Update Dockerfile to use mambaorg/micromamba version 2.3.0

[barne856]

This should use a newer base image that hopefully fixes the docker scout vulnerability. The action only scans images that have been pushed to ghcr, so we will need to rerun the scan after merging to check.

[github-actions]

🔍 SonarQube Analysis Results

Summary:

• 🐛 Bugs: 0
• 🔒 Vulnerabilities: 0
• 🧹 Code Smells: 31
• 📊 Total Issues: 31

📋 Detailed Reports Available

📥 Download Full Report - Click "Artifacts" section

The detailed report includes:

• Complete breakdown by severity and type
• Specific file locations and line numbers
• Rule descriptions and fix suggestions
• CSV format for spreadsheet analysis
• Raw JSON data for custom processing

💡 Review the workflow summary for metrics and download the artifact for complete details.

[github-actions]

🔍 Vulnerabilities of ghcr.io/fema-ffrd/stormlit:latest

📦 Image Reference ghcr.io/fema-ffrd/stormlit:latest

digest	sha256:65acfd9ff658e2cf94d7603ebd1506fd2f47c040b1b853d30f80384a18925faf
vulnerabilities
platform	linux/amd64
size	909 MB
packages	400

📦 Base Image debian:12-slim

also known as	12.9-slim bookworm-20250203-slim bookworm-slim
digest	sha256:44bccdd61bf09a081b1db8c61cf49bfabf30ac7afcc970010137c0ab587b209c
vulnerabilities

pam 1.5.2-6+deb12u1 (deb) pkg:deb/debian/pam@1.5.2-6%2Bdeb12u1?os_distro=bookworm&os_name=debian&os_version=12 # Dockerfile (3:3) WORKDIR /app Affected range >=1.5.2-6+deb12u1 Fixed version Not Fixed EPSS Score 0.023% EPSS Percentile 4th percentile Description A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. [experimental] - pam 1.7.0-4 pam 1.7.0-5 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107919) https://www.openwall.com/lists/oss-security/2025/06/17/1 GHSA-f9p8-gjr4-j9gx Fixed by: linux-pam/linux-pam@475bd60 (v1.7.1) Fixed by: linux-pam/linux-pam@592d84e (v1.7.1) Fixed by: linux-pam/linux-pam@976c200 (v1.7.1)

glibc 2.36-9+deb12u9 (deb) pkg:deb/debian/glibc@2.36-9%2Bdeb12u9?os_distro=bookworm&os_name=debian&os_version=12 # Dockerfile (3:3) WORKDIR /app Affected range <2.36-9+deb12u10 Fixed version 2.36-9+deb12u10 EPSS Score 0.191% EPSS Percentile 42nd percentile Description When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. glibc 2.40-6 [bookworm] - glibc 2.36-9+deb12u10 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://www.openwall.com/lists/oss-security/2025/01/22/4 Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7d4b6bcae91f29d7b4daf15bab06b66cf1d2217c (2.40-branch) Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7971add7ee4171fdd8dfd17e7c04c4ed77a18845 (2.36-branch) https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001 https://sourceware.org/pipermail/libc-announce/2025/000044.html