[Snyk] Security upgrade node from 20.12.2-alpine to 20.15.1-alpine
Created by: tristanrobert
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
Dockerfile.api
We recommend upgrading to node:20.15.1-alpine, as this image has only 1 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Vulnerabilities that will be fixed with an upgrade:
| Issue | Score | |
|---|---|---|
 |
Improper Control of Generation of Code ('Code Injection') SNYK-UPSTREAM-NODE-7430900 |
113 |
|
Access Restriction Bypass SNYK-UPSTREAM-NODE-7430905 |
104 |
 |
Authorization Bypass SNYK-UPSTREAM-NODE-7430907 |
82 |
|
Authorization Bypass SNYK-UPSTREAM-NODE-7430909 |
82 |
|
Improper Handling of Values SNYK-UPSTREAM-NODE-7430912 |
82 |
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
- This PR was automatically created by Snyk using the credentials of a real user.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"node","from":"20.12.2-alpine","to":"20.15.1-alpine"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-UPSTREAM-NODE-7430900","priority_score":113,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jul 09 2024 09:51:39 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":0},{"name":"impact","value":4.54},{"name":"likelihood","value":2.47},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Improper Control of Generation of Code ('Code Injection')"},{"exploit_maturity":"No Known Exploit","id":"SNYK-UPSTREAM-NODE-7430905","priority_score":104,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jul 09 2024 10:02:31 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":0},{"name":"impact","value":4.19},{"name":"likelihood","value":2.47},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Access Restriction Bypass"},{"exploit_maturity":"No Known Exploit","id":"SNYK-UPSTREAM-NODE-7430907","priority_score":82,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jul 09 2024 10:06:32 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"low"},{"name":"relativePopularityRank","value":0},{"name":"impact","value":4.19},{"name":"likelihood","value":1.96},{"name":"scoreVersion","value":"V5"}],"severity":"low","title":"Authorization Bypass"},{"exploit_maturity":"No Known Exploit","id":"SNYK-UPSTREAM-NODE-7430909","priority_score":82,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jul 09 2024 11:51:13 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"low"},{"name":"relativePopularityRank","value":0},{"name":"impact","value":4.19},{"name":"likelihood","value":1.96},{"name":"scoreVersion","value":"V5"}],"severity":"low","title":"Authorization Bypass"},{"exploit_maturity":"No Known Exploit","id":"SNYK-UPSTREAM-NODE-7430912","priority_score":82,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jul 09 2024 11:51:39 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"low"},{"name":"relativePopularityRank","value":0},{"name":"impact","value":4.19},{"name":"likelihood","value":1.96},{"name":"scoreVersion","value":"V5"}],"severity":"low","title":"Improper Handling of Values"}],"prId":"f6cd10de-de96-41ef-84e4-81289647ae67","prPublicId":"f6cd10de-de96-41ef-84e4-81289647ae67","packageManager":"dockerfile","priorityScoreList":[113,104,82,82,82],"projectPublicId":"2c1bff09-4972-482b-be58-6b862d982dfc","projectUrl":"https://app.snyk.io/org/mtes-mct/project/2c1bff09-4972-482b-be58-6b862d982dfc?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-UPSTREAM-NODE-7430900","SNYK-UPSTREAM-NODE-7430905","SNYK-UPSTREAM-NODE-7430907","SNYK-UPSTREAM-NODE-7430909","SNYK-UPSTREAM-NODE-7430912"],"vulns":["SNYK-UPSTREAM-NODE-7430900","SNYK-UPSTREAM-NODE-7430905","SNYK-UPSTREAM-NODE-7430907","SNYK-UPSTREAM-NODE-7430909","SNYK-UPSTREAM-NODE-7430912"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'