[Snyk] Security upgrade python from 3.7-alpine to 3.12.0a1-alpine

[ekmixon]

Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• test-utils/tap2junit/Dockerfile

We recommend upgrading to python:3.12.0a1-alpine, as this image has only 18 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Integer Overflow or Wraparound SNYK-ALPINE318-EXPAT-7908292	786
	Integer Overflow or Wraparound SNYK-ALPINE318-EXPAT-7908293	786
	XML External Entity (XXE) Injection SNYK-ALPINE318-EXPAT-7908294	786
	Resource Exhaustion SNYK-ALPINE318-EXPAT-6241039	614
	CVE-2023-5363 SNYK-ALPINE318-OPENSSL-6032386	614

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 XML External Entity (XXE) Injection
🦉 Resource Exhaustion

[secure-code-warrior-for-github]

Micro-Learning Topic: Integer overflow (Detected by phrase)

Matched on "Integer Overflow"

What is this? (2min video)

Integer overflow occurs when the result of arithmetic operation is greater than the maximum value the integer data type can store.
For example, if an integer data type allows integers up to two bytes or 16 bits in length (or an unsigned number up to decimal 65,535), and two integers are to be added together that will exceed the value of 65,535, the result will be integer overflow.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Resource exhaustion (Detected by phrase)

Matched on "Resource Exhaustion"

What is this? (2min video)

Allocating objects or timers with user-controlled sizes or durations can cause resource exhaustion.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: External entity injection (Detected by phrase)

Matched on "XXE"

What is this? (2min video)

An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.

Try a challenge in Secure Code Warrior

Helpful references

• OWASP XML External Entity (XXE) Processing - OWASP community page with comprehensive information about XML external entity attacks, and links to various OWASP resources to help detect or prevent it.
• MSDN Security Briefs - XML Denial of Service Attacks and Defenses - An MSDN Magazine article that goes into detail on XML entity attacks and how to defend against them.
• OWASP XML External Entity Prevention Cheat Sheet - This article is focused on providing clear, simple, actionable guidance for preventing XML external entity flaws in your applications.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.