Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade ubuntu from latest to 20.04 #371

Merged
merged 1 commit into from
Oct 7, 2021
Merged

[Snyk] Security upgrade ubuntu from latest to 20.04 #371

merged 1 commit into from
Oct 7, 2021

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Oct 1, 2021

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • testdata/acceptance/deb.dockerfile

We recommend upgrading to ubuntu:20.04, as this image has only 14 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
low severity 321 Improper Check for Dropped Privileges
SNYK-UBUNTU2004-BASH-581100		 Mature
low severity 364 Information Exposure
SNYK-UBUNTU2004-LIBGCRYPT20-1297919		 No Known Exploit
medium severity 514 Use of a Broken or Risky Cryptographic Algorithm
SNYK-UBUNTU2004-LIBGCRYPT20-1583851		 No Known Exploit
low severity 150 Time-of-check Time-of-use (TOCTOU)
SNYK-UBUNTU2004-SHADOW-577863		 No Known Exploit
low severity 150 Time-of-check Time-of-use (TOCTOU)
SNYK-UBUNTU2004-SHADOW-577863		 No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

@pull-request-size pull-request-size bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Oct 1, 2021
@vercel
Copy link

vercel bot commented Oct 1, 2021
edited
Loading

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/goreleaser/nfpm/EHJf6NTTLRWfcAiX3CAccawR3Ffa
✅ Preview: https://nfpm-git-snyk-fix-385375922a975db170f758061f3f7ee6-goreleaser.vercel.app

@vercel vercel bot temporarily deployed to Preview October 1, 2021 22:41 Inactive
@codecov
Copy link

codecov bot commented Oct 1, 2021

Codecov Report

Merging #371 (7814295) into master (444fec5) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #371   +/-   ##
=======================================
  Coverage   65.03%   65.03%           
=======================================
  Files          14       14           
  Lines        1284     1284           
=======================================
  Hits          835      835           
  Misses        313      313           
  Partials      136      136

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 444fec5...7814295. Read the comment docs.

@caarlos0 caarlos0 merged commit df14bee into master Oct 7, 2021
@caarlos0 caarlos0 deleted the snyk-fix-385375922a975db170f758061f3f7ee6 branch October 7, 2021 17:43
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 7, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @caarlos0