High Severity vulnerablity in `postgresql14/libpq`

[vovtz]

trafficstars

Scanning the container image with Snyk reveals that postgresql14/libpq has a High Severity vulnerability:

✗ High severity vulnerability found in postgresql14/libpq
  Description: Improper Control of Dynamically-Managed Code Resources
  Info: https://security.snyk.io/vuln/SNYK-ALPINE316-POSTGRESQL14-2980353
  Introduced through: postgresql14/[email protected], [email protected]
  From: postgresql14/[email protected]
  From: [email protected] > postgresql14/[email protected]
  Image layer: 'apk add --virtual .phpexts-rundeps $runDeps'
  Fixed in: 14.5-r0 

[TimWolla]

Please see: https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves

My understanding is that the issue only affects the Postgres server, not the client. Thus it does not apply to this image / is a false positive. In any case the update should be applied when the image is rebuilt the next time which I don't control.

/cc @tianon