[Snyk] Security upgrade alpine from latest to 3.18.3

[TheRedHatter]

This PR was automatically created by Snyk using the credentials of a real user.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

• vendor/github.com/projectdiscovery/mapcidr/Dockerfile

We recommend upgrading to alpine:3.18.3, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity	Issue	Exploit Maturity
	Improper Authentication SNYK-ALPINE318-OPENSSL-5776808	No Known Exploit
	Improper Authentication SNYK-ALPINE318-OPENSSL-5776808	No Known Exploit
	Inefficient Regular Expression Complexity SNYK-ALPINE318-OPENSSL-5788370	No Known Exploit
	Inefficient Regular Expression Complexity SNYK-ALPINE318-OPENSSL-5788370	No Known Exploit
	CVE-2023-3817 SNYK-ALPINE318-OPENSSL-5821142	No Known Exploit

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Inefficient Regular Expression Complexity

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[prisma-cloud-devsecops]

Prisma Cloud has found errors in this PR ⬇️

[prisma-cloud-devsecops]

  A user for the container has not been created
    Resource: /vendor/github.com/projectdiscovery/mapcidr/Dockerfile. | Checkov ID: CKV_DOCKER_3

Description

Containers should run as a non-root user.
It is good practice to run the container as a non-root user, where possible.
This can be done either via the USER directive in the Dockerfile or through gosu or similar where used as part of the CMD or ENTRYPOINT directives.

[prisma-cloud-devsecops]

  Healthcheck instructions have not been added to container images
    Resource: /vendor/github.com/projectdiscovery/mapcidr/Dockerfile. | Checkov ID: CKV_DOCKER_2

Description

We recommend that you add the HEALTHCHECK instruction to your Docker container images to ensure that health checks are executed against running containers.
An important security control is that of availability.
Adding the HEALTHCHECK instruction to your container image ensures that the Docker engine periodically checks the running container instances against that instruction to ensure that containers are still operational.
Based on the results of the health check, the Docker engine could terminate containers which are not responding correctly, and instantiate new ones.

[TheRedHatter]

Checkmarx One – Scan Summary & Details – 9da60500-34ff-49a7-a9f3-36db1cf26381

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	Buffer_Improper_Index_Access	/vendor/github.com/DataDog/zstd/zstd_lazy.c: 937	Attack Vector
	Buffer_Improper_Index_Access	/vendor/github.com/DataDog/zstd/zstd_compress_literals.c: 152	Attack Vector
	CVE-2023-37896	Go-github.com/projectdiscovery/nuclei/v2-v2.7.7	Vulnerable Package
	Missing User Instruction	/Dockerfile: 4	A user should be specified in the dockerfile, otherwise the image will run as root
	Off_by_One_Error	/vendor/github.com/DataDog/zstd/zstd_lazy.c: 937	Attack Vector
	Off_by_One_Error	/vendor/github.com/DataDog/zstd/zstd_compress_literals.c: 152	Attack Vector
	Healthcheck Instruction Missing	/Dockerfile: 4	Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working

Fixed Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	Missing User Instruction	/Dockerfile: 4	A user should be specified in the dockerfile, otherwise the image will run as root
	Denial_Of_Service_Resource_Exhaustion	/vendor/google.golang.org/appengine/internal/api.go: 431	Attack Vector
	Denial_Of_Service_Resource_Exhaustion	/vendor/google.golang.org/appengine/internal/api.go: 423	Attack Vector
	Denial_Of_Service_Resource_Exhaustion	/vendor/google.golang.org/appengine/internal/api.go: 423	Attack Vector
	Denial_Of_Service_Resource_Exhaustion	/vendor/google.golang.org/appengine/internal/api.go: 423	Attack Vector
	Denial_Of_Service_Resource_Exhaustion	/lib/util/util.go: 210	Attack Vector
	Denial_Of_Service_Resource_Exhaustion	/vendor/github.com/shirou/gopsutil/v3/internal/common/common.go: 130	Attack Vector
	Denial_Of_Service_Resource_Exhaustion	/vendor/github.com/shirou/gopsutil/v3/internal/common/common.go: 130	Attack Vector
	Denial_Of_Service_Resource_Exhaustion	/vendor/github.com/shirou/gopsutil/v3/internal/common/common.go: 130	Attack Vector
	Denial_Of_Service_Resource_Exhaustion	/vendor/github.com/shirou/gopsutil/v3/internal/common/common.go: 325	Attack Vector
	Denial_Of_Service_Resource_Exhaustion	/vendor/github.com/shirou/gopsutil/v3/internal/common/common.go: 325	Attack Vector
	Denial_Of_Service_Resource_Exhaustion	/vendor/github.com/rivo/uniseg/gen_properties.go: 63	Attack Vector
	Denial_Of_Service_Resource_Exhaustion	/vendor/github.com/rivo/uniseg/gen_properties.go: 63	Attack Vector
	Image Version Using 'latest'	/Dockerfile: 4	When building images, always tag them with useful tags which codify version information, intended destination (prod or test, for instance), stabili...
	Healthcheck Instruction Missing	/Dockerfile: 4	Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working