Merge pull request #50 from cyber-dojo/fix-snyk-vulnerability

Upgrade libcurl in Dockerfile to move past new snyk vulnerability
cyber-dojo · Oct 5, 2024 · 70daa65 · 70daa65
2 parents 43fa65b + 0bdc812
commit 70daa65
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/.snyk b/.snyk
@@ -14,4 +14,5 @@ ignore:
     - '*':
         reason: No fix available
         expires: 2024-11-06T10:03:36.581Z
-        created: 2024-10-06T10:03:36.589Z
+        created: 2024-10-03T10:03:36.589Z
+
diff --git a/Dockerfile b/Dockerfile
@@ -7,6 +7,7 @@ RUN gem install --no-document 'concurrent-ruby'
 RUN apk add curl # https://security.snyk.io/vuln/SNYK-ALPINE320-CURL-7838598
 
 RUN apk add libexpat=2.6.3-r0  # https://security.snyk.io/vuln/SNYK-ALPINE319-EXPAT-7908399
+RUN apk add libcurl=8.10.1-r0  # https://security.snyk.io/vuln/SNYK-ALPINE320-CURL-7931858
 
 WORKDIR /runner
 COPY . .

diff --git a/sh/containers_up_healthy_and_clean.sh b/sh/containers_up_healthy_and_clean.sh
@@ -89,7 +89,7 @@ clean_top_5()
 {
   # 1st 5 lines on Puma
   local -r L1="Puma starting in single mode..."
-  local -r L2='* Puma version: 6.4.2 (ruby 3.3.3-p89) ("The Eagle of Durango")'
+  local -r L2='* Puma version: 6.4.3 (ruby 3.3.3-p89) ("The Eagle of Durango")'
   local -r L3="*  Min threads: 0"
   local -r L4="*  Max threads: 5"
   local -r L5="*  Environment: production"