[Snyk] Security upgrade python from 3.13.3-alpine to 3.14.3-alpine #62
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE322-SQLITE-10872094 - https://snyk.io/vuln/SNYK-ALPINE322-OPENSSL-15121112 - https://snyk.io/vuln/SNYK-ALPINE322-OPENSSL-15121113 - https://snyk.io/vuln/SNYK-ALPINE322-OPENSSL-15121196 - https://snyk.io/vuln/SNYK-ALPINE322-OPENSSL-15121223
There was a problem hiding this comment.
Pull request overview
Updates the Docker base image to address Snyk-reported vulnerabilities in the container dependency stack.
Changes:
- Upgraded the Docker base image from
python:3.13.3-alpinetopython:3.14.3-alpinein both build and runtime stages.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ENV FOLDERISTIC_DOCKER = 1 | ||
| ENV FOLDERISTIC_COMMIT_ID = ${commit_id} |
There was a problem hiding this comment.
ENV lines use spaces around = (ENV FOLDERISTIC_DOCKER = 1, ENV FOLDERISTIC_COMMIT_ID = ${commit_id}), which Docker treats as part of the value (e.g., value becomes "= 1" / "= "). This can break consumers expecting the raw commit id (e.g., get_commit_id() fallback reads FOLDERISTIC_COMMIT_ID). Use ENV FOLDERISTIC_DOCKER=1 and ENV FOLDERISTIC_COMMIT_ID=${commit_id} (or the ENV key value form without =) to set the intended values.
| ENV FOLDERISTIC_DOCKER = 1 | |
| ENV FOLDERISTIC_COMMIT_ID = ${commit_id} | |
| ENV FOLDERISTIC_DOCKER=1 | |
| ENV FOLDERISTIC_COMMIT_ID=${commit_id} |
| ARG commit_id | ||
|
|
||
| FROM python:3.13.3-alpine as base | ||
| FROM python:3.14.3-alpine as base |
There was a problem hiding this comment.
ARG commit_id is never provided by compose.yaml (no build.args), so FOLDERISTIC_COMMIT_ID will be empty in typical docker compose up usage. If this value is required at runtime (e.g., for get_commit_id() fallback), consider wiring the build arg through compose, providing a default, or removing the commit-id plumbing from the image.
2 participants
Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
DockerfileWe recommend upgrading to
python:3.14.3-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-ALPINE322-SQLITE-10872094
SNYK-ALPINE322-OPENSSL-15121112
SNYK-ALPINE322-OPENSSL-15121113
SNYK-ALPINE322-OPENSSL-15121196
SNYK-ALPINE322-OPENSSL-15121223
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.