Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update base image and packages to address cve #1523

Merged
merged 1 commit into from
Apr 2, 2024
Merged

Update base image and packages to address cve #1523

merged 1 commit into from
Apr 2, 2024

Conversation

rv0lt
Copy link
Member

@rv0lt rv0lt commented Mar 28, 2024
edited
Loading

Read this before submitting the PR

  1. Always create a Draft PR first
  2. Go through sections 1-5 below, fill them in and check all the boxes
  3. Make sure that the branch is updated; if there's an "Update branch" button at the bottom of the PR, rebase or update branch.
  4. When all boxes are checked, information is filled in, and the branch is updated: mark as Ready For Review and tag reviewers (top right)
  5. Once there is a submitted review, implement the suggestions (if reasonable, otherwise discuss) and request an new review.

If there is a field which you are unsure about, enter the edit mode of this description or go to the PR template; There are invisible comments providing descriptions which may be of help.

1. Description / Summary

The base python image has a high cve detected. To update the base image, the jwcrypto package has to also be bumped. This package also contained a medium cve.

2. Jira task / GitHub issue

Link to the github issue or add the Jira task ID here.

3. Type of change

What type of change(s) does the PR contain?

Check the relevant boxes below. For an explanation of the different sections, enter edit mode of this PR description template.

  • New feature
    • Breaking: Why / How? Add info here.
    • Non-breaking
  • Database change: Remember the to include a new migration version, or explain here why it's not needed.
  • Bug fix
  • Security Alert fix
    • Package update
      • Major version update
  • Documentation
  • Workflow
  • Tests only

4. Additional information

5. Actions / Scans

Check the boxes when the specified checks have passed.

For information on what the different checks do and how to fix it if they're failing, enter edit mode of this description or go to the PR template.

  • Black
  • Prettier
  • Yamllint
  • Tests
  • CodeQL
  • Trivy
  • Snyk

@rv0lt rv0lt self-assigned this Mar 28, 2024
@rv0lt rv0lt mentioned this pull request Mar 28, 2024
Merged
24 tasks
@codecov Codecov
Copy link

codecov bot commented Mar 28, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.67%. Comparing base (594ffc4) to head (99226ff).

Additional details and impacted files 
@@           Coverage Diff           @@
##              dev    #1523   +/-   ##
=======================================
  Coverage   91.67%   91.67%           
=======================================
  Files          29       29           
  Lines        4747     4747           
=======================================
  Hits         4352     4352           
  Misses        395      395

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@rv0lt rv0lt marked this pull request as ready for review April 2, 2024 09:15
@rv0lt rv0lt requested a review from a team April 2, 2024 09:15
valyo
valyo approved these changes Apr 2, 2024
View reviewed changes
Copy link
Member

@valyo valyo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested it together the cli change: authentication, upload and download worked fine

@rv0lt rv0lt merged commit f616e67 into dev Apr 2, 2024
14 checks passed
@rv0lt rv0lt deleted the DDS-1914-Investigate-CVE-2024-28757 branch April 2, 2024 11:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@valyo valyo valyo approved these changes

Assignees

@rv0lt rv0lt

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rv0lt @valyo