dev: Replace base images with high and critical severities

[Abeeujah]

Usage related changes

It provides them with a Devnet Image with a safer and lesser exposure to vulnerabilities exposed from the previous base images.

Development related changes

Images are now being built with alpine as the base.

Checklist:

• Checked out the contribution guidelines
• Applied formatting - ./scripts/format.sh
• No linter errors - ./scripts/clippy_check.sh
• No unused dependencies - ./scripts/check_unused_deps.sh
• No spelling errors - ./scripts/check_spelling.sh
• Performed code self-review
• Rebased to the latest commit of the target branch (or merged it into my branch)
  • Once you make the PR reviewable, please avoid force-pushing
• Updated the docs if needed - ./website/README.md
• Linked the issues resolvable by this PR - linking info
• Updated the tests if needed; all passing - execution info

closes #841

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[FabijanC]

Have you tried building this?

[Abeeujah]

Hi @FabijanC The Dockerfile had no WORKDIR specified, so I didn't include it in the one I pushed earlier, other than that, the system packages missing was openssl and perl, But I've updated the Dockerfile, Built it, ran it.

[FabijanC]

Thanks for the full report! I remember that Devnet's Dockerfile used to depend on alpine; not sure why it was changed. We should use git blame to find that out.

[Abeeujah]

Just checked, if it depended on alpine at any point, it wasn't committed to git or on main, it started out as slim-burster and it's currently at slim-bullseye here's the findings

96622180 (FabijanC   2023-08-31) +FROM rust:1.69.0-slim-buster as builder
df1b2c3d (FabijanC   2023-12-07) +FROM rust:1.70.0-slim-buster as builder
6306ad65 (FabijanC   2024-03-01) +FROM rust:1.74.0-slim-buster as builder
9b40420b (FabijanC   2024-04-03) FROM debian:buster-slim (Multistage build was introduced here)
349abe52 (FabijanC   2024-07-23) +FROM rust:1.76.0-slim-buster as builder
3029c673 (FabijanC   2025-03-27) +FROM rust:1.85.0-slim-bullseye AS builder
                                 +FROM debian:bullseye-slim (Multistage second stage base image changed here)
ce85ab2d (FabijanC   2025-07-14) +FROM rust:1.86.0-slim-bullseye AS builder

[FabijanC]

Perhaps I confused it with the Dockerfile used in the old, Pythonic Devnet: https://github.com/0xSpaceShard/starknet-devnet-deprecated/blob/master/Dockerfile

[Abeeujah]

Yeah @FabijanC , happens to the best of us!

[FabijanC]

Well, it all looks good. I'll just try building it myself and give final feedback.

[Abeeujah]

Thank you, would be awaiting your feedback.

[3alpha]

I think its better to have alpine versions pinned. As you can see, even in this example, versions between stages were inadvertently different. Patch versions, but still. Image rust:1.86-alpine3.22 doesn't exist so downgraded final stage to alpine:3.21.