[Snyk] Security upgrade alpine from 3.19 to 3.20 #3

Merged

luketainton merged 1 commits from snyk-fix-f62d944886f71fc373ffe145cbcb462e into master 2024-09-07 07:48:58 +00:00

Conversation 0 Commits 1 Files Changed 1 +1 -1

luketainton commented 2024-09-06 09:08:50 +00:00 (Migrated from github.com)

Copy Link

Snyk has created this PR to fix 1 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• Dockerfile

We recommend upgrading to alpine:3.20, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	CVE-2024-6119 SNYK-ALPINE319-OPENSSL-7895536	54
	CVE-2024-6119 SNYK-ALPINE319-OPENSSL-7895536	54

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

 ### Snyk has created this PR to fix 1 vulnerabilities in the dockerfile dependencies of this project. Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image. #### Snyk changed the following file(s): - `Dockerfile` We recommend upgrading to `alpine:3.20`, as this image has only **0** known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected. #### Vulnerabilities that will be fixed with an upgrade: | | Issue | Score | :-------------------------:|:-------------------------|:-------------------------  | CVE-2024-6119 <br/>[SNYK-ALPINE319-OPENSSL-7895536](https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-7895536) | &nbsp;&nbsp;**54**&nbsp;&nbsp;  | CVE-2024-6119 <br/>[SNYK-ALPINE319-OPENSSL-7895536](https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-7895536) | &nbsp;&nbsp;**54**&nbsp;&nbsp; --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJiM2FhMDQ3YS1iMDY3LTQyMjktYjg4Yy1mNzZiMDY5NTFjNjYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImIzYWEwNDdhLWIwNjctNDIyOS1iODhjLWY3NmIwNjk1MWM2NiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/luketainton/project/40c3db53-812a-4cbd-b7a7-2c776508a967?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) 🛠 [Adjust project settings](https://app.snyk.io/org/luketainton/project/40c3db53-812a-4cbd-b7a7-2c776508a967?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc&#x3D;fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"alpine","from":"3.19","to":"3.20"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-ALPINE319-OPENSSL-7895536","priority_score":54,"priority_score_factors":[{"name":"confidentiality"},{"name":"integrity"},{"name":"availability"},{"name":"scope"},{"name":"exploitCodeMaturity"},{"name":"userInteraction"},{"name":"privilegesRequired"},{"name":"attackComplexity"},{"name":"attackVector"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 04 2024 15:09:58 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"low"},{"name":"relativePopularityRank","value":0},{"name":"impact","value":2.33},{"name":"likelihood","value":2.3},{"name":"scoreVersion","value":"V5"}],"severity":"low","title":"CVE-2024-6119"},{"exploit_maturity":"No Known Exploit","id":"SNYK-ALPINE319-OPENSSL-7895536","priority_score":54,"priority_score_factors":[{"name":"confidentiality"},{"name":"integrity"},{"name":"availability"},{"name":"scope"},{"name":"exploitCodeMaturity"},{"name":"userInteraction"},{"name":"privilegesRequired"},{"name":"attackComplexity"},{"name":"attackVector"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 04 2024 15:09:58 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"low"},{"name":"relativePopularityRank","value":0},{"name":"impact","value":2.33},{"name":"likelihood","value":2.3},{"name":"scoreVersion","value":"V5"}],"severity":"low","title":"CVE-2024-6119"}],"prId":"b3aa047a-b067-4229-b88c-f76b06951c66","prPublicId":"b3aa047a-b067-4229-b88c-f76b06951c66","packageManager":"dockerfile","priorityScoreList":[54],"projectPublicId":"40c3db53-812a-4cbd-b7a7-2c776508a967","projectUrl":"https://app.snyk.io/org/luketainton/project/40c3db53-812a-4cbd-b7a7-2c776508a967?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-ALPINE319-OPENSSL-7895536","SNYK-ALPINE319-OPENSSL-7895536"],"vulns":["SNYK-ALPINE319-OPENSSL-7895536"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

Compat/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

The priority is critical

Priority

High

The priority is high

Priority

Low

The priority is low

Priority

Medium

The priority is medium

Reviewed

Confirmed

Issue has been confirmed

Reviewed

Duplicate

This issue or pull request already exists

Reviewed

Invalid

Invalid issue

Reviewed

Won't Fix

This issue won't be fixed

Status

Abandoned

Somebody has started to work on this but abandoned work

Status

Blocked

Something is blocking this issue or pull request

Status

Need More Info

Feedback is required to reproduce issue or to continue work

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

Alexander.Lyall ai-review-bot flows-bot gitea-actions-bot luke renovate-bot

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: repos/docker-radius#3