adding pinning to python/ansible dependencies that are used during te…

…sting, also adding an ignore to CVE-2019-8341(70612) in saftey scanning, since this is a transient dependency in the builder container Signed-off-by: Adam D. Cornett <adc@redhat.com>
operator-framework · Jun 13, 2024 · f6dd4e8 · f6dd4e8
1 parent 6a5630a
commit f6dd4e8
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 5 deletions.
diff --git a/hack/tests/e2e-ansible-molecule.sh b/hack/tests/e2e-ansible-molecule.sh
@@ -30,9 +30,10 @@ pip3 install pyasn1==0.4.7 pyasn1-modules==0.2.6 idna==2.8 ipaddress==1.0.23
 pip3 install cryptography molecule==5.1.0
 pip3 install ansible-lint yamllint
 pip3 install docker kubernetes jmespath
+pip3 install requests==2.32.2
 ansible-galaxy collection install 'kubernetes.core:==2.4.0'
 ansible-galaxy collection install 'operator_sdk.util:==0.4.0'
-ansible-galaxy collection install 'community.docker:==3.4.0'
+ansible-galaxy collection install 'community.docker:==3.10.3'
 
 header_text "Copying molecule testdata scenarios"
 ROOTDIR="$(pwd)"

diff --git a/images/ansible-operator/Dockerfile b/images/ansible-operator/Dockerfile
@@ -25,7 +25,7 @@ RUN set -e && yum clean all && rm -rf /var/cache/yum/* \
   && pip3 install --upgrade pip~=23.3.2 \
   && pip3 install pipenv==2023.11.15 \
   && pipenv install --deploy \
-  && pipenv check \
+  && pipenv check --ignore 70612 \
   && yum remove -y gcc libffi-devel openssl-devel python39-devel \
   && yum clean all \
   && rm -rf /var/cache/yum

diff --git a/images/ansible-operator/pipfile.Dockerfile b/images/ansible-operator/pipfile.Dockerfile
@@ -21,7 +21,7 @@ RUN set -e && yum clean all && rm -rf /var/cache/yum/* \
   && pip3 install --upgrade pip~=23.3.2 \
   && pip3 install pipenv==2023.11.15 \
   && pipenv lock \
-  && pipenv check \
+  && pipenv check --ignore 70612 \
   && yum remove -y gcc libffi-devel openssl-devel python39-devel \
   && yum clean all \
   && rm -rf /var/cache/yum

diff --git a/pkg/plugins/ansible/v1/scaffolds/internal/templates/requirements.go b/pkg/plugins/ansible/v1/scaffolds/internal/templates/requirements.go
@@ -42,5 +42,5 @@ collections:
   - name: cloud.common
     version: "2.1.1"
   - name: community.docker
-    version: "3.4.5"
+    version: "3.10.3"
 `
diff --git a/testdata/memcached-molecule-operator/requirements.yml b/testdata/memcached-molecule-operator/requirements.yml
@@ -7,4 +7,4 @@ collections:
   - name: cloud.common
     version: "2.1.1"
   - name: community.docker
-    version: "3.4.5"
+    version: "3.10.3"