search

caiquesergio / juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
https://owasp-juice.shop
MIT License
0 stars 0 forks source link

[Snyk] Security upgrade alpine from latest to 3.17.3 #16

Open caiquesergio opened 1 year ago

caiquesergio commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image. #### Changes included in this PR - test/smoke/Dockerfile We recommend upgrading to `alpine:3.17.3`, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected. Some of the most important vulnerabilities in your base image include: | Severity | Issue | Exploit Maturity | | :------: | :---- | :--------------- | | ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | CVE-2023-0464
[SNYK-ALPINE317-OPENSSL-3368755](https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-3368755) | No Known Exploit | | ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | CVE-2023-0464
[SNYK-ALPINE317-OPENSSL-3368755](https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-3368755) | No Known Exploit | --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: 🧐 [View latest project report](https://app.snyk.io/org/caiquesergio/project/3b0fafce-df88-429e-9ee2-ff800e3dd11b?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/caiquesergio/project/3b0fafce-df88-429e-9ee2-ff800e3dd11b?utm_source=github&utm_medium=referral&page=fix-pr/settings) [//]: # 'snyk:metadata:{"prId":"e711e78d-4b65-4997-83e0-21adee7b937f","prPublicId":"e711e78d-4b65-4997-83e0-21adee7b937f","dependencies":[{"name":"alpine","from":"latest","to":"3.17.3"}],"packageManager":"dockerfile","projectPublicId":"3b0fafce-df88-429e-9ee2-ff800e3dd11b","projectUrl":"https://app.snyk.io/org/caiquesergio/project/3b0fafce-df88-429e-9ee2-ff800e3dd11b?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-ALPINE317-OPENSSL-3368755"],"upgrade":["SNYK-ALPINE317-OPENSSL-3368755","SNYK-ALPINE317-OPENSSL-3368755"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title"],"priorityScoreList":[null],"remediationStrategy":"vuln"}' --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)
github-advanced-security[bot] commented 1 year ago

You have successfully added a new CodeQL configuration .github/workflows/codeql-analysis.yml:analyze/language:python. As part of the setup process, we have scanned this repository and found no existing alerts. In the future, you will see all code scanning alerts on the repository Security tab.

sonarcloud[bot] commented 1 year ago

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot E 2 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

github-advanced-security[bot] commented 1 year ago

You have successfully added a new SonarCloud configuration ``. As part of the setup process, we have scanned this repository and found no existing alerts. In the future, you will see all code scanning alerts on the repository Security tab.

github-advanced-security[bot] commented 1 year ago

You have successfully added a new CodeQL configuration .github/workflows/codeql-analysis.yml:analyze/language:javascript. As part of the setup process, we have scanned this repository and found 168 existing alerts. Please check the repository Security tab to see all alerts.