Ensure pip install has pinned version for package

When using pip install without pinned version, you get the default latest version without knowing which is it, this can lead to incompatibility, but worse than that, a risk due to unknown vulnerabilities exist in the unknown version which included in the image.

Risk Level: medium
Platform: Docker
Spectral Rule ID: DOCKR056

REMEDIATION

Add pinned version to pip install.

FROM ubuntu:22.10
- RUN pip install requests
+ RUN pip install requests=2.7.0

Read more: