Skip to content

[Snyk] Security upgrade python from 3.12.0b4-slim-bullseye to 3.13.0a6-slim-bullseye #410

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
xsa-dev wants to merge 120 commits into
base: develop
Choose a base branch
from
Open

[Snyk] Security upgrade python from 3.12.0b4-slim-bullseye to 3.13.0a6-slim-bullseye #410

xsa-dev wants to merge 120 commits into from

Conversation

@xsa-dev
Copy link
Owner

@xsa-dev xsa-dev commented Apr 14, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • docker/Dockerfile.armhf

We recommend upgrading to python:3.13.0a6-slim-bullseye, as this image has only 78 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
high severity 829 Out-of-bounds Write
SNYK-DEBIAN11-GLIBC-5927133		 Mature
high severity 829 Out-of-bounds Write
SNYK-DEBIAN11-GLIBC-5927133		 Mature
high severity 614 Out-of-bounds Write
SNYK-DEBIAN11-NCURSES-5421197		 No Known Exploit
high severity 614 Out-of-bounds Write
SNYK-DEBIAN11-NCURSES-5421197		 No Known Exploit
high severity 614 Out-of-bounds Write
SNYK-DEBIAN11-PERL-6085272		 No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

snyk-bot and others added 30 commits July 6, 2023 01:11
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
8582a89 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
2f3a5a2 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
ea04fa6 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-5798483
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
882b2f7 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
fff59c2 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
4dc89b6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
f132d62 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
1064ba7 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
bac6a1f 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
a286446 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYDANTIC-5907722
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
8ce0c81 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYDANTIC-5926694
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
54b2cd0 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
90da97f 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
53e482b 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
5476cad 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
@xsa-dev
Merge pull request #253 from xsa-dev/snyk-fix-c2f0658a39d91c39fc168f3…
4655363 
…b06a4ce13
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
3b04352 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
eb28aec 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192
@xsa-dev
Merge branch 'freqtrade:develop' into develop
0b2a37a
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
64d1366 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
a7d94ba 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
@xsa-dev
Merge branch 'freqtrade:develop' into develop
1c0e622
@xsa-dev
Merge branch 'freqtrade:develop' into develop
314bb66
@dependabot
Bump scikit-learn from 1.1.3 to 1.3.2
6cc70fd 
Bumps [scikit-learn](https://github.com/scikit-learn/scikit-learn) from 1.1.3 to 1.3.2.
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.1.3...1.3.2)

---
updated-dependencies:
- dependency-name: scikit-learn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
a643c46 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
@xsa-dev
Merge branch 'freqtrade:develop' into develop
92fe222
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
4cb5a2a 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
ef5baf7 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
@xsa-dev
Merge branch 'freqtrade:develop' into develop
840dad6
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
03515a2 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203
xsa-dev and others added 29 commits January 26, 2024 11:07
@xsa-dev
Merge pull request #323 from xsa-dev/snyk-fix-031aeedc4d0b40357047ce0…
fd8ee24 
…3ca83d101

[Snyk] Security upgrade urllib3 from 2.0.6 to 2.0.7
@xsa-dev
Merge pull request #174 from xsa-dev/snyk-fix-0fc579b4ae6bac89b753954…
0205f0d 
…9450d4dfe

[Snyk] Security upgrade python from 3.9.16-slim-bullseye to 3.12.0b4-slim-bullseye
@xsa-dev
Merge pull request #229 from xsa-dev/snyk-fix-4644743bef5e8f49b3b339d…
ce55e59 
…16602539a

[Snyk] Security upgrade pydantic from 2.3.0 to 2.4.0
@xsa-dev
Merge branch 'develop' into snyk-fix-76963d7a6d676347a75f1ee4c84cc0a6
d0f916e
@xsa-dev
Merge pull request #231 from xsa-dev/snyk-fix-76963d7a6d676347a75f1ee…
c0b37bb 
…4c84cc0a6

