[Snyk] Security upgrade alpine from 3.20.3 to 3.21.3

[YounixM]

Snyk has created this PR to fix 3 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

• pkg/query-service/Dockerfile

We recommend upgrading to alpine:3.21.3, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	CVE-2025-26519 SNYK-ALPINE320-MUSL-8720638	436
	CVE-2025-26519 SNYK-ALPINE320-MUSL-8720638	436
	CVE-2024-13176 SNYK-ALPINE320-OPENSSL-8690013	436
	CVE-2024-13176 SNYK-ALPINE320-OPENSSL-8690013	436
	CVE-2024-12797 SNYK-ALPINE320-OPENSSL-8710359	436

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

Important

Upgrade alpine base image in pkg/query-service/Dockerfile to fix security vulnerabilities.

• Dockerfile Update:
  • Upgrade base image in pkg/query-service/Dockerfile from alpine:3.20.3 to alpine:3.21.3 to fix security vulnerabilities.
  • Addresses vulnerabilities: CVE-2025-26519, CVE-2024-13176, CVE-2024-12797.

^{This description was created by for 0771e44. It will automatically update as commits are pushed.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[ellipsis-dev]

👍 Looks good to me! Reviewed everything up to 0771e44 in 23 seconds

More details

• Looked at 11 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 2 drafted comments based on config settings.

1. pkg/query-service/Dockerfile:2

• Draft comment:
  Good update: The base image is upgraded to alpine:3.21.3, which addresses the reported vulnerabilities.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50%
  This comment is purely informative, as it only states that the base image is upgraded to a specific version to address vulnerabilities. It does not provide any actionable feedback or suggestions for improvement.

2. pkg/query-service/Dockerfile:2

• Draft comment:
  Updated Alpine version from 3.20.3 to 3.21.3 to address security vulnerabilities. Please verify that this upgrade doesn't impact compatibility with the query-service binary or any linked libraries.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50%
  This comment is asking the PR author to verify compatibility, which violates the rule against asking for confirmation or verification. It also relates to a dependency change, which should not be commented on unless it's about version consistency between libraries.

Workflow ID: wflow_fZ7gd80EzS9MnUfQ

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.