From a26676c942a3bafb98b394c9aea6ef6cb57fbbd8 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Tue, 16 May 2023 20:16:15 +0200 Subject: [PATCH] [Snyk] Security upgrade alpine from 3.17 to 3 (#3402) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image. #### Changes included in this PR - build/Dockerfile We recommend upgrading to `alpine:3`, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected. Some of the most important vulnerabilities in your base image include: | Severity | Priority Score / 1000 | Issue | Exploit Maturity | | :------: | :-------------------- | :---- | :--------------- | | ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **300** | Out-of-bounds Read
[SNYK-ALPINE317-OPENSSL-5438697](https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5438697) | No Known Exploit | | ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **300** | Out-of-bounds Read
[SNYK-ALPINE317-OPENSSL-5438697](https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5438697) | No Known Exploit | --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: 🧐 [View latest project report](https://app.snyk.io/org/alcion/project/4c1165db-1d77-4278-b861-48e29b49c4e7?utm_source=github-enterprise&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/alcion/project/4c1165db-1d77-4278-b861-48e29b49c4e7?utm_source=github-enterprise&utm_medium=referral&page=fix-pr/settings) [//]: # 'snyk:metadata:{"prId":"a1ae06b2-1f6a-403a-9830-56e8e4aba809","prPublicId":"a1ae06b2-1f6a-403a-9830-56e8e4aba809","dependencies":[{"name":"alpine","from":"3.17","to":"3"}],"packageManager":"dockerfile","projectPublicId":"4c1165db-1d77-4278-b861-48e29b49c4e7","projectUrl":"https://app.snyk.io/org/alcion/project/4c1165db-1d77-4278-b861-48e29b49c4e7?utm_source=github-enterprise&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-ALPINE317-OPENSSL-5438697"],"upgrade":["SNYK-ALPINE317-OPENSSL-5438697","SNYK-ALPINE317-OPENSSL-5438697"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[300],"remediationStrategy":"vuln"}' --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr) --- build/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/Dockerfile b/build/Dockerfile index fc0f17419..0c3b41247 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -6,7 +6,7 @@ COPY src . ARG CORSO_BUILD_LDFLAGS="" RUN go build -o corso -ldflags "$CORSO_BUILD_LDFLAGS" -FROM alpine:3.17 +FROM alpine:3 LABEL org.opencontainers.image.title="Corso" LABEL org.opencontainers.image.description="Free, Secure, and Open-Source Backup for Microsoft 365"