[Snyk] Security upgrade python from 3.7-alpine to 3.13.0rc2-alpine #57
Conversation
…ties The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE318-EXPAT-7908292 - https://snyk.io/vuln/SNYK-ALPINE318-EXPAT-7908293 - https://snyk.io/vuln/SNYK-ALPINE318-EXPAT-7908294 - https://snyk.io/vuln/SNYK-ALPINE318-EXPAT-6241039 - https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386
Micro-Learning Topic: Integer overflow (Detected by phrase)Matched on "Integer Overflow"Integer overflow occurs when the result of arithmetic operation is greater than the maximum value the integer data type can store. Try a challenge in Secure Code WarriorMicro-Learning Topic: Resource exhaustion (Detected by phrase)Matched on "Resource Exhaustion"Allocating objects or timers with user-controlled sizes or durations can cause resource exhaustion. Try a challenge in Secure Code WarriorMicro-Learning Topic: External entity injection (Detected by phrase)Matched on "XXE"An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Try a challenge in Secure Code WarriorHelpful references
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
We have skipped reviewing this pull request. Here's why:
- It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
- We don't review packaging changes - Let us know if you'd like us to change this.
Insecure Access Control (1)
More info on how to fix Insecure Access Control in Dockerfile. 👉 Go to the dashboard for detailed results. 📥 Happy? Share your feedback with us. |
Micro-Learning Topic: Insufficient access control (Detected by phrase)Matched on "Insecure Access Control"Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users' accounts, view sensitive files, modify other users’ data, change access rights, etc. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Try a challenge in Secure Code Warrior |
Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
tests-for-this-repo/python-lint/DockerfileWe recommend upgrading to
python:3.13.0rc2-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-ALPINE318-EXPAT-7908292
SNYK-ALPINE318-EXPAT-7908293
SNYK-ALPINE318-EXPAT-7908294
SNYK-ALPINE318-EXPAT-6241039
SNYK-ALPINE318-OPENSSL-6032386
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 XML External Entity (XXE) Injection
🦉 Resource Exhaustion