From 60e4d223fd40c8505c40446dd39da13a6a8ae58c Mon Sep 17 00:00:00 2001
From: Philipp Belitz <philipp.belitz@securesystems.de>
Date: Thu, 3 Nov 2022 17:17:35 +0100
Subject: [PATCH] fix: fixes docker build and trivy scan

There is a transitiv dependency on frozenlist, which updated their package for python 3.11, but didn't add the package to pypi wheels. Thus, building on python >= 3.11 fails the whole docker building process ([issue](https://github.com/aio-libs/frozenlist/issues/342)). Switching to python 3.10. Secondly, there are two more vulnerabilities due to cosign, which cannot be fixed on our side. Ignore listing them until cosign publishes a new version.
---
 .trivyignore      | 5 ++---
 docker/Dockerfile | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/.trivyignore b/.trivyignore
index bc0596998..eaace6938 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -1,3 +1,2 @@
-CVE-2022-23628
-CVE-2022-28946
-CVE-2022-28948
+CVE-2022-32149
+GHSA-69ch-w2m2-3vjp
diff --git a/docker/Dockerfile b/docker/Dockerfile
index a2ac532e4..da34fcfde 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3-alpine as base
+FROM python:3.10-alpine as base
 
 # Build dependencies
 FROM base as builder