[Snyk] Security upgrade alpine from 3.18.3 to 3.21.3

[cruizen]

Snyk has created this PR to fix 3 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• Dockerfile

We recommend upgrading to alpine:3.21.3, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	CVE-2023-5363 SNYK-ALPINE318-OPENSSL-6032386	614
	CVE-2023-5363 SNYK-ALPINE318-OPENSSL-6032386	614
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-ALPINE318-OPENSSL-7895535	614
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-ALPINE318-OPENSSL-7895535	614
	Out-of-bounds Write SNYK-ALPINE318-BUSYBOX-6913411	514

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Access of Resource Using Incompatible Type ('Type Confusion')

Summary by Bito

This PR updates the Dockerfile by upgrading from alpine:3.18.3 to alpine:3.21.3 across multiple build stages. The change focuses on incorporating recent security patches and fixes to address known vulnerabilities, thereby enhancing the overall security posture of container builds.

[bito-code-review]

Code Review Agent Run #b8dd2f

Actionable Suggestions - 0

Additional Suggestions - 1

• Dockerfile - 1

  • Duplicate Alpine version definition across Dockerfile · Line 44-44
    The Alpine version is updated to 3.21.3 in line 44, but this version is already used in lines 25 and 31. This creates semantic duplication as the same version is defined in multiple places.
    code suggestion

     @@ -24,11 +24,13 @@
      RUN make release-binary
     
    -FROM alpine:3.21.3 AS stager
    +ARG ALPINE_VERSION=3.21.3
    +
    +FROM alpine:${ALPINE_VERSION} AS stager
     
      RUN mkdir -p /var/dex
      RUN mkdir -p /etc/dex
      COPY config.docker.yaml /etc/dex/
     
    -FROM alpine:3.21.3 AS gomplate
    +FROM alpine:${ALPINE_VERSION} AS gomplate
     
      ARG TARGETOS
      ARG TARGETARCH
     @@ -41,7 +43,7 @@
          && chmod +x /usr/local/bin/gomplate
     
      # For Dependabot to detect base image versions
    -FROM alpine:3.21.3 AS alpine
    +FROM alpine:${ALPINE_VERSION} AS alpine
      FROM gcr.io/distroless/static:latest AS distroless
     
      FROM $BASE_IMAGE

Review Details

• Files reviewed - 1 · Commit Range: eb63a9c..eb63a9c

  • Dockerfile
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Default Agent You can customize the agent settings here or contact your Bito workspace admin at mithil@platform9.com.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[bito-code-review]

Changelist by Bito

This pull request implements the following key changes.

Key Change	Files Impacted
Bug Fix - Alpine Base Image Security Upgrade	- Dockerfile - Updated the alpine base image version from 3.18.3 to 3.21.3 in all build stages to address security vulnerabilities.

[indradhanush]

Outdated by #43.