[Snyk] Security upgrade ubuntu from 16.04 to xenial-20210114 #2537
Conversation
Dockerfile
Outdated
| @@ -6,7 +6,7 @@ | |||
| # Please note that it'll use about 1.2 GB disk space and about 15 minutes to | |||
| # build this image, it depends on your hardware. | |||
|
|
|||
| FROM ubuntu:16.04 | |||
| FROM ubuntu:xenial-20210114 | |||
There was a problem hiding this comment.
Well, I really prefer not to specify such precise version tag as it'll only make it obsolete more frequently.
There was a problem hiding this comment.
I prefer to stay the way that we just specify the LTS version of it ;)
There was a problem hiding this comment.
What tag can we use that would avoid this?
There was a problem hiding this comment.
I'm not sure what "if the master branch's tag auto-updated" means? When xenial-20210114 was tagged, I believe xenial and 16.04 will also be updated, just not specified to be a certain snapshot like xenial-20210114, but that'll be good enough for me.
There was a problem hiding this comment.
hmm. then that implies that snyk shouldn't be warning on this at all. let me ask them.
There was a problem hiding this comment.
Hi folks 👋
I shared with the team internally at Snyk.
Looks like there's some planned work for this on Q4 although I'm not sure to which detail/extent. Might be to update/rebase a PR, or to manage the noise level down.
There was a problem hiding this comment.
Cool, thanks @lirantal !
There was a problem hiding this comment.
Nothing new on my end yet, but feel free to reach out with a ping here or https://twitter.com/liran_tal if you wanted to chime in on anything.
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1298778 - https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131 - https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131 - https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131 - https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131
ljharb
force-pushed
the
snyk-fix-9965d6401b654027444efb1538b14d61
branch
from
e84c91b
to
58f6575
Compare
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Changes included in this PR
We recommend upgrading to
ubuntu:xenial-20210114, as this image has only 47 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Some of the most important vulnerabilities in your base image include:
SNYK-UBUNTU1604-BASH-542609
SNYK-UBUNTU1604-SYSTEMD-346739
SNYK-UBUNTU1604-SYSTEMD-346739
SNYK-UBUNTU1604-SYSTEMD-346739
SNYK-UBUNTU1604-SYSTEMD-346739
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings