Upgrade nginx base image in DockerFile

[sahilpatil2997]

The nginx base image version 1.27.0-alpine has some critical vulnerabilities, so please upgrade the base image of nginx in the DockerFile and upgrade the docker image version of the swagger-ui

The vulnerabilities using the v5.17.14 is mentioned in the screenshot

These vulnerabilities are mainly in the nginx 1.27.0-alpine docker image like this

The nginx 1.27.0-alpine doesn't have much vulnerabilities

So please upgrade the nginx docker image to 1.27.0-alpine

[navalBhagat]

Hi, I am a first time contributor and was looking for a good first issue.
I'm a bit confused though. You mention that the docker image should be upgraded to 1.27.0-alpine, but it is already using that. Do you mean 1.27.1/2-alpine? And is this something the dependabot already does, or does it only do it for major version changes?

[sahilpatil2997]

Hey @navalBhagat,

You mention that the docker image should be upgraded to 1.27.0-alpine, but it is already using that

I said to upgrade the nginx base image in the DockerFile to 1.27.1-alpine, 1.27.0-alpine has some critical vulnerabilities that the newer version does not have, I suggested this version because there were few major and not critical vulnerabilities, you are free to upgrade to whichever version you like keeping in mind that the version should have any critical vulnerabilities

And is this something the dependabot already does, or does it only do it for major version changes

I think dependabot is scanning the image but no one is looking at the report, most of the Docker Build has failed, as per the list, please do look at the Docker Build Pipeline/Security check reports as well

[navalBhagat]

Thanks for clarifying! I'll pick up this issue :)