-
Notifications
You must be signed in to change notification settings - Fork 44.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Security upgrade python from 3.11-slim-buster to 3.11.10-slim-bookworm #8557
Conversation
update readme
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN10-EXPAT-6227596 - https://snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 - https://snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 - https://snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 - https://snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196
PR Reviewer Guide 🔍Here are some key observations to aid the review process:
|
This PR targets the Automatically setting the base branch to |
✅ Deploy Preview for auto-gpt-docs canceled.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it necessary to pin the patch version? Otherwise using 3.11-slim-bookworm
would be more practical.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, we can use 3.11-slim-bookworm. However, feel free to merge as is if you'd rather get this in faster or modify it and merge without waiting for re-approval
This one has been validated for security so specificially chosen, we should target moving to 3.12/3.13 anyway soon |
Snyk has created this PR to fix 3 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
autogpt_platform/market/Dockerfile
We recommend upgrading to
python:3.11.10-slim-bookworm
, as this image has only 41 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-DEBIAN10-EXPAT-6227596
SNYK-DEBIAN10-NCURSES-1655739
SNYK-DEBIAN10-NCURSES-1655739
SNYK-DEBIAN10-NCURSES-5421196
SNYK-DEBIAN10-NCURSES-5421196
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Resource Exhaustion