[Snyk] Security upgrade python from 3.9-slim to 3.14.0a3-slim

[gitafolabi]

Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• voting-app/vote/Dockerfile

We recommend upgrading to python:3.14.0a3-slim, as this image has only 34 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Integer Overflow or Wraparound SNYK-DEBIAN12-ZLIB-6008963	500
	CVE-2024-26462 SNYK-DEBIAN12-KRB5-6277421	150
	Use of a Broken or Risky Cryptographic Algorithm SNYK-DEBIAN12-LIBGCRYPT20-1550206	150
	Information Exposure SNYK-DEBIAN12-LIBGCRYPT20-6405981	150
	CVE-2023-50495 SNYK-DEBIAN12-NCURSES-6123823	150

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

[dryrunsecurity]

DryRun Security Summary

The Dockerfile for the voting app was updated to use a pre-release Python 3.14.0a3 base image and install the curl package, which introduces potential security risks and requires careful monitoring of vulnerabilities and dependencies.

Expand for full summary

Summary:

The changes made to the voting-app/vote/Dockerfile file primarily involve updating the base Python image from python:3.9-slim to python:3.14.0a3-slim, which is a significant version upgrade as it's an alpha release and not a stable version. Additionally, the changes include the installation of the curl package, likely to enable the use of the healthcheck feature.

From a security perspective, the use of a pre-release version of Python introduces some risk, as it may have unresolved security vulnerabilities or stability issues. It's crucial to closely monitor any security advisories or updates for the Python version used and be prepared to quickly update the base image to a stable and secure version. Additionally, it's important to review the application's dependencies and ensure that they are up-to-date and have no known security vulnerabilities. Finally, the container should be run with the least privileged user possible to minimize the potential impact of any security vulnerabilities, and the healthcheck feature should be carefully reviewed to ensure that it does not expose any sensitive information or allow for unintended access to the application.

Files Changed:

• voting-app/vote/Dockerfile: This file has been updated to use a pre-release version of Python (python:3.14.0a3-slim) as the base image, which represents a significant version upgrade from the previous python:3.9-slim base image. Additionally, the changes include the installation of the curl package, likely to enable the use of the healthcheck feature.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.