Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update bundler, fix cve in voxbox7 #45

Merged
merged 2 commits into from
Sep 6, 2024
Merged

fix: update bundler, fix cve in voxbox7 #45

merged 2 commits into from
Sep 6, 2024

Conversation

rwaffen
Copy link
Member

@rwaffen rwaffen commented Aug 30, 2024
edited
Loading

fixes: #44

@rwaffen
fix: update bundler, fix cve in vobox7
9d43643 
Signed-off-by: Robert Waffen <rwaffen@gmail.com>
@rwaffen rwaffen requested a review from a team as a code owner August 30, 2024 07:55
@rwaffen
fix: add bundler variable to ci build job
36620b1 
Signed-off-by: Robert Waffen <rwaffen@gmail.com>
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 30, 2024
edited
Loading

Outdated

Overview

Image reference ghcr.io/voxpupuli/voxbox:8-main ci/voxbox:8.8.1
- digest c64beb5714ab b560698ce2a1
- tag 8-main 8.8.1
- vulnerabilities critical: 0 high: 0 medium: 0 low: 0 critical: 0 high: 0 medium: 0 low: 0
- platform linux/amd64 linux/amd64
- size 187 MB 210 MB (+23 MB)
- packages 380 380
Base Image ruby:3.2-alpine
also known as:
3.2-alpine3.20
3.2.5-alpine
3.2.5-alpine3.20		 ruby:3.2-alpine
also known as:
3.2-alpine3.20
3.2.5-alpine
3.2.5-alpine3.20
- vulnerabilities critical: 0 high: 0 medium: 3 low: 0 critical: 0 high: 0 medium: 3 low: 0
Environment Variables (1 changes)
  • + 1 added
  • 18 unchanged
 BUNDLE_APP_CONFIG=/usr/local/bundle
 BUNDLE_SILENCE_ROOT_WARNING=1
 GEM_HOME=/usr/local/bundle
 LANG=C.UTF-8
 PATH=/usr/local/bundle/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+RUBYGEM_BUNDLER=2.5.18
 RUBYGEM_FACTER=4.8.0
 RUBYGEM_MODULESYNC=3.2.0
 RUBYGEM_PUPPET=8.8.1
 RUBYGEM_PUPPET_METADATA=4.2.0
 RUBYGEM_R10K=4.1.0
 RUBYGEM_RA10KE=3.1.0
 RUBYGEM_RUBOCOP_PERFORMANCE=1.21.1
 RUBYGEM_VOXPUPULI_ACCEPTANCE=3.2.0
 RUBYGEM_VOXPUPULI_RELEASE=3.1.0
 RUBYGEM_VOXPUPULI_TEST=9.0.0
 RUBY_DOWNLOAD_SHA256=7780d91130139406d39b29ed8fe16bba350d8fa00e510c76bef9b8ec1340903c
 RUBY_DOWNLOAD_URL=https://cache.ruby-lang.org/pub/ruby/3.2/ruby-3.2.5.tar.xz
 RUBY_VERSION=3.2.5
Packages and Vulnerabilities (5 package changes and 0 vulnerability changes)
  • ♾️ 5 packages changed
  • 360 packages unchanged
Changes for packages of type gem (5 changes)
Package Version
ghcr.io/voxpupuli/voxbox:8-main		 Version
ci/voxbox:8.8.1
♾️ async-http 0.71.0 0.72.0
♾️ beaker 6.3.0 6.4.1
♾️ bundler 2.4.19 2.5.18
♾️ facterdb 3.1.0 3.2.0
♾️ protocol-http 0.28.2 0.29.0

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-actions GitHub Actions
Copy link
Contributor

Overview

Image reference ghcr.io/voxpupuli/voxbox:7-main ci/voxbox:7.32.1
- digest fa64aea84831 642cd3245668
- tag 7-main 7.32.1
- vulnerabilities critical: 0 high: 1 medium: 3 low: 0 critical: 0 high: 0 medium: 2 low: 0
- platform linux/amd64 linux/amd64
- size 160 MB 188 MB (+28 MB)
- packages 327 327
Base Image ruby:2-alpine ruby:2-alpine
- vulnerabilities critical: 2 high: 5 medium: 12 low: 1 critical: 2 high: 5 medium: 12 low: 1
Environment Variables (1 changes)
  • + 1 added
  • 18 unchanged
 BUNDLE_APP_CONFIG=/usr/local/bundle
 BUNDLE_SILENCE_ROOT_WARNING=1
 GEM_HOME=/usr/local/bundle
 LANG=C.UTF-8
 PATH=/usr/local/bundle/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+RUBYGEM_BUNDLER=2.4.22
 RUBYGEM_FACTER=4.8.0
 RUBYGEM_MODULESYNC=3.2.0
 RUBYGEM_PUPPET=7.32.1
 RUBYGEM_PUPPET_METADATA=4.2.0
 RUBYGEM_R10K=4.1.0
 RUBYGEM_RA10KE=3.1.0
 RUBYGEM_RUBOCOP_PERFORMANCE=1.21.1
 RUBYGEM_VOXPUPULI_ACCEPTANCE=3.2.0
 RUBYGEM_VOXPUPULI_RELEASE=3.1.0
 RUBYGEM_VOXPUPULI_TEST=9.0.0
 RUBY_DOWNLOAD_SHA256=f22f662da504d49ce2080e446e4bea7008cee11d5ec4858fc69000d0e5b1d7fb
 RUBY_MAJOR=2.7
 RUBY_VERSION=2.7.8
Packages and Vulnerabilities (3 package changes and 2 vulnerability changes)
  • ♾️ 3 packages changed
  • 312 packages unchanged
  • ✔️ 2 vulnerabilities removed
Changes for packages of type gem (3 changes)
Package Version
ghcr.io/voxpupuli/voxbox:7-main		 Version
ci/voxbox:7.32.1
♾️ beaker 6.3.0 6.4.1
♾️ bundler 2.1.4 2.4.22
critical: 0 high: 1 medium: 1 low: 0
Removed vulnerabilities (2):
  • high : CVE--2020--36327
  • medium : CVE--2021--43809
♾️ facterdb 3.1.0 3.2.0

@rwaffen rwaffen enabled auto-merge August 30, 2024 08:15
@rwaffen rwaffen merged commit a047573 into main Sep 6, 2024
6 checks passed
@rwaffen rwaffen deleted the update_bundler branch September 6, 2024 08:01
@rwaffen rwaffen added the enhancement New feature or request label Sep 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bastelfreak bastelfreak bastelfreak approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
Crafty Overview
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix code scanning alert - CVE-2020-36327
2 participants
@rwaffen @bastelfreak