[Snyk] Security upgrade python from 3.7-alpine to 3.13-alpine

[karencapiiro]

Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_django/Dockerfile

We recommend upgrading to python:3.13-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Integer Overflow or Wraparound SNYK-ALPINE318-EXPAT-7908292	263
	Integer Overflow or Wraparound SNYK-ALPINE318-EXPAT-7908293	263
	Out-of-bounds Write SNYK-ALPINE318-OPENSSL-6152404	167
	Out-of-bounds Write SNYK-ALPINE318-OPENSSL-6152404	167
	CVE-2023-5363 SNYK-ALPINE318-OPENSSL-6032386	162

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[rafikmojr]

Checkmarx One – Scan Summary & Details – fdaff7ed-b229-4547-9b31-48bdcb5431d7

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2024-31573	Maven-org.xmlunit:xmlunit-core-2.9.1	Vulnerable Package
	CVE-2024-22259	Maven-org.springframework:spring-web-6.0.11	Vulnerable Package
	CVE-2024-22262	Maven-org.springframework:spring-web-6.0.11	Vulnerable Package
	CVE-2024-23672	Maven-org.apache.tomcat.embed:tomcat-embed-websocket-10.1.11	Vulnerable Package
	CVE-2024-23672	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.11	Vulnerable Package
	CVE-2024-24549	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.11	Vulnerable Package
	CVE-2024-34750	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.11	Vulnerable Package
	CVE-2024-38809	Maven-org.springframework:spring-web-6.0.11	Vulnerable Package
	CVE-2024-38816	Maven-org.springframework:spring-webmvc-6.0.11	Vulnerable Package
	Missing User Instruction	/Dockerfile: 1	A user should be specified in the dockerfile, otherwise the image will run as root
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	CVE-2024-28863	Npm-tar-6.1.11	Vulnerable Package
	CVE-2024-29025	Maven-io.netty:netty-codec-http-4.1.94.Final	Vulnerable Package
	CVE-2024-29025	Maven-io.netty:netty-codec-http-4.1.92.Final	Vulnerable Package
	Cx14b19a02-387a	Npm-body-parser-1.20.3	Vulnerable Package
	Unpinned Package Version in Pip Install	/Dockerfile: 8	Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
	Healthcheck Instruction Missing	/Dockerfile: 1	Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
	IAM Access Analyzer Not Enabled	/main.tf: 21	IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
	Pip install Keeping Cached Packages	/Dockerfile: 8	When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller

