wolfi-dev · luhring · Jul 7, 2023 · Jul 7, 2023
diff --git a/k8s-sidecar.yaml b/k8s-sidecar.yaml
@@ -1,8 +1,8 @@
 package:
   name: k8s-sidecar
   version: 1.24.6
-  epoch: 0
-  description: "python 2 and 3 compatibility library"
+  epoch: 1
+  description: "container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in a local folder"
   copyright:
     - license: MIT
   dependencies:
@@ -32,7 +32,12 @@ pipeline:
       mv src/* ${{targets.destdir}}/usr/share/app
       cd ${{targets.destdir}}/usr/share/app
       python -m venv .venv
+
+      # Mitigate CVE-2022-40897 / GHSA-r9hx-vwmv-q579
+      .venv/bin/pip install --upgrade setuptools
+
       .venv/bin/pip install --no-cache-dir -r requirements.txt
+
       rm requirements.txt
       find .venv \( -type d -a -name test -o -name tests \) -o \( -type f -a -name '*.pyc' -o -name '*.pyo' \) -exec rm -rf '{}' \+
 

diff --git a/maven.yaml b/maven.yaml
@@ -29,7 +29,10 @@ pipeline:
 
   - runs: |
       cd maven
+
+      # Mitigate CVE-2023-2976 / GHSA-7g45-4rm6-3mm3
       mvn versions:set-property -Dproperty=guavaVersion -DnewVersion=32.1.1-jre
+
       mkdir -p ${{targets.destdir}}/usr/share/java/maven
       mkdir -p ${{targets.destdir}}/usr/share/java/maven/bin
       mkdir -p ${{targets.destdir}}/usr/share/java/maven/boot