update dependencies to fix various high/critical security vulnerabilies #1083
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pc-bob
force-pushed
the
BL/fix-security-vulns
branch
from
fafc495
to
72aec53
Compare
pc-bob
commented
Jul 31, 2024
| @@ -1,41 +1,41 @@ | |||
| FROM python:3.10 as base | |||
| FROM python:3.10 AS base | |||
There was a problem hiding this comment.
fixes warnings on docker build:
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 1) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 10) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 14) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 18) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 22) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 26) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 30) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 34) 0.0s
=> WARN: FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 40)
pc-bob
force-pushed
the
BL/fix-security-vulns
branch
from
72aec53
to
346ea8f
Compare
|
With these changes all the vulns except the 
|
|
thanks. |
mrT23
approved these changes
Aug 1, 2024
|
deployed to |
|
@mrT23 when can we expect a new tagged version to be released? |
|
in 2-3 weeks. for example in github action: |
|
wonderful, thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
User description
This vulnerability scan results below is from the scan of the 0.24-github_app docker image but I believe would apply to most versions of the image.
PR Type
Bug fix, Dependencies
Description
setuptoolsversion requirement inpyproject.tomlfrom>=61.0to>=70.0.aiohttpversion from3.9.1to3.9.2to fix a high-severity security vulnerability (CVE-2024-23334).GitPythonversion from3.1.32to3.1.41.gunicornversion from20.1.0to22.0.0.Changes walkthrough 📝
pyproject.toml
Update `setuptools` version requirement in `pyproject.toml`pyproject.toml
setuptoolsversion requirement from>=61.0to>=70.0.requirements.txt
Update dependencies to address security vulnerabilitiesrequirements.txt
aiohttpversion from3.9.1to3.9.2.GitPythonversion from3.1.32to3.1.41.gunicornversion from20.1.0to22.0.0.