Fixed Issues

Severity	Issue	Source File / Package
	Client_DOM_XSS	/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js: 28
	Client_DOM_XSS	/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js: 28
	Client_DOM_XSS	/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js: 28
	Cxab55612e-3a56	Npm-braces-3.0.2
	Missing User Instruction	/Dockerfile: 1
	OS_Access_Violation	/deps/rabbitmq_codegen/amqp_codegen.py: 273
	OS_Access_Violation	/deps/rabbitmq_codegen/amqp_codegen.py: 273
	S3 Bucket SSE Disabled	/main.tf: 21
	S3 Bucket Without Enabled MFA Delete	/main.tf: 21
	CVE-2007-2379	Npm-jquery-3.5.1
	CVE-2014-6071	Npm-jquery-3.5.1
	CVE-2023-34055	Maven-org.springframework.boot:spring-boot-3.1.2
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/deps/rabbitmq_management/priv/www/js/prefs.js: 11
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/deps/rabbitmq_management/priv/www/js/prefs.js: 42
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/deps/rabbitmq_management/priv/www/js/prefs.js: 12
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/deps/rabbitmq_management/priv/www/js/prefs.js: 41
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/deps/rabbitmq_management/priv/www/js/prefs.js: 12
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/deps/rabbitmq_management/priv/www/js/prefs.js: 11
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/deps/rabbitmq_management/priv/www/js/prefs.js: 32
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/deps/rabbitmq_management/priv/www/js/prefs.js: 32
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/deps/rabbitmq_management/priv/www/js/prefs.js: 38
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/deps/rabbitmq_management/priv/www/js/prefs.js: 33
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/deps/rabbitmq_management/priv/www/js/prefs.js: 38
	Client_HTML5_Store_Sensitive_data_In_Web_Storage	/deps/rabbitmq_management/priv/www/js/prefs.js: 33
	Client_Potential_XSS	/deps/rabbitmq_web_stomp_examples/priv/temp-queue.html: 74
	Client_Potential_XSS	/deps/rabbitmq_web_stomp_examples/priv/temp-queue.html: 69
	Client_Potential_XSS	/deps/rabbitmq_web_stomp_examples/priv/echo.html: 67
	Client_Potential_XSS	/deps/rabbitmq_web_mqtt_examples/priv/echo.html: 70
	Client_Potential_XSS	/deps/rabbitmq_management/priv/www/js/main.js: 715
	Client_Potential_XSS	/deps/rabbitmq_management/priv/www/js/main.js: 683
	Client_Potential_XSS	/deps/rabbitmq_management/priv/www/js/main.js: 935
	Client_Potential_XSS	/deps/rabbitmq_management/priv/www/js/main.js: 935
	Client_Potential_XSS	/deps/rabbitmq_management/priv/www/js/main.js: 935
	Client_Potential_XSS	/deps/rabbitmq_management/priv/www/js/main.js: 935
	Host Namespace is Shared	/docker-compose-dist-tls.yml: 14
	Host Namespace is Shared	/docker-compose.yml: 4
	Host Namespace is Shared	/docker-compose-qq.yml: 51
	Host Namespace is Shared	/docker-compose-dist-tls.yml: 46
	Host Namespace is Shared	/docker-compose.yml: 4
	Host Namespace is Shared	/docker-compose-overview.yml: 173
	Host Namespace is Shared	/docker-compose.yml: 4
	Host Namespace is Shared	/docker-compose-overview.yml: 99
	Host Namespace is Shared	/docker-compose-overview.yml: 131
	Host Namespace is Shared	/docker-compose-dist-tls.yml: 58
	Host Namespace is Shared	/docker-compose-dist-metrics.yml: 46
	Host Namespace is Shared	/docker-compose-overview.yml: 56
	Host Namespace is Shared	/docker-compose-dist-metrics.yml: 52
	Host Namespace is Shared	/docker-compose-metrics.yml: 35
	Host Namespace is Shared	/docker-compose-overview.yml: 43
	Host Namespace is Shared	/docker-compose-metrics.yml: 45
	Host Namespace is Shared	/docker-compose-dist-tls.yml: 52
	Host Namespace is Shared	/docker-compose-metrics.yml: 14
	Host Namespace is Shared	/docker-compose-overview.yml: 113
	Host Namespace is Shared	/docker-compose-overview.yml: 14
	Host Namespace is Shared	/docker-compose.yml: 32
	Host Namespace is Shared	/docker-compose-qq.yml: 45
	Host Namespace is Shared	/docker-compose-overview.yml: 71
	Host Namespace is Shared	/docker-compose-overview.yml: 49
	Host Namespace is Shared	/docker-compose-overview.yml: 150
	Host Namespace is Shared	/docker-compose-overview.yml: 85
	Host Namespace is Shared	/docker-compose.yml: 3
	Host Namespace is Shared	/docker-compose-overview.yml: 162
	Host Namespace is Shared	/docker-compose.yml: 19
	Host Namespace is Shared	/docker-compose-qq.yml: 39
	Host Namespace is Shared	/docker-compose-dist-metrics.yml: 14
	Host Namespace is Shared	/docker-compose-metrics.yml: 61
	Host Namespace is Shared	/docker-compose-dist-metrics.yml: 59
	Host Namespace is Shared	/docker-compose-qq.yml: 14
	Host Namespace is Shared	/docker-compose-dist-tls.yml: 77
	Improper_Restriction_of_XXE_Ref	/deps/amqp10_common/codegen.py: 119
	Networks Not Set	/docker-compose.yml: 4
	Networks Not Set	/docker-compose.yml: 4
	Networks Not Set	/docker-compose.yml: 4
	Object_Access_Violation	/deps/rabbit/test/temp/rabbitmqadmin.py: 309
	Object_Access_Violation	/deps/rabbit/test/temp/rabbitmqadmin.py: 309
	Object_Access_Violation	/deps/rabbit/test/temp/rabbitmqadmin.py: 309
	Path_Traversal	/deps/rabbitmq_codegen/amqp_codegen.py: 273
	Path_Traversal	/deps/rabbitmq_codegen/amqp_codegen.py: 273
	Path_Traversal	/deps/rabbit/test/temp/rabbitmqadmin.py: 309
	Pip install Keeping Cached Packages	/Dockerfile: 8
	SSRF	/deps/rabbit/test/temp/rabbitmqadmin.py: 309
	SSRF	/deps/rabbit/test/temp/rabbitmqadmin.py: 309
	Unpinned Package Version in Pip Install	/Dockerfile: 8
	Client_DOM_Open_Redirect	/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js: 28
	Client_DOM_Open_Redirect	/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js: 28
	Client_DOM_Open_Redirect	/deps/rabbitmq_management/priv/www/js/oidc-oauth/helper.js: 28
	Healthcheck Instruction Missing	/Dockerfile: 1
	Log_Forging	/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_spring_boot/src/main/java/com/rabbitmq/examples/AuthBackendHttpController.java: 58
	Log_Forging	/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_spring_boot/src/main/java/com/rabbitmq/examples/AuthBackendHttpController.java: 39
	Log_Forging	/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_spring_boot/src/main/java/com/rabbitmq/examples/AuthBackendHttpController.java: 39
	Log_Forging	/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_spring_boot/src/main/java/com/rabbitmq/examples/AuthBackendHttpController.java: 64
	Log_Forging	/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_spring_boot/src/main/java/com/rabbitmq/examples/RabbitMqAuthBackendHttp.java: 47
	Log_Forging	/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_spring_boot/src/main/java/com/rabbitmq/examples/AuthBackendHttpController.java: 52