Jayden/AFFiNE-Mirror
1
0
Fork 0
mirror of https://github.com/toeverything/AFFiNE.git synced 2026-02-04 00:28:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
canary
AFFiNE-Mirror/.devcontainer/docker-compose.yml
OrbisAI Sec b5ebd20314 fix(core): prevent container privilege escalation in .devcontainer/docker-compose.yml (#13814) 
**Context and Purpose:**

This PR automatically remediates a security vulnerability:
- **Description:** Service 'app' allows for privilege escalation via
setuid or setgid binaries. Add 'no-new-privileges:true' in
'security_opt' to prevent this.
- **Rule ID:**
yaml.docker-compose.security.no-new-privileges.no-new-privileges
- **Severity:** HIGH
- **File:** .devcontainer/docker-compose.yml
- **Lines Affected:** 4 - 4

This change is necessary to protect the application from potential
security risks associated with this vulnerability.

**Solution Implemented:**

The automated remediation process has applied the necessary changes to
the affected code in `.devcontainer/docker-compose.yml` to resolve the
identified issue.

Please review the changes to ensure they are correct and integrate as
expected.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
  * Enhanced security configuration for the development environment.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-10-28 13:34:04 +08:00

993 B
Raw Permalink Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink