From 397929ac31a8de0e97a0299954358f0a10e36ebc Mon Sep 17 00:00:00 2001
From: Alex Vorona <alex@vorona.com.ua>
Date: Thu, 30 May 2024 19:45:23 +0100
Subject: [PATCH 1/4] bump python version for multiple CVEs

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 4bd7ad9..79f93de 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Globals and input args
-FROM python:3.11.5-alpine3.18
+FROM python:3.12.3-alpine3.20
 WORKDIR /app
 
 # Prepare our app requirements and install it...

From 96b00ca2798b6ea014170d36ac343b1bf6bddf57 Mon Sep 17 00:00:00 2001
From: Alex Vorona <alex@vorona.com.ua>
Date: Thu, 30 May 2024 19:45:55 +0100
Subject: [PATCH 2/4] bump actions' versions

---
 .github/workflows/docker-image.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index edad5d2..4a9e5cd 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -11,26 +11,26 @@ jobs:
 
     steps:
       - name: checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       # https://github.com/docker/setup-qemu-action
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       # https://github.com/docker/setup-buildx-action
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to registry
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Docker meta
         id: meta_id
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
           # list of Docker images to use as base name for tags
           images: |
@@ -46,7 +46,7 @@ jobs:
             type=sha
 
       - name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: .
           platforms: linux/amd64,linux/arm64

From 84aaec74d7049fbeab1e220ebf9da339f329626a Mon Sep 17 00:00:00 2001
From: Alex Vorona <alex@vorona.com.ua>
Date: Thu, 5 Sep 2024 10:02:39 +0100
Subject: [PATCH 3/4] bump base image version due to
 CVE-2024-45490,CVE-2024-45491,CVE-2024-45492

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 79f93de..52b5193 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Globals and input args
-FROM python:3.12.3-alpine3.20
+FROM python:3.12.5-alpine3.20
 WORKDIR /app
 
 # Prepare our app requirements and install it...

From bfde61a511fd3d7058d17cb76a79d8b8cd2e8c0a Mon Sep 17 00:00:00 2001
From: Alex Vorona <alex@vorona.com.ua>
Date: Fri, 6 Sep 2024 07:39:04 +0100
Subject: [PATCH 4/4] upgrade libexpat to fix
 CVE-2024-45490,CVE-2024-45491,CVE-2024-45492

---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 52b5193..997201a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,8 @@
 # Globals and input args
 FROM python:3.12.5-alpine3.20
 WORKDIR /app
-
+# CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
+RUN apk --no-cache upgrade libexpat
 # Prepare our app requirements and install it...
 COPY requirements.txt ./
 RUN pip install --no-cache-dir -r requirements.txt && \