Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use the 'tar' filter to remove warnings #768

Merged
merged 1 commit into from
Nov 13, 2023
Merged

fix: use the 'tar' filter to remove warnings #768

merged 1 commit into from
Nov 13, 2023

Conversation

davidfestal
Copy link
Member

Description

Since recently on both docker images, which have been updated, the following warning is displayed in the initContainer logs during dynamic plugins installation:

==> Extracting package archive /dynamic-plugins-root/janus-idp-backstage-plugin-topology-1.16.4.tgz
/usr/lib64/python3.9/tarfile.py:2239: RuntimeWarning: The default behavior of tarfile extraction has been changed to disallow common exploits (including CVE-2007-4559). By default, absolute/parent paths are disallowed and some mode bits are cleared. See https://access.redhat.com/articles/7004769 for more details.

This is because a new filter option option has been added in the python tar library, whose default value changes the default behavior of the library.

Explicitely setting this filter option to tar (which is the new default) should remove the warning from the logs.

Which issue(s) does this PR fix

No issue

PR acceptance criteria

Please make sure that the following steps are complete:

  • GitHub Actions are completed and successful
  • Unit Tests are updated and passing
  • E2E Tests are updated and passing
  • Documentation is updated if necessary (requirement for new features)
  • Add a screenshot if the change is UX/UI related

How to test changes / Special notes to the reviewer

@davidfestal davidfestal requested a review from a team as a code owner November 13, 2023 16:51
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Nov 13, 2023

⚠️ No Changeset found

Latest commit: 169e12d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 13, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@davidfestal davidfestal added the cherry-pick-1.0.x This PR should be cherry-picked to the 1.0.x branch label Nov 13, 2023
nickboldt
nickboldt approved these changes Nov 13, 2023
View reviewed changes
Copy link
Member

@nickboldt nickboldt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure

@nickboldt nickboldt merged commit c77e6fe into janus-idp:main Nov 13, 2023
6 checks passed
nickboldt pushed a commit that referenced this pull request Nov 13, 2023
@davidfestal @nickboldt
fix: use the 'tar' filter to remove warnings (#768)
b2b8824 
Signed-off-by: David Festal <[email protected]>
@nickboldt
Copy link
Member

cherrypicked as b2b8824

@github-actions GitHub Actions
Copy link
Contributor

The image is available at: quay.io/janus-idp/backstage-showcase:pr-768!

@schultzp2020 schultzp2020 added the cherry-pick-OK This PR was successfully cherry-picked to the appropriate branch. label Nov 13, 2023
This was referenced Nov 13, 2023
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickboldt nickboldt nickboldt approved these changes

Assignees
No one assigned
Labels
cherry-pick-1.0.x This PR should be cherry-picked to the 1.0.x branch cherry-pick-OK This PR was successfully cherry-picked to the appropriate branch.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@davidfestal @nickboldt @schultzp2020