[Snyk] Security upgrade alpine from 3.17 to 3.20 #5014
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
khanhtc1202
requested review from
nghialv,
kentakozuka,
ffjlabo,
t-kikuc and
Warashi
as code owners
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #5014 +/- ##
==========================================
- Coverage 22.29% 22.26% -0.03%
==========================================
Files 519 519
Lines 57284 57284
==========================================
- Hits 12772 12756 -16
- Misses 43488 43501 +13
- Partials 1024 1027 +3 ☔ View full report in Codecov by Sentry. |
Warashi
reviewed
Jul 11, 2024
docs/Dockerfile
Outdated
| @@ -2,7 +2,7 @@ FROM golang:1.22.4-alpine3.20 AS builder | |||
| COPY main.go . | |||
| RUN go build -o /server main.go | |||
|
|
|||
| FROM alpine:3.17 | |||
| FROM alpine:3 | |||
There was a problem hiding this comment.
How about upgrading to 3.20?
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>
Warashi
force-pushed
the
snyk-fix-49e822bc0a7e3f5b75a7ca3b6a45b5b3
branch
from
cd070cc
to
fd718f9
Compare
Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>
Warashi
force-pushed
the
snyk-fix-49e822bc0a7e3f5b75a7ca3b6a45b5b3
branch
from
fd718f9
to
e149381
Compare
khanhtc1202
changed the title
ffjlabo
approved these changes
Jul 12, 2024
t-kikuc
approved these changes
Jul 12, 2024
Merged
t-kikuc
pushed a commit
that referenced
this pull request
Jul 18, 2024
* fix: docs/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> * Bump alpine Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> --------- Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>
t-kikuc
pushed a commit
that referenced
this pull request
Jul 18, 2024
* fix: docs/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> * Bump alpine Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> --------- Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> Signed-off-by: t-kikuc <tkikuchi07f@gmail.com>
t-kikuc
added a commit
that referenced
this pull request
Jul 18, 2024
* fix: upgrade @loadable/component from 5.14.1 to 5.16.4 (#5000) Snyk has created this PR to upgrade @loadable/component from 5.14.1 to 5.16.4. See this package in yarn: @loadable/component See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Signed-off-by: khanhtc1202 <khanhtc1202@gmail.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * fix: upgrade @reduxjs/toolkit from 1.8.5 to 1.9.7 (#4999) Snyk has created this PR to upgrade @reduxjs/toolkit from 1.8.5 to 1.9.7. See this package in yarn: @reduxjs/toolkit See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * fix: upgrade react-router-dom from 5.2.0 to 5.3.4 (#5001) Snyk has created this PR to upgrade react-router-dom from 5.2.0 to 5.3.4. See this package in yarn: react-router-dom See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Tetsuya Kikuchi <97105818+t-kikuc@users.noreply.github.com> Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * fix: upgrade grpc-web from 1.0.7 to 1.5.0 (#4984) Snyk has created this PR to upgrade grpc-web from 1.0.7 to 1.5.0. See this package in yarn: grpc-web See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * [Snyk] Security upgrade alpine from 3.17 to 3.20 (#5014) * fix: docs/Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> * Bump alpine Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> --------- Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Upgrade google-cloud-sdk (#5042) * Use x86_64 version of google-cloud-sdk Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> * Upgrade google-cloud-sdk Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> --------- Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * feat: add support mention slack groups for NotificationReceiverSlack and NotificationMention (#4903) * feat: add support mentione groups for NotifactionReceiverSlack and slackGroups for NotificationMention Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * remove change in docs v0.47.x Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * update docs Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * update logic for having getGroupsAsString() Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * using <!subteam^ID> for group mentioning Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * typo Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * call both getAccountsAsString and getGroupsAsString Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * revert change pkg/model/notificationevent.pb.go Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * use same format for group <!subteam^ID> Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * same method to format slack group Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * following slack api, !subteam^ is a literal string that should not change Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * feat: add slackUsers field and mark slack as deprecated field Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * revert pkg/model/notificationevent.pb.go Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * update doc Using the groupID or teamID in the documents makes it easier for users to use this feature. Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * add code gen Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * adjust mention users and slack logic Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> * unify the process to get users and groups in the same method Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> --------- Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Ignore `desiredCount` of ECS when it's 0 or not set for AutoScaling (#5030) * add a flag: ignoreDesiredCountOnUpdate Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * ignore desiredCount on updateService if needed Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Add a flag ignoreDesiredCountOnUpdate into each func Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Format func params and comment Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * add docs Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * fix tests: add a missing attribute Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * recover desiredCount in CreateService (mistake) Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * add mentioning driftdetection Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Revert changes of adding ignoreDesiredCountOnUpdate This reverts commit a0f3459. Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Revert commits of adding ignoreDesiredCount" This reverts commit 7d65824. Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Revert "add docs" This reverts commit dcd7dc9. Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Revert "Format func params and comment" This reverts commit 5103158. Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Revert "Add a flag ignoreDesiredCountOnUpdate into each func" This reverts commit d17a9b7. Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Revert "ignore desiredCount on updateService if needed" This reverts commit cf3efbf. Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Revert "add a flag: ignoreDesiredCountOnUpdate" This reverts commit 6b2af75. Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * ignore updating desiredCount if it's 0 or not defined Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Use pruning when 'recreate' is on Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * add docs Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * refine docs Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> * Clarify procedure of configuring Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> --------- Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> --------- Signed-off-by: khanhtc1202 <khanhtc1202@gmail.com> Signed-off-by: t-kikuc <tkikuchi07f@gmail.com> Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> Signed-off-by: hungran <26101787+hungran@users.noreply.github.com> Co-authored-by: Khanh Tran <32532742+khanhtc1202@users.noreply.github.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Chris Aniszczyk <caniszczyk@gmail.com> Co-authored-by: Shinnosuke Sawada-Dazai <shin@warashi.dev> Co-authored-by: Henry Vu <26101787+hungran@users.noreply.github.com>
Merged
This was referenced Jul 29, 2024
Merged
Merged
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
docs/DockerfileWe recommend upgrading to
alpine:3, as this image has only 1 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-ALPINE317-OPENSSL-7413590
SNYK-ALPINE317-OPENSSL-7413590
SNYK-ALPINE317-OPENSSL-7413591
SNYK-ALPINE317-OPENSSL-7413591
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.