[Snyk] Security upgrade alpine from 3.17 to 3.20 #5014
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
khanhtc1202
requested review from
nghialv,
kentakozuka,
ffjlabo,
t-kikuc and
Warashi
as code owners
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #5014 +/- ##
==========================================
- Coverage 22.29% 22.26% -0.03%
==========================================
Files 519 519
Lines 57284 57284
==========================================
- Hits 12772 12756 -16
- Misses 43488 43501 +13
- Partials 1024 1027 +3 ☔ View full report in Codecov by Sentry. |
Warashi
reviewed
Jul 11, 2024
docs/Dockerfile
Outdated
| @@ -2,7 +2,7 @@ FROM golang:1.22.4-alpine3.20 AS builder | |||
| COPY main.go . | |||
| RUN go build -o /server main.go | |||
|
|
|||
| FROM alpine:3.17 | |||
| FROM alpine:3 | |||
There was a problem hiding this comment.
How about upgrading to 3.20?
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]>
Warashi
force-pushed
the
snyk-fix-49e822bc0a7e3f5b75a7ca3b6a45b5b3
branch
from
cd070cc
to
fd718f9
Compare
Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]>
Warashi
force-pushed
the
snyk-fix-49e822bc0a7e3f5b75a7ca3b6a45b5b3
branch
from
fd718f9
to
e149381
Compare
khanhtc1202
changed the title
ffjlabo
approved these changes
Jul 12, 2024
t-kikuc
approved these changes
Jul 12, 2024
Merged
t-kikuc
pushed a commit
that referenced
this pull request
Jul 18, 2024
* fix: docs/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> * Bump alpine Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> --------- Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Shinnosuke Sawada-Dazai <[email protected]>
t-kikuc
pushed a commit
that referenced
this pull request
Jul 18, 2024
* fix: docs/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> * Bump alpine Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> --------- Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Shinnosuke Sawada-Dazai <[email protected]> Signed-off-by: t-kikuc <[email protected]>
t-kikuc
added a commit
that referenced
this pull request
Jul 18, 2024
* fix: upgrade @loadable/component from 5.14.1 to 5.16.4 (#5000) Snyk has created this PR to upgrade @loadable/component from 5.14.1 to 5.16.4. See this package in yarn: @loadable/component See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Signed-off-by: khanhtc1202 <[email protected]> Co-authored-by: snyk-bot <[email protected]> Signed-off-by: t-kikuc <[email protected]> * fix: upgrade @reduxjs/toolkit from 1.8.5 to 1.9.7 (#4999) Snyk has created this PR to upgrade @reduxjs/toolkit from 1.8.5 to 1.9.7. See this package in yarn: @reduxjs/toolkit See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <[email protected]> Signed-off-by: t-kikuc <[email protected]> * fix: upgrade react-router-dom from 5.2.0 to 5.3.4 (#5001) Snyk has created this PR to upgrade react-router-dom from 5.2.0 to 5.3.4. See this package in yarn: react-router-dom See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Signed-off-by: t-kikuc <[email protected]> Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Tetsuya Kikuchi <[email protected]> Signed-off-by: t-kikuc <[email protected]> * fix: upgrade grpc-web from 1.0.7 to 1.5.0 (#4984) Snyk has created this PR to upgrade grpc-web from 1.0.7 to 1.5.0. See this package in yarn: grpc-web See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <[email protected]> Signed-off-by: t-kikuc <[email protected]> * [Snyk] Security upgrade alpine from 3.17 to 3.20 (#5014) * fix: docs/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> * Bump alpine Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> --------- Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Shinnosuke Sawada-Dazai <[email protected]> Signed-off-by: t-kikuc <[email protected]> * Upgrade google-cloud-sdk (#5042) * Use x86_64 version of google-cloud-sdk Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> * Upgrade google-cloud-sdk Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> --------- Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> Signed-off-by: t-kikuc <[email protected]> * feat: add support mention slack groups for NotificationReceiverSlack and NotificationMention (#4903) * feat: add support mentione groups for NotifactionReceiverSlack and slackGroups for NotificationMention Signed-off-by: hungran <[email protected]> * remove