Open sahilpatil2997 opened 3 weeks ago
Hi, I am a first time contributor and was looking for a good first issue.
I'm a bit confused though. You mention that the docker image should be upgraded to 1.27.0-alpine
, but it is already using that. Do you mean 1.27.1/2-alpine
? And is this something the dependabot
already does, or does it only do it for major version changes?
Hey @navalBhagat,
You mention that the docker image should be upgraded to 1.27.0-alpine, but it is already using that
I said to upgrade the nginx
base image in the DockerFile
to 1.27.1-alpine
, 1.27.0-alpine
has some critical vulnerabilities that the newer version does not have, I suggested this version because there were few major and not critical vulnerabilities, you are free to upgrade to whichever version you like keeping in mind that the version should have any critical vulnerabilities
And is this something the dependabot already does, or does it only do it for major version changes
I think dependabot is scanning the image but no one is looking at the report, most of the Docker Build has failed, as per the list, please do look at the Docker Build Pipeline/Security check reports as well
Thanks for clarifying! I'll pick up this issue :)
The @swagger-bot merged this PR #10163, but still the vulnerability persists, please merge #10161, so that the vulnerabilities are resolved and also the build job, will pass, please check into it
The nginx base image version
1.27.0-alpine
has some critical vulnerabilities, so please upgrade the base image of nginx in the DockerFile and upgrade the docker image version of theswagger-ui
The vulnerabilities using the
v5.17.14
is mentioned in the screenshotThese vulnerabilities are mainly in the nginx
1.27.0-alpine
docker image like thisThe nginx
1.27.0-alpine
doesn't have much vulnerabilitiesSo please upgrade the nginx docker image to
1.27.0-alpine