[Snyk] Security upgrade nginx from 1.25.1 to 1.26.0

yurake commented 1 month ago

This PR was automatically created by Snyk using the credentials of a real user.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image. #### Changes included in this PR - kubernetes/nginx/Dockerfile We recommend upgrading to `nginx:1.26.0`, as this image has only 103 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected. Some of the most important vulnerabilities in your base image include: | Severity | Priority Score / 1000 | Issue | Exploit Maturity | | :------: | :-------------------- | :---- | :--------------- | | ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **829** | Out-of-bounds Write
[SNYK-DEBIAN12-GLIBC-5927132](https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-5927132) | Mature | | ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **829** | Out-of-bounds Write
[SNYK-DEBIAN12-GLIBC-5927132](https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-5927132) | Mature | | ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **721** | Out-of-bounds Write
[SNYK-DEBIAN12-GLIBC-6210098](https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-6210098) | Proof of Concept | | ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **829** | Out-of-bounds Write
[SNYK-DEBIAN12-LIBWEBP-5893095](https://snyk.io/vuln/SNYK-DEBIAN12-LIBWEBP-5893095) | Mature | | ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **844** | Resource Exhaustion
[SNYK-DEBIAN12-NGHTTP2-5953379](https://snyk.io/vuln/SNYK-DEBIAN12-NGHTTP2-5953379) | Mature | --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: 🧐 [View latest project report](https://app.snyk.io/org/yurake/project/7523b7e2-4b8a-44e2-bd07-6cb93209a863?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/yurake/project/7523b7e2-4b8a-44e2-bd07-6cb93209a863?utm_source=github&utm_medium=referral&page=fix-pr/settings) [//]: # 'snyk:metadata:{"prId":"e866c50f-de53-41b2-b9b0-e0a3eb3bb72f","prPublicId":"e866c50f-de53-41b2-b9b0-e0a3eb3bb72f","dependencies":[{"name":"nginx","from":"1.25.1","to":"1.26.0"}],"packageManager":"dockerfile","projectPublicId":"7523b7e2-4b8a-44e2-bd07-6cb93209a863","projectUrl":"https://app.snyk.io/org/yurake/project/7523b7e2-4b8a-44e2-bd07-6cb93209a863?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-DEBIAN12-NGHTTP2-5953379","SNYK-DEBIAN12-GLIBC-5927132","SNYK-DEBIAN12-LIBWEBP-5893095","SNYK-DEBIAN12-GLIBC-6210098"],"upgrade":["SNYK-DEBIAN12-GLIBC-5927132","SNYK-DEBIAN12-GLIBC-5927132","SNYK-DEBIAN12-GLIBC-6210098","SNYK-DEBIAN12-LIBWEBP-5893095","SNYK-DEBIAN12-NGHTTP2-5953379"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[844,829,829,721],"remediationStrategy":"vuln"}' --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Resource Exhaustion](https://learn.snyk.io/lesson/redos/?loc=fix-pr)

what-the-diff[bot] commented 1 month ago

PR Summary

Upgrade of Nginx Base Image The underlying image used to build the Nginx server has been updated from version 1.25.1 to the newer version 1.26.0. This provides all the enhancements and resolved issues provided by the new version, potentially improving service stability and performance.
Set TimeZone to Asia/Tokyo The TimeZone for the server has been defined as Asia/Tokyo. This change aligns server time with local office operational hours, which can simplify troubleshooting and server log analysis.
Addition of BUILD_DATE and VCS_REF Arguments Two new build arguments, BUILD_DATE and VCS_REF, have been introduced in the Dockerfile. These arguments provide traceability by holding information about the build time and the state of the code repository at the time of the build, increasing transparency and aid in debugging processes if required.