/.config/configstore/update-notifier-npm.json` | `55b` | `55b` | `0b` | | `/usr/bin` (153 files changed) | `76mb` | `111mb` | `36mb` | | `/usr/include` (2240 files changed) | `157kb` | `58mb` | `58mb` | | `/usr/lib` (6118 files changed) | `110mb` | `578mb` | `468mb` | | `/usr/local/share/fonts` | | `+` | `0b` | | `/usr/share` (255 files changed) | `83kb` | `14mb` | `14mb` | | `/var/cache` (5 files changed) | `1.3mb` | `1.3mb` | `55kb` | | `/var/lib` (249 files changed) | `1.0mb` | `2.2mb` | `1.1mb` | | `/var/log` (6 files changed) | `294kb` | `358kb` | `64kb` | #### History The following differences in [`docker history`](https://docs.docker.com/engine/reference/commandline/history/) were detected: ```diff -/bin/sh -c #(nop) ADD file:02894cee5038672d49552ed4cbdc916eee556012ff8862205876bd3155e1f083 in / +/bin/sh -c #(nop) ADD file:d6b6ba642344138dc401cd05c31eb2c55db70b91adba5f1bf9c4957a1f3caa64 in / /bin/sh -c set -xe && echo '#!/bin/sh' > /usr/sbin/policy-rc.d && echo 'exit 101' >> /usr/sbin/policy-rc.d && chmod +x /usr/sbin/policy-rc.d && dpkg-divert --local --rename --add /sbin/initctl && cp -a /usr/sbin/policy-rc.d /sbin/initctl && sed -i 's/^exit.*/exit 0/' /sbin/initctl && echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup && echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean && echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean && echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean && echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/docker-no-languages && echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/docker-gzip-indexes && echo 'Apt::AutoRemove::SuggestsImportant "false";' > /etc/apt/apt.conf.d/docker-autoremove-suggests /bin/sh -c [ -z "$(apt-get indextargets)" ] /bin/sh -c mkdir -p /run/systemd && echo 'docker' > /run/systemd/container /bin/sh -c #(nop) CMD ["/bin/bash"] -RUN apt-get update && apt-get install -y git=1:2.30.2-1ubuntu1 && apt-get clean -y && rm -rf /var/cache/apt /var/lib/apt/lists/* /tmp/* /var/tmp/* -RUN apt-get update && apt-get install -y curl=7.74.0-1ubuntu2 && curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs=14.16.1-deb-1nodesource1 && apt-get remove -y curl && apt-get autoremove -y && apt-get clean -y && rm -rf /var/cache/apt /var/lib/apt/lists/* /tmp/* /var/tmp/* -RUN npm install -g @atomist/skill@0.9.1 && rm -rf /root/.npm/ +RUN apt-get update && apt-get install -y git=1:2.30.2-1ubuntu1 && apt-get clean -y && rm -rf /var/cache/apt /var/lib/apt/lists/* /tmp/* /var/tmp/* +RUN apt-get update && apt-get install -y build-essential=12.8ubuntu3 curl=7.74.0-1ubuntu2 && curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt-get update && apt-get install -y nodejs=14.17.1-deb-1nodesource1 && apt-get remove -y curl && apt-get autoremove -y && apt-get clean -y && rm -rf /var/cache/apt /var/lib/apt/lists/* /tmp/* /var/tmp/* +RUN npm install -g @atomist/skill@0.11.0 && rm -rf /root/.npm/ +RUN apt-get update && apt-get install -y liblz4-1=1.9.3-1ubuntu0.1 && apt-get clean -y && rm -rf /var/cache/apt /var/lib/apt/lists/* /tmp/* /var/tmp/* ``` #### Ports No different exposed ports detected #### Environment Variables No different environment variables detected ---

Pinning FROM lines to digests makes your builds repeatable. Atomist will raise new pull requests whenever the tag moves, so that you know when the base image has been updated. You can follow a new tag at any time. Just replace the digest with the new tag you want to follow. Atomist, will switch to following this new tag.

File changed:

atomist/docker-base-image-policy · Configure

atomist[bot] commented 3 years ago

badge

This pull request introduces 10 vulnerabilities compared to main branch d1220bb.

Detected a total of 13 (+10|-3) medium vulnerabilities in Docker image gcr.io/atomist-container-skills/npm-vulnerability-scanner-skill digest sha256:326eb2ed724e18e7064622528bd0f95f696c604048253ff92af73eaf18bd6489.

The changes should be carefully reviewed. More details are available in the detailed report.