New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade python from 3.9.13-alpine to 3.10.10-alpine #135

Closed

snyk-bot wants to merge 1 commit into develop from snyk-fix-20d7802d5e4bfb947d53958cf000afd7

Contributor

snyk-bot commented May 12, 2023

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

Dockerfile

We recommend upgrading to python:3.10.10-alpine, as this image has only 1 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity	Priority Score / 1000	Issue	Exploit Maturity
	400	Out-of-bounds Read SNYK-ALPINE316-E2FSPROGS-3339843	No Known Exploit
	400	Double Free SNYK-ALPINE316-OPENSSL-3314624	No Known Exploit
	400	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-ALPINE316-OPENSSL-3314641	No Known Exploit
	400	Use After Free SNYK-ALPINE316-OPENSSL-3314643	No Known Exploit
	400	Improper Certificate Validation SNYK-ALPINE316-OPENSSL-3368756	No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use After Free


          fix: Dockerfile to reduce vulnerabilities

50f1ca6

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE316-E2FSPROGS-3339843
- https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314624
- https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314641
- https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3314643
- https://snyk.io/vuln/SNYK-ALPINE316-OPENSSL-3368756

snyk-bot requested review from dav3r, felddy, jsf9k and mcdonnnj as code owners

May 12, 2023 16:44

Member

mcdonnnj commented May 31, 2024

Snyk has been removed from the organization.

mcdonnnj closed this

mcdonnnj deleted the snyk-fix-20d7802d5e4bfb947d53958cf000afd7 branch

June 5, 2024 09:02

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

dav3r Awaiting requested review from dav3r dav3r is a code owner

felddy Awaiting requested review from felddy felddy is a code owner

jsf9k Awaiting requested review from jsf9k jsf9k is a code owner

mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner