Problem
The docker job in build.yml fails on every open PR (and master) at the Trivy scan step. Build, test-elicitation, and CodeQL all pass — only Trivy is red.
Trivy (severity: CRITICAL,HIGH, ignore-unfixed: true, exit-code: 1) reports exactly one finding:
Total: 1 (HIGH: 1, CRITICAL: 0)
sigstore CVE-2026-48815 HIGH fixed 3.1.0 -> 4.1.1
target: usr/lib/node_modules/npm/node_modules/sigstore/package.json
CVE-2026-48815 (GHSA-52v5-jr5w-gjxr, CWE-347): sigstore < 4.1.1 silently drops the certificateOIDs option in sigstore.verify(), so required certificate-extension OIDs are never enforced. Integrity-only.
Why it can't be patched via overrides
The flagged instance is inside npm's own bundle (/usr/lib/node_modules/npm/...), installed by NodeSource's Node 22 (npm 10.x bundles sigstore 3.1.0). This is the same situation as the existing picomatch .trivyignore entry — package.json overrides only reach our tool tree at /usr/local/lib/node_modules/, not npm's internal bundle. Upgrading npm is the documented dead end.
Reachability
Only exploitable by a caller invoking sigstore.verify() with a certificateOIDs constraint. The daedalus image builds PDFs; it never publishes npm packages nor verifies sigstore attestations at runtime, so the path is never exercised.
Remediation
Add a targeted .trivyignore entry for CVE-2026-48815 scoped to the npm-bundle path, mirroring the documented picomatch precedent, with a justification comment. Remove when NodeSource ships a Node.js whose bundled npm includes sigstore >= 4.1.1.
Note
Unblocks the 6 open Dependabot PRs (#55–#60), which are red solely due to this shared job — not the dependency bumps themselves.
Problem
The
dockerjob inbuild.ymlfails on every open PR (andmaster) at the Trivy scan step. Build, test-elicitation, and CodeQL all pass — only Trivy is red.Trivy (
severity: CRITICAL,HIGH,ignore-unfixed: true,exit-code: 1) reports exactly one finding:CVE-2026-48815 (GHSA-52v5-jr5w-gjxr, CWE-347): sigstore < 4.1.1 silently drops the
certificateOIDsoption insigstore.verify(), so required certificate-extension OIDs are never enforced. Integrity-only.Why it can't be patched via
overridesThe flagged instance is inside npm's own bundle (
/usr/lib/node_modules/npm/...), installed by NodeSource's Node 22 (npm 10.x bundles sigstore 3.1.0). This is the same situation as the existingpicomatch.trivyignoreentry —package.jsonoverrides only reach our tool tree at/usr/local/lib/node_modules/, not npm's internal bundle. Upgrading npm is the documented dead end.Reachability
Only exploitable by a caller invoking
sigstore.verify()with acertificateOIDsconstraint. The daedalus image builds PDFs; it never publishes npm packages nor verifies sigstore attestations at runtime, so the path is never exercised.Remediation
Add a targeted
.trivyignoreentry forCVE-2026-48815scoped to the npm-bundle path, mirroring the documented picomatch precedent, with a justification comment. Remove when NodeSource ships a Node.js whose bundled npm includes sigstore >= 4.1.1.Note
Unblocks the 6 open Dependabot PRs (#55–#60), which are red solely due to this shared job — not the dependency bumps themselves.