[Snyk] Security upgrade tensorflow/tensorflow from 2.10.0rc0 to 2.20.0 #737
Conversation
…ities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-UBUNTU2004-LIBKSBA-3050813 - https://snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-3314788 - https://snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-3314788 - https://snyk.io/vuln/SNYK-UBUNTU2004-BINUTILS-5853888 - https://snyk.io/vuln/SNYK-UBUNTU2004-BINUTILS-5853950
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) |
There was a problem hiding this comment.
Pull Request Overview
This PR upgrades the TensorFlow Docker base image from version 2.10.0rc0 to 2.20.0 to address security vulnerabilities. The upgrade fixes 4 vulnerabilities including high-severity issues related to integer overflow, type confusion, and medium-severity memory leak and out-of-bounds write vulnerabilities.
- Upgrades TensorFlow base image from a release candidate to a stable version
- Addresses multiple security vulnerabilities in underlying system packages
- Reduces total known vulnerabilities from an unspecified number to 38
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| FROM tensorflow/tensorflow:2.10.0rc0 | ||
| FROM tensorflow/tensorflow:2.20.0 | ||
| RUN apt-get update | ||
| RUN apt-get install python-opencv -y |
There was a problem hiding this comment.
The package 'python-opencv' may not be available or may have been renamed in the newer TensorFlow 2.20.0 base image. Consider using 'python3-opencv' or installing OpenCV via pip instead.
| RUN apt-get install python-opencv -y | |
| RUN apt-get install python3-opencv -y |
Copilot uses AI. Check for mistakes.
Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
play-with-docker/machinelearning/DockerfileWe recommend upgrading to
tensorflow/tensorflow:2.20.0, as this image has only 38 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-UBUNTU2004-LIBKSBA-3050813
SNYK-UBUNTU2004-OPENSSL-3314788
SNYK-UBUNTU2004-OPENSSL-3314788
SNYK-UBUNTU2004-BINUTILS-5853888
SNYK-UBUNTU2004-BINUTILS-5853950
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Access of Resource Using Incompatible Type ('Type Confusion')
🦉 Memory Leak