Merge pull request #441 from step-security/fix/vulnerabilities

Raj-StepSecurity · web-flow · commit 9d673ef686ba · 2025-10-14T12:40:32.000+05:30
fix: fix both docker vulns and package vulns
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:lts-alpine@sha256:9bef0ef1e268f60627da9ba7d7605e8831d5b56ad07487d24d1aa386336d1944
+FROM node:lts-alpine@sha256:dbcedd8aeab47fbc0f4dd4bffa55b7c3c729a707875968d467aaaea42d6225af
 
 RUN mkdir -p /var/task/
 
diff --git a/osv-scanner.toml b/osv-scanner.toml
@@ -5,3 +5,7 @@ reason = "Axios URL is not user-controlled"
 [[IgnoredVulns]]
 id = "GHSA-952p-6rrq-rcjv"
 reason = "It is a test dependency"
+
+[[IgnoredVulns]]
+id = "GHSA-52f5-9888-hmc6"
+reason = "It is dependency used to lint commit messages, hence can be ignored"

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM node:lts-alpine@sha256:9bef0ef1e268f60627da9ba7d7605e8831d5b56ad07487d24d1aa386336d1944`
	`1`	`+FROM node:lts-alpine@sha256:dbcedd8aeab47fbc0f4dd4bffa55b7c3c729a707875968d467aaaea42d6225af`
`2`	`2`
`3`	`3`	`RUN mkdir -p /var/task/`
`4`	`4`