[Snyk] Security upgrade nginx from 1.19-alpine to 1.29.5-alpine#4
Open
paynejd wants to merge 1 commit into
Open
[Snyk] Security upgrade nginx from 1.19-alpine to 1.29.5-alpine#4paynejd wants to merge 1 commit into
paynejd wants to merge 1 commit into
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE313-OPENSSL-2426334 - https://snyk.io/vuln/SNYK-ALPINE313-OPENSSL-2426334 - https://snyk.io/vuln/SNYK-ALPINE313-APKTOOLS-1533754 - https://snyk.io/vuln/SNYK-ALPINE313-OPENSSL-1569448 - https://snyk.io/vuln/SNYK-ALPINE313-ZLIB-2976175
paynejd
added a commit
that referenced
this pull request
May 12, 2026
…back Addresses 6 of 10 issues from snyaggarwal's PR review (bridge / multi-algo flows in a build with PRIVATE_PACKAGES_GIT enabled). #6 deferred pending diagnostics; #1/#3 expected to resolve transitively. #9 — Every candidate duplicated. mergeIntoRowMatchState now drops existing candidates whose algorithm_id matches the incoming invocation before merging the new set (mirrors the legacy onResponse `reject(...)` on allCandidates). Concept_rows whose concept_key is no longer referenced by any surviving candidate are pruned. Without this, every re-fetch (legacy load + auto-match, or repeated $match calls) stacked fresh candidate UUIDs with identical concept_keys, surfacing as duplicates in algorithm view. #5 / #10 — Fetch More: re-fires + doesn't update. Pagination append branch in onResponse now feeds the appended page into the unified state via mergeIntoRowMatchState(..., {append: true}). The new option short-circuits the same-algo drop in #9 so earlier pages stay put while the new page stacks on top. Without this, Fetch More fired the request but the unified read path never saw the new results. #4 — Target Code column always empty (and likely #3 — Candidates table view not complete). Concept.jsx grew a legacyToRowView() wrapper at the top of the component. When `concept` is a legacy concept-shape object (id, display_name, url, search_meta) instead of a unified-model tuple, the wrapper synthesizes a minimal rowView so the rest of the render path works unchanged. Covers Target Code column, Search results, decision tables, anywhere Concept is invoked with a legacy projection (mapSelected, searchedConcepts). #7 — Mapped CIEL bridge concept indicator missing in algorithm view. Concept.jsx bridge branch now passes the real isSelectedForMap function to the bridge intermediary's algoScoreFirst row instead of hard-coding `false` and `placeholderMap`. The intermediary IS mappable per spec (it gets its own ConceptRow + bucket); when the user maps it from Unified view, algorithm view now shows the Mapped indicator. #8 — Rerank sent rows with empty display_name (-100000 sentinel score). buildRerankRowsForRow filters out ConceptRows whose ConceptDefinition has no usable display_name (typically bridge cascade targets still 'pending' before ensureLoaded fills them). scheduleRerank stays re-eligible (any ConceptRow with rerank_score===undefined keeps the row scheduled), so once ensureLoaded completes the rerank refires. #2 — Bridge target mapping not logged. _onMap previously gated the log call on `concept?.url`. Bridge cascade targets may arrive without an ocl_url until $resolveReference resolves them, so the action silently dropped from project history. Log now fires when EITHER url or id is present, with object_id surfaced as a fallback identifier. Not addressed in this commit: - #1 — Score not on top (bridge case): hypothesis is this resolves transitively once #8 lands (bridge targets get rerank scores after ensureLoaded completes instead of being stuck at undefined). - #3 — Candidates table view incomplete: hypothesis is this is the same root cause as #4 (Concept bails on legacy shape). Fixed by the legacyToRowView wrapper. - #6 — Auto Match doesn't fire calls with bridge-only algo: code review doesn't reveal a smoking gun. Needs Sunny's console / network log, or a diagnostic-logging follow-up. Two-algo (bridge + ES) works in the same env which suggests state / guard issue specific to the bridge-only path. Verified: 79/79 tests pass, eslint clean, NODE_ENV=production npm run build green. Bridge / scispacy / AI Assistant staging exercise still gates merge. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
14 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
DockerfileWe recommend upgrading to
nginx:1.29.5-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-ALPINE313-OPENSSL-2426334
SNYK-ALPINE313-OPENSSL-2426334
SNYK-ALPINE313-APKTOOLS-1533754
SNYK-ALPINE313-OPENSSL-1569448
SNYK-ALPINE313-ZLIB-2976175
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Out-of-bounds Read
🦉 Out-of-bounds Write