[Snyk] Security upgrade alpine from 3.18.3 to 3.22.1

[cruizen]

Snyk has created this PR to fix 3 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• Dockerfile

We recommend upgrading to alpine:3.22.1, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	CVE-2023-5363 SNYK-ALPINE318-OPENSSL-6032386	614
	CVE-2023-5363 SNYK-ALPINE318-OPENSSL-6032386	614
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-ALPINE318-OPENSSL-7895535	614
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-ALPINE318-OPENSSL-7895535	614
	Improper Check for Unusual or Exceptional Conditions SNYK-ALPINE318-OPENSSL-6055795	514

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Access of Resource Using Incompatible Type ('Type Confusion')

Summary by Bito

This PR upgrades Alpine from version 3.18.3 to 3.22.1 in the Dockerfile to address multiple security vulnerabilities. The update spans across various build stages to maintain consistency throughout the container setup. This change strengthens the overall security posture and follows containerization best practices.

[bito-code-review]

Code Review Agent Run #04b430

Actionable Suggestions - 0

Additional Suggestions - 1

• Dockerfile - 1

  • Duplicated Alpine version across multiple FROM statements · Line 44-44
    The Alpine version update to 3.22.1 creates a semantic duplication issue as the same version is already defined in lines 25 and 31. Consider using a build arg or environment variable to define the version once.
    Code suggestion

     @@ -1,5 +1,6 @@
    +ARG ALPINE_VERSION=3.22.1
     
    -FROM alpine:3.22.1 AS stager
    +FROM alpine:${ALPINE_VERSION} AS stager
     
      RUN mkdir -p /var/dex
     @@ -28,7 +29,7 @@
      COPY config.docker.yaml /etc/dex/
     
    -FROM alpine:3.22.1 AS gomplate
    +FROM alpine:${ALPINE_VERSION} AS gomplate
     
      ARG TARGETOS
      ARG TARGETARCH
     @@ -41,7 +42,7 @@
          && chmod +x /usr/local/bin/gomplate
     
      # For Dependabot to detect base image versions
    -FROM alpine:3.22.1 AS alpine
    +FROM alpine:${ALPINE_VERSION} AS alpine
      FROM gcr.io/distroless/static:latest AS distroless
     
      FROM $BASE_IMAGE

Review Details

• Files reviewed - 1 · Commit Range: 805e1c4..805e1c4

  • Dockerfile
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Default Agent You can customize the agent settings here or contact your Bito workspace admin at mithil@platform9.com.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[bito-code-review]

Changelist by Bito

This pull request implements the following key changes.

Key Change	Files Impacted
Bug Fix - Alpine Image Security Update	- Dockerfile - Updated Alpine base image from 3.18.3 to 3.22.1 in multiple build stages (stager, gomplate, alpine) to address known vulnerabilities and enhance security.