[Snyk] Security upgrade nginx from 1.26-alpine to 1.29.1-alpine

[YounixM]

Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• frontend/Dockerfile

We recommend upgrading to nginx:1.29.1-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Out-of-bounds Read SNYK-ALPINE320-LIBXML2-10165474	614
	Unchecked Return Value SNYK-ALPINE320-LIBXML2-10165475	614

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

Important

Upgrade nginx base image in frontend/Dockerfile to fix security vulnerabilities.

• Dockerfile Update:
  • Upgrade base image in frontend/Dockerfile from nginx:1.26-alpine to nginx:1.29.1-alpine.
• Security:
  • Fixes vulnerabilities: Out-of-bounds Read (SNYK-ALPINE320-LIBXML2-10165474) and Unchecked Return Value (SNYK-ALPINE320-LIBXML2-10165475).

^{This description was created by for 4368707. You can customize this summary. It will automatically update as commits are pushed.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 4368707 in 23 seconds. Click for details.

• Reviewed 10 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 1 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. frontend/Dockerfile:1

• Draft comment:
  The FROM directive has been updated to nginx:1.29.1-alpine for security fixes. Please verify that no breaking changes have been introduced in the new version that may affect our custom configuration or static file handling.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is asking the PR author to verify potential breaking changes due to a version update. It violates the rule against asking the author to ensure behavior is intended or to double-check things. The comment is not providing a specific code suggestion or asking for a specific test to be written, so it should be removed.

Workflow ID: wflow_lEMUA0DOAcmazHRa

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}