change in docs v0.47.x Signed-off-by: hungran <[email protected]> * update docs Signed-off-by: hungran <[email protected]> * update logic for having getGroupsAsString() Signed-off-by: hungran <[email protected]> * using <!subteam^ID> for group mentioning Signed-off-by: hungran <[email protected]> * typo Signed-off-by: hungran <[email protected]> * call both getAccountsAsString and getGroupsAsString Signed-off-by: hungran <[email protected]> * revert change pkg/model/notificationevent.pb.go Signed-off-by: hungran <[email protected]> * use same format for group <!subteam^ID> Signed-off-by: hungran <[email protected]> * same method to format slack group Signed-off-by: hungran <[email protected]> * following slack api, !subteam^ is a literal string that should not change Signed-off-by: hungran <[email protected]> * feat: add slackUsers field and mark slack as deprecated field Signed-off-by: hungran <[email protected]> * revert pkg/model/notificationevent.pb.go Signed-off-by: hungran <[email protected]> * update doc Using the groupID or teamID in the documents makes it easier for users to use this feature. Signed-off-by: hungran <[email protected]> * add code gen Signed-off-by: hungran <[email protected]> * adjust mention users and slack logic Signed-off-by: hungran <[email protected]> * unify the process to get users and groups in the same method Signed-off-by: hungran <[email protected]> --------- Signed-off-by: hungran <[email protected]> Signed-off-by: t-kikuc <[email protected]> * Ignore `desiredCount` of ECS when it's 0 or not set for AutoScaling (#5030) * add a flag: ignoreDesiredCountOnUpdate Signed-off-by: t-kikuc <[email protected]> * ignore desiredCount on updateService if needed Signed-off-by: t-kikuc <[email protected]> * Add a flag ignoreDesiredCountOnUpdate into each func Signed-off-by: t-kikuc <[email protected]> * Format func params and comment Signed-off-by: t-kikuc <[email protected]> * add docs Signed-off-by: t-kikuc <[email protected]> * fix tests: add a missing attribute Signed-off-by: t-kikuc <[email protected]> * recover desiredCount in CreateService (mistake) Signed-off-by: t-kikuc <[email protected]> * add mentioning driftdetection Signed-off-by: t-kikuc <[email protected]> * Revert changes of adding ignoreDesiredCountOnUpdate This reverts commit a0f3459. Signed-off-by: t-kikuc <[email protected]> * Revert commits of adding ignoreDesiredCount" This reverts commit 7d65824. Signed-off-by: t-kikuc <[email protected]> * Revert "add docs" This reverts commit dcd7dc9. Signed-off-by: t-kikuc <[email protected]> * Revert "Format func params and comment" This reverts commit 5103158. Signed-off-by: t-kikuc <[email protected]> * Revert "Add a flag ignoreDesiredCountOnUpdate into each func" This reverts commit d17a9b7. Signed-off-by: t-kikuc <[email protected]> * Revert "ignore desiredCount on updateService if needed" This reverts commit cf3efbf. Signed-off-by: t-kikuc <[email protected]> * Revert "add a flag: ignoreDesiredCountOnUpdate" This reverts commit 6b2af75. Signed-off-by: t-kikuc <[email protected]> * ignore updating desiredCount if it's 0 or not defined Signed-off-by: t-kikuc <[email protected]> * Use pruning when 'recreate' is on Signed-off-by: t-kikuc <[email protected]> * add docs Signed-off-by: t-kikuc <[email protected]> * refine docs Signed-off-by: t-kikuc <[email protected]> * Clarify procedure of configuring Signed-off-by: t-kikuc <[email protected]> --------- Signed-off-by: t-kikuc <[email protected]> --------- Signed-off-by: khanhtc1202 <[email protected]> Signed-off-by: t-kikuc <[email protected]> Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> Signed-off-by: hungran <[email protected]> Co-authored-by: Khanh Tran <[email protected]> Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Chris Aniszczyk <[email protected]> Co-authored-by: Shinnosuke Sawada-Dazai <[email protected]> Co-authored-by: Henry Vu <[email protected]>
Merged
This was referenced Jul 29, 2024
Merged
Merged
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
docs/DockerfileWe recommend upgrading to
alpine:3, as this image has only 1 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-ALPINE317-OPENSSL-7413590
SNYK-ALPINE317-OPENSSL-7413590
SNYK-ALPINE317-OPENSSL-7413591
SNYK-ALPINE317-OPENSSL-7413591
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.