The Circle ci/cd pipeline failed because of a vulnerability Snyk found while scanning the built images. That vulnerability has to do with expat/expat, which was introduced by Python@3.8-alpine.
We are updating the version of Python used in the images to fix this issue.
What actually happened?
Snyk failed the ci/cd pipeline.
Impact
High
Urgency
Now
What browsers are you seeing the problem on?
No response
What operating system are you using?
No response
Relevant log output
#!/bin/bash -eo pipefail
snyk test --docker geekzone/backend:$TAG --severity-threshold=high --fail-on-issues=true
Testing ********/backend:0.1.2095...
✗ Critical severity vulnerability found in expat/expat
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-ALPINE316-EXPAT-3028183
Introduced through: expat/expat@2.4.8-r0, .python-rundeps@20220908.000525
From: expat/expat@2.4.8-r0
From: .python-rundeps@20220908.000525 > expat/expat@2.4.8-r0
Image layer: Introduced by your base image (python:3.8.14-alpine3.16)
Fixed in: 2.4.9-r0
Organization: ********hq
Package manager: apk
Project name: docker-image|********/backend
Docker image: ********/backend:0.1.2095
Platform: linux/amd64
Base image: python:3.8.14-alpine3.16
Licenses: enabled
Tested 74 dependencies for known issues, found 1 issue.
According to our scan, you are currently using the most secure version of the selected base image
Exited with code exit status 1
Code of Conduct
[X] I agree to follow this project's Code of Conduct
What did you expect?
The Circle ci/cd pipeline failed because of a vulnerability Snyk found while scanning the built images. That vulnerability has to do with expat/expat, which was introduced by Python@3.8-alpine.
We are updating the version of Python used in the images to fix this issue.
What actually happened?
Snyk failed the ci/cd pipeline.
Impact
High
Urgency
Now
What browsers are you seeing the problem on?
No response
What operating system are you using?
No response
Relevant log output
Code of Conduct