[Snyk] Security upgrade golang from 1.12.4-alpine to 1.25.0-alpine #37
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE39-MUSL-458529 - https://snyk.io/vuln/SNYK-ALPINE39-MUSL-458529 - https://snyk.io/vuln/SNYK-ALPINE39-OPENSSL-1089232 - https://snyk.io/vuln/SNYK-ALPINE39-OPENSSL-1089235 - https://snyk.io/vuln/SNYK-ALPINE39-OPENSSL-588029
Upgrade Golang base image from 1.12.4-alpine to 1.25.0-alpine in Dockerfile-e2e for security improvementsUpdates the base image in Dockerfile-e2e from 📍Where to StartStart with the base image declaration in Dockerfile-e2e to review the version upgrade from Go 1.12.4 to 1.25.0. Macroscope summarized 3cddc39. |
|
Please mark whether you used AI to assist coding in this PR
|
![gitstream-cm[bot]](https://avatars.githubusercontent.com/in/230441?s=60&v=4){kind=small}
There was a problem hiding this comment.
✨ PR Review
This security upgrade attempts to fix multiple vulnerabilities, but uses an invalid Go version that doesn't exist, which will cause Docker build failures.
1 issues detected:
🐞 Bug - The Go version 1.25.0 specified in the FROM statement does not exist.
Details: The specified Go version 1.25.0-alpine does not exist in the official Go Docker registry. This will cause the Docker build to fail with a "manifest unknown" or similar error when trying to pull the base image.
File:hydra/Dockerfile-e2e (1-1)
Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using. We'd love your feedback! 🚀
| @@ -1,4 +1,4 @@ | |||
| FROM golang:1.12.4-alpine | |||
| FROM golang:1.25.0-alpine | |||
There was a problem hiding this comment.
🐞 Bug - Invalid Version: Use a valid Go version. Check the official Go Docker Hub repository for available versions, likely something like golang:1.21-alpine or golang:1.22-alpine for the latest stable releases.
| FROM golang:1.25.0-alpine | |
| FROM golang:1.21-alpine |
Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
hydra/Dockerfile-e2eWe recommend upgrading to
golang:1.25.0-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-ALPINE39-MUSL-458529
SNYK-ALPINE39-MUSL-458529
SNYK-ALPINE39-OPENSSL-1089232
SNYK-ALPINE39-OPENSSL-1089235
SNYK-ALPINE39-OPENSSL-588029
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 NULL Pointer Dereference