[Snyk] Security upgrade python from 3.7-alpine to 3.14.0a1-alpine

[karencapiiro]

Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_django/Dockerfile

We recommend upgrading to python:3.14.0a1-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Integer Overflow or Wraparound SNYK-ALPINE318-EXPAT-7908292	263
	Integer Overflow or Wraparound SNYK-ALPINE318-EXPAT-7908293	263
	CVE-2024-37371 SNYK-ALPINE318-KRB5-8366395	232
	Out-of-bounds Write SNYK-ALPINE318-OPENSSL-6152404	166
	Out-of-bounds Write SNYK-ALPINE318-OPENSSL-6152404	166

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[rafikmojr]

Checkmarx One – Scan Summary & Details – f7a3d54c-1bb2-4a5c-a463-4d9774b1bec9

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2023-34034	Maven-org.springframework.security:spring-security-config-5.1.1.RELEASE	Vulnerable Package
	CVE-2023-34034	Maven-org.springframework.security:spring-security-web-5.1.1.RELEASE	Vulnerable Package
	CVE-2024-31573	Maven-org.xmlunit:xmlunit-core-2.7.0	Vulnerable Package
	CVE-2024-31573	Maven-org.xmlunit:xmlunit-core-2.6.2	Vulnerable Package
	CVE-2024-38821	Maven-org.springframework.security:spring-security-web-5.1.1.RELEASE	Vulnerable Package
	CVE-2024-52316	Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.41	Vulnerable Package
	CVE-2024-52316	Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.12	Vulnerable Package
	CVE-2023-6481	Maven-ch.qos.logback:logback-core-1.2.3	Vulnerable Package
	CVE-2023-6481	Maven-ch.qos.logback:logback-core-1.2.11	Vulnerable Package
	CVE-2024-22257	Maven-org.springframework.security:spring-security-core-5.1.1.RELEASE	Vulnerable Package
	CVE-2024-22259	Maven-org.springframework:spring-web-5.1.2.RELEASE	Vulnerable Package
	CVE-2024-22259	Maven-org.springframework:spring-web-5.3.2	Vulnerable Package
	CVE-2024-22262	Maven-org.springframework:spring-web-5.3.2	Vulnerable Package
	CVE-2024-22262	Maven-org.springframework:spring-web-5.1.2.RELEASE	Vulnerable Package
	CVE-2024-23672	Maven-org.apache.tomcat.embed:tomcat-embed-websocket-9.0.41	Vulnerable Package
	CVE-2024-23672	Maven-org.apache.tomcat.embed:tomcat-embed-websocket-9.0.12	Vulnerable Package
	CVE-2024-23672	Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.41	Vulnerable Package
	CVE-2024-23672	Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.12	Vulnerable Package
	CVE-2024-24549	Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.41	Vulnerable Package
	CVE-2024-24549	Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.12	Vulnerable Package
	CVE-2024-38286	Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.41	Vulnerable Package
	CVE-2024-38809	Maven-org.springframework:spring-web-5.3.2	Vulnerable Package
	CVE-2024-38809	Maven-org.springframework:spring-web-5.1.2.RELEASE	Vulnerable Package
	CVE-2024-38816	Maven-org.springframework:spring-webmvc-5.3.2	Vulnerable Package
	CVE-2024-38819	Maven-org.springframework:spring-webmvc-5.1.2.RELEASE	Vulnerable Package
	CVE-2024-38819	Maven-org.springframework:spring-webmvc-5.3.2	Vulnerable Package
	CVE-2024-47535	Maven-io.netty:netty-common-4.1.22.Final	Vulnerable Package
	Missing User Instruction	/Dockerfile: 1	A user should be specified in the dockerfile, otherwise the image will run as root
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Sensitive Port Is Exposed To Entire Network	/main.tf: 138	A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3	When installing a package, its pin version should be defined
	CVE-2023-1932	Maven-org.hibernate.validator:hibernate-validator-6.0.13.Final	Vulnerable Package
	CVE-2024-29025	Maven-io.netty:netty-codec-http-4.1.22.Final	Vulnerable Package
	CVE-2024-38808	Maven-org.springframework:spring-expression-5.1.2.RELEASE	Vulnerable Package
	CVE-2024-38808	Maven-org.springframework:spring-expression-5.3.2	Vulnerable Package
	CVE-2024-38827	Maven-org.springframework.security:spring-security-config-5.1.1.RELEASE	Vulnerable Package
	CVE-2024-38827	Maven-org.springframework.security:spring-security-web-5.1.1.RELEASE	Vulnerable Package
	CVE-2024-38827	Maven-org.springframework.security:spring-security-core-5.1.1.RELEASE	Vulnerable Package
	CVE-2024-38828	Maven-org.springframework:spring-webmvc-5.3.2	Vulnerable Package
	CVE-2024-38828	Maven-org.springframework:spring-webmvc-5.1.2.RELEASE	Vulnerable Package
	Unpinned Package Version in Pip Install	/Dockerfile: 8	Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
	CVE-2024-38820	Maven-org.springframework:spring-expression-5.1.2.RELEASE	Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-web-5.1.2.RELEASE	Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-context-5.3.2	Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-core-5.3.2	Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-beans-5.1.2.RELEASE	Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-webmvc-5.3.2	Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-expression-5.3.2	Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-context-5.1.2.RELEASE	Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-core-5.1.2.RELEASE	Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-test-5.3.2	Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-beans-5.3.2	Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-test-5.1.2.RELEASE	Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-web-5.3.2	Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-webmvc-5.1.2.RELEASE	Vulnerable Package
	CVE-2024-50345	Php-symfony/http-foundation-v4.4.49	Vulnerable Package
	Healthcheck Instruction Missing	/Dockerfile: 1	Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
	IAM Access Analyzer Not Enabled	/main.tf: 21	IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
	Pip install Keeping Cached Packages	/Dockerfile: 8	When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller
	RUN Instruction Using 'cd' Instead of WORKDIR	/Dockerfile: 3	When using RUN command 'cd' should only be used for full path. For relative path make use of WORKDIR command instead.

