[Snyk] Security upgrade python from 3.11-slim to 3.13.0a4-slim #171

Closed

luketainton wants to merge 1 commits from snyk-fix-ef4cc2819957ab863da2857e5232a165 into main

pull from: snyk-fix-ef4cc2819957ab863da2857e5232a165

merge into: repos:main

Conversation 2 Commits 1 Files Changed 1 +1 -1

luketainton commented 2024-03-02 08:11:24 +01:00 (Migrated from github.com)

Copy Link

This PR was automatically created by Snyk using the credentials of a real user.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

• Dockerfile

We recommend upgrading to python:3.13.0a4-slim, as this image has only 45 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity	Priority Score / 1000	Issue	Exploit Maturity
	182	Out-of-Bounds SNYK-DEBIAN12-GLIBC-1547196	No Known Exploit
	182	Out-of-Bounds SNYK-DEBIAN12-GLIBC-1547196	No Known Exploit
	178	Improper Certificate Validation SNYK-DEBIAN12-PERL-5489184	No Known Exploit
	182	CVE-2005-2541 SNYK-DEBIAN12-TAR-1560620	No Known Exploit
	264	Integer Overflow or Wraparound SNYK-DEBIAN12-ZLIB-6008963	No Known Exploit

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

<p>This PR was automatically created by Snyk using the credentials of a real user.</p><br />Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image. #### Changes included in this PR - Dockerfile We recommend upgrading to `python:3.13.0a4-slim`, as this image has only 45 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected. Some of the most important vulnerabilities in your base image include: | Severity | Priority Score / 1000 | Issue | Exploit Maturity | | :------: | :-------------------- | :---- | :--------------- | |  | **182** | Out-of-Bounds <br/>[SNYK-DEBIAN12-GLIBC-1547196](https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547196) | No Known Exploit | |  | **182** | Out-of-Bounds <br/>[SNYK-DEBIAN12-GLIBC-1547196](https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547196) | No Known Exploit | |  | **178** | Improper Certificate Validation <br/>[SNYK-DEBIAN12-PERL-5489184](https://snyk.io/vuln/SNYK-DEBIAN12-PERL-5489184) | No Known Exploit | |  | **182** | CVE-2005-2541 <br/>[SNYK-DEBIAN12-TAR-1560620](https://snyk.io/vuln/SNYK-DEBIAN12-TAR-1560620) | No Known Exploit | |  | **264** | Integer Overflow or Wraparound <br/>[SNYK-DEBIAN12-ZLIB-6008963](https://snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963) | No Known Exploit | --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI0ZTk1YjAzYS0xMjNmLTQzMmMtYjYxOS1hYTcwZmQxMzQ4NjEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjRlOTViMDNhLTEyM2YtNDMyYy1iNjE5LWFhNzBmZDEzNDg2MSJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/luketainton/project/bb2acb95-6cb0-453b-8345-ae0e1c4cc3fb?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/luketainton/project/bb2acb95-6cb0-453b-8345-ae0e1c4cc3fb?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings) [//]: # 'snyk:metadata:{"prId":"4e95b03a-123f-432c-b619-aa70fd134861","prPublicId":"4e95b03a-123f-432c-b619-aa70fd134861","dependencies":[{"name":"python","from":"3.11-slim","to":"3.13.0a4-slim"}],"packageManager":"dockerfile","projectPublicId":"bb2acb95-6cb0-453b-8345-ae0e1c4cc3fb","projectUrl":"https://app.snyk.io/org/luketainton/project/bb2acb95-6cb0-453b-8345-ae0e1c4cc3fb?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-DEBIAN12-ZLIB-6008963","SNYK-DEBIAN12-TAR-1560620","SNYK-DEBIAN12-GLIBC-1547196","SNYK-DEBIAN12-PERL-5489184"],"upgrade":["SNYK-DEBIAN12-GLIBC-1547196","SNYK-DEBIAN12-GLIBC-1547196","SNYK-DEBIAN12-PERL-5489184","SNYK-DEBIAN12-TAR-1560620","SNYK-DEBIAN12-ZLIB-6008963"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[264,182,182,178],"remediationStrategy":"vuln"}' --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc&#x3D;fix-pr)

sonarqubecloud[bot] commented 2024-03-02 08:13:06 +01:00 (Migrated from github.com)

Copy Link

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

## [](https://sonarcloud.io/dashboard?id=luketainton_roboluke-tasks&pullRequest=171) **Quality Gate passed** Issues  [0 New issues](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=171&resolved=false&inNewCodePeriod=true)  [0 Accepted issues](https://sonarcloud.io/component_measures?id=luketainton_roboluke-tasks&pullRequest=171&metric=new_accepted_issues&view=list) Measures  [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=luketainton_roboluke-tasks&pullRequest=171&resolved=false&inNewCodePeriod=true)  No data about Coverage  [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=luketainton_roboluke-tasks&pullRequest=171&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=luketainton_roboluke-tasks&pullRequest=171)

luketainton commented 2024-07-13 13:32:15 +02:00 (Migrated from github.com)

Copy Link

Superseded by #201

Superseded by #201

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

Something isn't working

dependencies

Pull requests that update a dependency file

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

security

wontfix

This will not be worked on

Compat/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

The priority is critical

Priority

High

The priority is high

Priority

Low

The priority is low

Priority

Medium

The priority is medium

Reviewed

Confirmed

Issue has been confirmed

Reviewed

Duplicate

This issue or pull request already exists

Reviewed

Invalid

Invalid issue

Reviewed

Won't Fix

This issue won't be fixed

Status

Abandoned

Somebody has started to work on this but abandoned work

Status

Blocked

Something is blocking this issue or pull request

Status

Need More Info

Feedback is required to reproduce issue or to continue work

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: repos/roboluke#171

No description provided.