fix: fixes docker build and trivy scan

There is a transitiv dependency on frozenlist, which updated their package for python 3.11, but didn't add the package to pypi wheels. Thus, building on python >= 3.11 fails the whole docker building process ([issue](aio-libs/frozenlist#342)). Switching to python 3.10. Secondly, there are two more vulnerabilities due to cosign, which cannot be fixed on our side. Ignore listing them until cosign publishes a new version.
sse-secure-systems · Nov 3, 2022 · 60e4d22 · 60e4d22
1 parent da020e7
commit 60e4d22
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 4 deletions.
diff --git a/.trivyignore b/.trivyignore
@@ -1,3 +1,2 @@
-CVE-2022-23628
-CVE-2022-28946
-CVE-2022-28948
+CVE-2022-32149
+GHSA-69ch-w2m2-3vjp
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3-alpine as base
+FROM python:3.10-alpine as base
 
 # Build dependencies
 FROM base as builder