Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump google/cloud-sdk to 448.0.0 in tests #2972

Merged
merged 1 commit into from
Oct 2, 2023
Merged

Bump google/cloud-sdk to 448.0.0 in tests #2972

merged 1 commit into from
Oct 2, 2023

Conversation

andytinkham
Copy link
Contributor

Desired Outcome

Remove base images that contain vulnerable versions of libwebp to remove possibility of exploit of CVE-2023-5129 / CVE-2023-4863.

Implemented Changes

Upgrade google/cloud-sdk to latest version (448.0.0)

Connected Issue/Story

CyberArk internal issue ID: CONJSE-1717

@andytinkham
Bump google/cloud-sdk to 448.0.0 in tests
2a30161 
Signed-off-by: Andy Tinkham <andy.tinkham@cyberark.com>
@andytinkham andytinkham requested a review from a team as a code owner September 28, 2023 20:18
micahlee
micahlee approved these changes Sep 29, 2023
View reviewed changes
CHANGELOG.md
Comment on lines +52 to +54
- Upgrade google/cloud-sdk in ci/test_suites/authenticators_k8s/dev/Dockerfile/test
to use latest version (448.0.0)
[cyberark/conjur#2972](https://github.com/cyberark/conjur/pull/2972)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Usually the changelog is reserved for changes that have an end-user impact. Giving this is a container for tests, it's not actually needed here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair - are you suggesting I remove it, or just commenting for next time? (I included it largely because the CVE is getting publicity, but since it's only in test files, it probably doesn't matter either way.)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, I don't think you need another push just to remove it. If you end up making any other updates you could pull it out, but if this build is good, it's fine to stay. Thanks!

codeclimate[bot]
codeclimate bot reviewed Sep 29, 2023
View reviewed changes
CHANGELOG.md
@@ -49,6 +49,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
[cyberark/conjur#2827](https://github.com/cyberark/conjur/pull/2827)

### Security
- Upgrade google/cloud-sdk in ci/test_suites/authenticators_k8s/dev/Dockerfile/test
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lists should be surrounded by blank lines

@codeclimate
Copy link

codeclimate bot commented Sep 29, 2023

Code Climate has analyzed commit 2a30161 and detected 1 issue on this pull request.

Here's the issue category breakdown:

Category Count
Style 1

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 88.6% (0.0% change).

View more on Code Climate.

@andytinkham andytinkham merged commit 33c8cde into master Oct 2, 2023
6 checks passed
@andytinkham andytinkham deleted the update-google-cloud-sdk branch October 2, 2023 14:35
@gl-johnson gl-johnson mentioned this pull request Oct 2, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@micahlee micahlee micahlee approved these changes

@codeclimate CodeClimate CodeClimate left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andytinkham @micahlee