Fixed Issues

Severity	Issue	Source File / Package
	Missing User Instruction	/Dockerfile: 1
	OS_Access_Violation	/deps/rabbitmq_codegen/amqp_codegen.py: 273
	OS_Access_Violation	/deps/rabbitmq_codegen/amqp_codegen.py: 273
	S3 Bucket SSE Disabled	/main.tf: 21
	S3 Bucket Without Enabled MFA Delete	/main.tf: 21
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3
	Apt Get Install Pin Version Not Defined	/Dockerfile: 3
	CVE-2007-2379	Npm-jquery-3.5.1
	CVE-2014-6071	Npm-jquery-3.5.1
	CVE-2022-22971	Maven-org.springframework:spring-core-5.1.2.RELEASE
	CVE-2022-22971	Maven-org.springframework:spring-core-5.3.2
	CVE-2022-41915	Maven-io.netty:netty-codec-4.1.22.Final
	CVE-2023-34055	Maven-org.springframework.boot:spring-boot-2.4.1
	CVE-2023-34055	Maven-org.springframework.boot:spring-boot-2.1.0.RELEASE
	Client_Potential_XSS	/deps/rabbitmq_management/priv/www/js/main.js: 696
	Client_Potential_XSS	/deps/rabbitmq_management/priv/www/js/main.js: 664
	Client_Potential_XSS	/deps/rabbitmq_management/priv/www/js/main.js: 887
	Client_Potential_XSS	/deps/rabbitmq_management/priv/www/js/main.js: 887
	Client_Potential_XSS	/deps/rabbitmq_management/priv/www/js/main.js: 887
	Client_Potential_XSS	/deps/rabbitmq_management/priv/www/js/main.js: 887
	Client_Potential_XSS	/deps/rabbitmq_web_stomp_examples/priv/temp-queue.html: 74
	Client_Potential_XSS	/deps/rabbitmq_web_stomp_examples/priv/temp-queue.html: 69
	Client_Potential_XSS	/deps/rabbitmq_web_stomp_examples/priv/echo.html: 67
	Client_Potential_XSS	/deps/rabbitmq_web_mqtt_examples/priv/echo.html: 70
	Host Namespace is Shared	/docker-compose-overview.yml: 56
	Host Namespace is Shared	/docker-compose-dist-tls.yml: 14
	Host Namespace is Shared	/docker-compose.yml: 4
	Host Namespace is Shared	/docker-compose-dist-metrics.yml: 59
	Host Namespace is Shared	/docker-compose-dist-tls.yml: 77
	Host Namespace is Shared	/docker-compose-overview.yml: 85
	Host Namespace is Shared	/docker-compose-dist-metrics.yml: 46
	Host Namespace is Shared	/docker-compose-overview.yml: 113
	Host Namespace is Shared	/docker-compose-dist-tls.yml: 46
	Host Namespace is Shared	/docker-compose.yml: 4
	Host Namespace is Shared	/docker-compose-overview.yml: 14
	Host Namespace is Shared	/docker-compose.yml: 4
	Host Namespace is Shared	/docker-compose-dist-metrics.yml: 52
	Host Namespace is Shared	/docker-compose-overview.yml: 173
	Host Namespace is Shared	/docker-compose-metrics.yml: 14
	Host Namespace is Shared	/docker-compose-overview.yml: 71
	Host Namespace is Shared	/docker-compose-qq.yml: 51
	Host Namespace is Shared	/docker-compose-overview.yml: 49
	Host Namespace is Shared	/docker-compose-overview.yml: 43
	Host Namespace is Shared	/docker-compose.yml: 32
	Host Namespace is Shared	/docker-compose-metrics.yml: 45
	Host Namespace is Shared	/docker-compose-overview.yml: 162
	Host Namespace is Shared	/docker-compose-qq.yml: 14
	Host Namespace is Shared	/docker-compose-metrics.yml: 35
	Host Namespace is Shared	/docker-compose-metrics.yml: 61
	Host Namespace is Shared	/docker-compose-overview.yml: 99
	Host Namespace is Shared	/docker-compose-overview.yml: 131

More results are available on AST platform