Skip to content

[Snyk] Security upgrade python from 3.12.0rc2-alpine to 3.14.0-alpine#802

Open
jamesgeddes wants to merge 1 commit intomainfrom
snyk-fix-f177ad13729878d5cc03d26dd0f6ad7a
Open

[Snyk] Security upgrade python from 3.12.0rc2-alpine to 3.14.0-alpine#802
jamesgeddes wants to merge 1 commit intomainfrom
snyk-fix-f177ad13729878d5cc03d26dd0f6ad7a

Conversation

@jamesgeddes
Copy link
Contributor

@jamesgeddes jamesgeddes commented Oct 14, 2025

snyk-top-banner

Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

  • docker/development/Dockerfile

We recommend upgrading to python:3.14.0-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Integer Overflow or Wraparound
SNYK-ALPINE318-EXPAT-7908292		   714  
critical severity Integer Overflow or Wraparound
SNYK-ALPINE318-EXPAT-7908293		   714  
critical severity CVE-2024-37371
SNYK-ALPINE318-KRB5-8366395		   714  
high severity Resource Exhaustion
SNYK-ALPINE318-EXPAT-6241039		   614  
high severity Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
SNYK-ALPINE318-EXPAT-6446356		   614  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Resource Exhaustion

@jamesgeddes jamesgeddes requested a review from a team as a code owner October 14, 2025 08:55
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 14, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Freshrojek Freshrojek Awaiting requested review from Freshrojek Freshrojek is a code owner automatically assigned from GeekZoneHQ/q

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jamesgeddes @snyk-bot