Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade golang from 1.13 to 1.20.12 #120

Closed
wants to merge 1 commit into from
Closed

[Snyk] Security upgrade golang from 1.13 to 1.20.12 #120

wants to merge 1 commit into from

Conversation

tylerezimmerman
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • vendor/github.com/creack/pty/Dockerfile.riscv

We recommend upgrading to golang:1.20.12, as this image has only 76 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
high severity 437 Link Following
SNYK-DEBIAN10-GIT-1083853		 No Known Exploit
high severity 437 Link Following
SNYK-DEBIAN10-GIT-1083853		 No Known Exploit
high severity 561 Resource Exhaustion
SNYK-DEBIAN10-NGHTTP2-5953390		 Mature
high severity 399 CVE-2023-26604
SNYK-DEBIAN10-SYSTEMD-3339153		 Mature
high severity 399 CVE-2023-26604
SNYK-DEBIAN10-SYSTEMD-3339153		 Mature

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Resource Exhaustion

@tylerezimmerman tylerezimmerman requested a review from a team as a code owner December 20, 2023 19:10
@codecov Codecov
Copy link

codecov bot commented Dec 20, 2023
edited
Loading

Codecov Report

Attention: 414 lines in your changes are missing coverage. Please review.

Comparison is base (a2521eb) 32.61% compared to head (b45421e) 51.43%.
Report is 65 commits behind head on main.

Files Patch % Lines
commands/siem.go 0.00% 68 Missing ⚠️
internal/store/secure_store.go 0.00% 52 Missing ⚠️
internal/store/credential-helpers/pass.go 8.51% 43 Missing ⚠️
tests/fake/fake_store.go 15.21% 39 Missing ⚠️
commands/byok.go 64.38% 26 Missing ⚠️
commands/engine.go 31.57% 26 Missing ⚠️
internal/store/file_store.go 62.06% 16 Missing and 6 partials ⚠️
commands/pool.go 25.00% 21 Missing ⚠️
commands/user.go 75.29% 18 Missing and 3 partials ⚠️
commands/group.go 68.96% 12 Missing and 6 partials ⚠️
... and 13 more
Additional details and impacted files 
@@             Coverage Diff             @@
##             main     #120       +/-   ##
===========================================
+ Coverage   32.61%   51.43%   +18.81%     
===========================================
  Files          80       86        +6     
  Lines       10855    11880     +1025     
===========================================
+ Hits         3540     6110     +2570     
+ Misses       7027     5471     -1556     
- Partials      288      299       +11

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sheldonhull
Copy link
Contributor

this is not ignoring vendor files. invalid request. i'll be bumping version via aqua/build soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sheldonhull sheldonhull Awaiting requested review from sheldonhull sheldonhull is a code owner automatically assigned from DelineaXPM/dsv-contributors

Assignees

@tylerezimmerman tylerezimmerman

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tylerezimmerman @sheldonhull @snyk-bot