[core] Fix OS and Node.js dependency vulnerabilities#1964
Open
RootPath43 wants to merge 1 commit intodevlikeapro:corefrom
Open
[core] Fix OS and Node.js dependency vulnerabilities#1964RootPath43 wants to merge 1 commit intodevlikeapro:corefrom
RootPath43 wants to merge 1 commit intodevlikeapro:corefrom
Conversation
Apply security patches for 100+ CVEs across OS packages and Node.js dependencies. Dockerfile: - Add apt-get upgrade in release stage to pull Debian security patches - Covers CVEs in: chromium, gpgv, imagemagick, libaom, glibc, expat, harfbuzz, libvips, sqlite, zlib, xvfb, openexr, pam, libssh, libtiff, libheif, libjxl, openldap, matio, mbedtls, libzvbi, xdg-utils, hdf5 Node.js (package.json): - Update axios ^1.9.0 -> ^1.13.6 (CVE-2025-58754, CVE-2026-25639) - Add resolutions for vulnerable transitive dependencies: multer >=2.1.1, tar 7.5.11, tar-fs >=3.1.2, serialize-javascript >=7.0.4, validator >=13.15.26, fast-xml-parser >=5.5.2, form-data >=4.0.5, basic-ftp >=5.2.0, @isaacs/brace-expansion 5.0.1, minimatch 10.2.3, glob 10.5.0 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Apply security patches for over 42 CVEs across OS packages and Node.js dependencies, especially those with 'High' and 'Critical' severity ratings.
Dockerfile:
Node.js (package.json):
Remediated Vulnerabilities:
CVE-2026-3536
CVE-2026-3537
CVE-2026-3538
CVE-2026-3539
CVE-2026-3540
CVE-2026-3541
CVE-2026-3542
CVE-2026-3543
CVE-2026-3544
CVE-2026-3545
CVE-2025-68973
CVE-2026-25897
CVE-2026-25898
CVE-2026-25968
CVE-2026-25970
CVE-2026-25983
CVE-2026-25988
CVE-2026-24481
CVE-2026-24485
CVE-2026-25795
CVE-2026-25796
CVE-2026-25798
CVE-2026-25799
CVE-2026-26066
CVE-2026-26283
CVE-2026-27798
CVE-2025-58754
CVE-2026-25639
CVE-2026-27699
CVE-2026-25896
CVE-2026-26278
CVE-2025-7783
CVE-2026-2359
CVE-2026-3304
CVE-2026-3520
CVE-2025-59343
CVE-2025-12758
GHSA-5c6j-r48x-rmvq