From 519496ecd589e786e52cd8857021d24bac0afa0e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 15 Feb 2024 01:27:10 +0000
Subject: [PATCH 1/2] Bump nginx from 1.25.3-alpine to 1.25.4-alpine in /build

Bumps nginx from 1.25.3-alpine to 1.25.4-alpine.

---
updated-dependencies:
- dependency-name: nginx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 build/Dockerfile.nginx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/Dockerfile.nginx b/build/Dockerfile.nginx
index 5e1512e84c..1ae975280d 100644
--- a/build/Dockerfile.nginx
+++ b/build/Dockerfile.nginx
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1.6
-FROM nginx:1.25.3-alpine
+FROM nginx:1.25.4-alpine
 
 ARG NJS_DIR
 ARG NGINX_CONF_DIR

From ad5bb2c4b8fc819bbe2febb6fcace77605f46243 Mon Sep 17 00:00:00 2001
From: Luca Comellini <luca.com@gmail.com>
Date: Wed, 14 Feb 2024 23:39:52 -0800
Subject: [PATCH 2/2] Remove fixed CVEs

---
 build/Dockerfile.nginx | 2 --
 1 file changed, 2 deletions(-)

diff --git a/build/Dockerfile.nginx b/build/Dockerfile.nginx
index 1ae975280d..729588db69 100644
--- a/build/Dockerfile.nginx
+++ b/build/Dockerfile.nginx
@@ -9,8 +9,6 @@ RUN apk add --no-cache libcap \
     && mkdir -p /var/lib/nginx /usr/lib/nginx/modules \
     && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
     && setcap -v 'cap_net_bind_service=+ep' /usr/sbin/nginx \
-    # Update packages for CVE-2023-52425 and CVE-2024-25062
-    && apk --no-cache upgrade libexpat libxml2 \
     && apk del libcap
 
 COPY ${NJS_DIR}/httpmatches.js /usr/lib/nginx/modules/njs/httpmatches.js