search

NASA-AMMOS / aerie

A software framework for modeling spacecraft.
https://nasa-ammos.github.io/aerie-docs/
MIT License
73 stars 19 forks source link

Update postgres to 16.3 #1445

Closed JoelCourtney closed 6 months ago

JoelCourtney commented 6 months ago

Description

This just bumps postgres to 16.3 in the docker compose files to address a security advisory in redhat. I don't know if this will actually fix the problem, but its the only thing we can try (AFAIK).

Verification

No behavioral changes, existing tests are OK.

skovati commented 6 months ago

Looks like the 16.3 image still has the go stdlib vuln, so merging this PR wouldn't get our vuln scans to pass.

https://hub.docker.com/layers/library/postgres/16.3/images/sha256-09d737ee92e0c5aa40d59b58b9b7cbbf1409415371cea63157a8e5d2bba1a8e5?context=explore

I ran Aerie locally with an Alpine Linux based postgres image (16.2-alpine) and all tests passed locally. That Alpine-based postgres image has significantly less known vulnerabilities:

https://hub.docker.com/layers/library/postgres/16.2-alpine/images/sha256-d2ae11f7207eb2c726b1678d7f98df2210759b8e5014d77afa9f77d014e33a9e?context=explore