[Snyk] Security upgrade tensorflow/tensorflow from 2.3.0 to 2.18.0rc1

[abdulrahman305]

Snyk has created this PR to fix 3 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• docker/Dockerfile

We recommend upgrading to tensorflow/tensorflow:2.18.0rc1, as this image has only 44 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	CVE-2023-44487 SNYK-UBUNTU1804-NGHTTP2-5954867	571
	Buffer Overflow SNYK-UBUNTU1804-OPENSSL-1569474	356
	Buffer Overflow SNYK-UBUNTU1804-OPENSSL-1569474	356
	Exposure of Resource to Wrong Sphere SNYK-UBUNTU1804-EXPAT-2403801	352
	Exposure of Resource to Wrong Sphere SNYK-UBUNTU1804-EXPAT-2403801	352

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Description by Korbit AI

What change is being made?

Upgrade the TensorFlow base image in the Dockerfile from version 2.3.0 to 2.18.0rc1.

Why are these changes being made?

This change addresses security vulnerabilities present in the older version of TensorFlow and ensures compatibility with the latest features and improvements. The upgrade to a release candidate version is a proactive measure to test and integrate upcoming changes in TensorFlow.

Is this description stale? Ask me to generate a new description by commenting /korbit-generate-pr-description

[korbit-ai]

👋 I'm here to help you review your pull request. When you're ready for me to perform a review, you can comment anywhere on this pull request with this command: /korbit-review.

As a reminder, here are some helpful tips on how we can collaborate together:

• To have me re-scan your pull request, simply re-invoke the /korbit-review command in a new comment.
• You can interact with me by tagging @korbit-ai in any conversation in your pull requests.
• On any comment I make on your code, please leave a 👍 if it is helpful and a 👎 if it is unhelpful. This will help me learn and improve as we work together
• Lastly, to learn more, check out our Docs.

[codeautopilot]

PR summary

This Pull Request upgrades the base Docker image for TensorFlow from version 2.3.0 to 2.18.0rc1 to address security vulnerabilities. The upgrade aims to mitigate several high-severity vulnerabilities, including CVE-2023-44487 and issues related to OpenSSL and Expat, by leveraging the security fixes available in the newer version of TensorFlow. This change is expected to enhance the security posture of the application by reducing the number of known vulnerabilities from the base image.

Suggestion

Before merging, it is advisable to thoroughly test the application to ensure compatibility with TensorFlow 2.18.0rc1, as this is a release candidate version and may have breaking changes or instability compared to stable releases. Additionally, consider using a stable version of TensorFlow if available, to ensure long-term support and stability.

Disclaimer: This comment was entirely generated using AI. Be aware that the information provided may be incorrect.

Current plan usage: 49.22%

Have feedback or need help?
Discord
Documentation
[email protected]