fix: fixes docker build and trivy scan

There is a transitiv dependency on frozenlist, which updated their package for python 3.11, but didn't add the package to pypi wheels. Thus, building on python >= 3.11 fails the whole docker building process ([issue](aio-libs/frozenlist#342)). Switching to python 3.10. Secondly, there are two more vulnerabilities due to cosign, which cannot be fixed on our side. Ignore listing them until cosign publishes a new version.
sse-secure-systems · Nov 3, 2022 · 7bb3700 · 7bb3700
1 parent da020e7
commit 7bb3700
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 6 deletions.
diff --git a/.trivyignore b/.trivyignore
@@ -1,3 +1,2 @@
-CVE-2022-23628
-CVE-2022-28946
-CVE-2022-28948
+CVE-2022-32149
+GHSA-69ch-w2m2-3vjp
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3-alpine as base
+FROM python:3.10-alpine as base
 
 # Build dependencies
 FROM base as builder

diff --git a/helm/Chart.yaml b/helm/Chart.yaml
@@ -3,7 +3,7 @@ name: connaisseur
 description: Helm chart for Connaisseur - a Kubernetes admission controller to integrate container image signature verification and trust pinning into a cluster.
 type: application
 version: 1.4.4
-appVersion: 2.6.4
+appVersion: 2.6.5
 keywords:
   - container image
   - signature

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -1,7 +1,7 @@
 # configure Connaisseur deployment
 deployment:
   replicasCount: 3
-  image: securesystemsengineering/connaisseur:v2.6.4
+  image: securesystemsengineering/connaisseur:v2.6.5
   imagePullPolicy: IfNotPresent
   # imagePullSecrets contains an optional list of Kubernetes Secrets, in Connaisseur namespace,
   # that are needed to access the registry containing Connaisseur image.