[Snyk] Security upgrade pydantic from 2.3.0 to 2.4.0
@xsa-dev
Merge branch 'develop' into snyk-fix-176ea099dbab023d47a53873ca849099
ccd4a28
@xsa-dev
Merge pull request #316 from xsa-dev/snyk-fix-176ea099dbab023d47a5387…
1828172 
…3ca849099

[Snyk] Security upgrade fonttools from 4.38.0 to 4.43.0
@xsa-dev
Merge branch 'develop' into snyk-fix-b1be591ed9395036d0e658e440812886
41ee0b2
@xsa-dev
Merge pull request #320 from xsa-dev/snyk-fix-b1be591ed9395036d0e658e…
b2fe24c 
…440812886

[Snyk] Fix for 11 vulnerabilities
@xsa-dev
Merge branch 'develop' into snyk-fix-211a5afe0a2ab0f97dd03bee2fbbe48d
ef5b4ca
@xsa-dev
Merge pull request #322 from xsa-dev/snyk-fix-211a5afe0a2ab0f97dd03be…
7de40d5 
…e2fbbe48d

[Snyk] Fix for 10 vulnerabilities
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
407790e 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
@xsa-dev
Merge branch 'develop' into snyk-fix-d182d64243359b51d2ac903e90b8cb39
199ebbf
@xsa-dev
Merge pull request #325 from xsa-dev/snyk-fix-d182d64243359b51d2ac903…
e458bf1 
…e90b8cb39

[Snyk] Fix for 5 vulnerabilities
@xsa-dev
Merge pull request #327 from xsa-dev/snyk-fix-65accae55f244e45935b2b3…
5dc8784 
…ada47db31

[Snyk] Fix for 4 vulnerabilities
@xsa-dev
Merge pull request #324 from xsa-dev/snyk-fix-36c26a8f16f10c0e4378b96…
d5bd167 
…a5d329382

[Snyk] Fix for 3 vulnerabilities
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
84e8bf1 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091621
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091622
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044
@xsa-dev
Merge pull request #328 from xsa-dev/snyk-fix-6af27529f8e958427311a08…
b501426 
…1c8d5ab8b

[Snyk] Fix for 3 vulnerabilities
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
229098d 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975
@xsa-dev
Merge pull request #330 from xsa-dev/snyk-fix-6046bb06b38c53315f31e58…
a63c03b 
…559fcba96

[Snyk] Security upgrade cryptography from 41.0.6 to 42.0.0
@dependabot
chore(deps): bump peter-evans/dockerhub-description from 3 to 4
efb2a90 
Bumps [peter-evans/dockerhub-description](https://github.com/peter-evans/dockerhub-description) from 3 to 4.
- [Release notes](https://github.com/peter-evans/dockerhub-description/releases)
- [Commits](peter-evans/dockerhub-description@v3...v4)

---
updated-dependencies:
- dependency-name: peter-evans/dockerhub-description
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
495ac9a 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6149518
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6157248
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6210214
@xsa-dev
Merge pull request #342 from xsa-dev/snyk-fix-c9fa9978d4c87bbe943ca32…
38a1ecd 
…c660c24b9

[Snyk] Security upgrade cryptography from 42.0.0 to 42.0.2
@xsa-dev
Merge pull request #341 from xsa-dev/dependabot/github_actions/develo…
a51643b 
…p/peter-evans/dockerhub-description-4

chore(deps): bump peter-evans/dockerhub-description from 3 to 4
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
f00a2cd 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986
@xsa-dev
Merge pull request #345 from xsa-dev/snyk-fix-a1dcb96d68e5d859611eb3c…
6cea9ea 
…dceca636f

[Snyk] Security upgrade pillow from 9.5.0 to 10.2.0
@xsa-dev
remove mypy and discord
859cac0
@xsa-dev
Merge remote-tracking branch 'origin/TheWCKD-1s_timeframe_feature' in…
6239def 
…to develop

# Conflicts:
#	.github/workflows/docker_update_readme.yml
#	docker/Dockerfile.armhf
#	docs/requirements-docs.txt
#	requirements.txt
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
bc976c0 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-PERL-6085272
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xsa-dev @snyk-bot