Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade python from 3.11.8-slim-bookworm to 3.12.4-slim-bookworm #4018

Closed
wants to merge 7,045 commits into from
Closed

[Snyk] Security upgrade python from 3.11.8-slim-bookworm to 3.12.4-slim-bookworm #4018

wants to merge 7,045 commits into from

Conversation

rubenfiszel
Copy link
Contributor

@rubenfiszel rubenfiszel commented Jul 4, 2024
edited by ellipsis-dev bot
Loading

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 3 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

  • Dockerfile

We recommend upgrading to python:3.12.4-slim-bookworm, as this image has only 49 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Allocation of Resources Without Limits or Throttling
SNYK-DEBIAN12-SYSTEMD-6277507		   614  
high severity Allocation of Resources Without Limits or Throttling
SNYK-DEBIAN12-SYSTEMD-6277507		   614  
medium severity Improper Check for Unusual or Exceptional Conditions
SNYK-DEBIAN12-OPENSSL-6048820		   514  
medium severity Improper Check for Unusual or Exceptional Conditions
SNYK-DEBIAN12-OPENSSL-6048820		   514  
medium severity Out-of-bounds Write
SNYK-DEBIAN12-OPENSSL-6148845		   514  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

🚀 This description was created by Ellipsis for commit 31b105a

Summary:

Update Dockerfile to use python:3.12.4-slim-bookworm to address security vulnerabilities.

Key points:

  • Update Dockerfile to use python:3.12.4-slim-bookworm instead of python:3.11.8-slim-bookworm.
  • Addresses vulnerabilities: SNYK-DEBIAN12-SYSTEMD-6277507, SNYK-DEBIAN12-OPENSSL-6048820, SNYK-DEBIAN12-OPENSSL-6148845.
  • No other files or functionality are affected.

Generated with ❤️ by ellipsis.dev

hcourdent and others added 30 commits May 28, 2024 16:05
@hcourdent @ellipsis-dev
Links update & stroke width icons (#3833)
ac8118c 
* Links update & stroke width icons

* Update frontend/src/lib/components/StringTypeNarrowing.svelte

Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>

---------

Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>
@rubenfiszel
fix: remove quotes around interpolated arg values of tags
8b66636
@rubenfiszel
chore(main): release 1.338.1 (#3831)
c904d9c 
* chore(main): release 1.338.1

* Apply automatic changes

---------

Co-authored-by: rubenfiszel <rubenfiszel@users.noreply.github.com>
@HugoCasa
fix: worker metrics (#3837)
5d2b244 
* fix: worker metrics

* chore: sqlx

* chore: update ee ref

* fix: remove jemalloc stats unwrap
@rubenfiszel
remove heap profiling by default
b6b5eef
@rubenfiszel
jemalloc for all
e776337
@rubenfiszel
chore(main): release 1.338.2 (#3840)
08b16f8 
* chore(main): release 1.338.2

* Apply automatic changes

---------

Co-authored-by: rubenfiszel <rubenfiszel@users.noreply.github.com>
@rubenfiszel
fix: fix resource type search
b01e335
@rubenfiszel
remove unecessary formatter black since ruff format now
717ecb9
@rubenfiszel
chore(main): release 1.338.3 (#3841)
2294ce2 
* chore(main): release 1.338.3

* Apply automatic changes

---------

Co-authored-by: rubenfiszel <rubenfiszel@users.noreply.github.com>
@rubenfiszel
resource others page fix
6b2299f
@HugoCasa
feat: display last key renewal attempt (#3839)
dc2d7e1 
* feat: display last key renewal attempt

* feat: improve UI + add renew button + dev instance

* fix: nits

* chore: update ee ref

* fix: nit

* fix: tests
@rubenfiszel
chore(main): release 1.339.0 (#3843)
3dea341 
* chore(main): release 1.339.0

* Apply automatic changes

---------

Co-authored-by: rubenfiszel <rubenfiszel@users.noreply.github.com>
@rubenfiszel
fix: allow_user_resoruces default deserialization
7238274
@rubenfiszel
chore(main): release 1.339.1 (#3844)
8a4d9c9 
* chore(main): release 1.339.1

* Apply automatic changes

---------

Co-authored-by: rubenfiszel <rubenfiszel@users.noreply.github.com>
@HugoCasa
fix: worker memory usage (#3845)
e052dd5
@rubenfiszel
chore(main): release 1.339.2 (#3846)
2558cfa 
* chore(main): release 1.339.2

* Apply automatic changes

---------

Co-authored-by: rubenfiszel <rubenfiszel@users.noreply.github.com>
@rubenfiszel
feat: replace polars with datafusion for data preview
e07c262
@rubenfiszel
fix ee.rs
76d517e
@rubenfiszel
improve sort and search for parquet preview
3b051c4
@rubenfiszel
add renew license key for tests
198ee29
@rubenfiszel
remove donePromise
660f38e
@rubenfiszel
remove donePromise
cefa12b
@rubenfiszel
fix: wait for api to be read to load explorer table
96246cd
@rubenfiszel
further fix to normal tables
24889fb
@rubenfiszel
table small improvements
9b7b650
@wendrul
feat: chart interactivity: click points on the graph to select the co…
5156e29 
…rresponding jobs (#3851)

* Make click on RunChart higlight and select job

* Select job when clicking on graph point

* Fix type of chart data object

* Persist selection on refresh and other changes
@rubenfiszel
feat: support multiple object storage + parquet_csv + polars -> dataf…
a22dc98 
…usion" (#3853)

* multiple storage

* all

* rm symlinks

* all

* all
@rubenfiszel
fix compile issue
d53fbfc
@rubenfiszel
fix compile issue
9308e2a
@rubenfiszel rubenfiszel force-pushed the main branch 3 times, most recently from 413dad5 to ad69876 Compare August 14, 2024 12:46
@rubenfiszel rubenfiszel force-pushed the main branch 3 times, most recently from 9a08368 to 779a788 Compare September 10, 2024 18:31
@rubenfiszel rubenfiszel force-pushed the main branch 7 times, most recently from e80f43d to 9c506a8 Compare September 21, 2024 20:54
@rubenfiszel rubenfiszel force-pushed the main branch 3 times, most recently from ec6b974 to 8e0eb3d Compare September 26, 2024 12:31
@rubenfiszel rubenfiszel force-pushed the main branch 7 times, most recently from c858c24 to 3cd30d2 Compare October 19, 2024 10:30
@rubenfiszel rubenfiszel force-pushed the main branch 4 times, most recently from 8756adb to 41acd56 Compare November 2, 2024 17:41
@rubenfiszel rubenfiszel closed this Nov 2, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Nov 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ellipsis-dev ellipsis-dev[bot] ellipsis-dev[bot] left review comments

@fatonramadani fatonramadani Awaiting requested review from fatonramadani

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@rubenfiszel @hcourdent @HugoCasa @wendrul @fatonramadani @hamirmahal @klees @dannysummerlin @Guilhem-lm @snyk-bot