search

astronomer / astronomer-cosmos

Run your dbt Core projects as Apache Airflow DAGs and Task Groups with a few lines of code
https://astronomer.github.io/astronomer-cosmos/
Apache License 2.0
774 stars 170 forks source link

Fix vulnerability issue on docs dependency #1313

Closed tatiana closed 1 week ago

tatiana commented 2 weeks ago

Fix: https://github.com/astronomer/astronomer-cosmos/security/dependabot/8

More details about the vulnerability:

Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, upgrading to Airflow 2.10.3 or a later version is recommended, which addresses this issue. Users who previously used the CLI to set secret variables should manually delete entries with those variables from the log table.

cloudflare-workers-and-pages[bot] commented 2 weeks ago

Deploying astronomer-cosmos with  Cloudflare Pages  Cloudflare Pages

Latest commit: 4b490c4
Status: ✅  Deploy successful!
Preview URL: https://3456946d.astronomer-cosmos.pages.dev
Branch Preview URL: https://vulnerability-8.astronomer-cosmos.pages.dev

View logs

codecov[bot] commented 2 weeks ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 95.85%. Comparing base (92330f5) to head (4b490c4). Report is 1 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1313 +/- ## ======================================= Coverage 95.85% 95.85% ======================================= Files 67 67 Lines 3983 3983 ======================================= Hits 3818 3818 Misses 165 165 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.