openshift / assisted-installer-agent

Apache License 2.0
24 stars 74 forks source link

[Snyk] Security upgrade golang from latest to 1.22.4 #741

Closed adriengentil closed 1 week ago

adriengentil commented 2 weeks ago

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 2 vulnerabilities in the dockerfile dependencies of this project. Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image. #### Snyk changed the following file(s): - `vendor/github.com/nxadm/tail/Dockerfile` We recommend upgrading to `golang:1.22.4`, as this image has only **89** known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected. #### Vulnerabilities that will be fixed with an upgrade: | | Issue | Score | :-------------------------:|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | Improper Input Validation
[SNYK-DEBIAN12-PYTHON311-3325304](https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-3325304) |   **614**   ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | Improper Input Validation
[SNYK-DEBIAN12-PYTHON311-3325304](https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-3325304) |   **614**   ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | Improper Input Validation
[SNYK-DEBIAN12-PYTHON311-3325304](https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-3325304) |   **614**   ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | Untrusted Search Path
[SNYK-DEBIAN12-PYTHON311-5853785](https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-5853785) |   **614**   ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | Untrusted Search Path
[SNYK-DEBIAN12-PYTHON311-5853785](https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-5853785) |   **614**   --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: 🧐 [View latest project report](https://app.snyk.io/org/assisted-installer/project/1177e431-4f44-4df7-bfb9-797060f3b235?utm_source=github&utm_medium=referral&page=fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) 🛠 [Adjust project settings](https://app.snyk.io/org/assisted-installer/project/1177e431-4f44-4df7-bfb9-797060f3b235?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Improper Input Validation](https://learn.snyk.io/lesson/improper-input-validation/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"golang","from":"latest","to":"1.22.4"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-DEBIAN12-PYTHON311-3325304","priority_score":614,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"high","score":400},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-DEBIAN12-PYTHON311-5853785","priority_score":614,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"high","score":400},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Untrusted Search Path"},{"exploit_maturity":"No Known Exploit","id":"SNYK-DEBIAN12-PYTHON311-3325304","priority_score":614,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"high","score":400},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"No Known Exploit","id":"SNYK-DEBIAN12-PYTHON311-5853785","priority_score":614,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"high","score":400},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Untrusted Search Path"},{"exploit_maturity":"No Known Exploit","id":"SNYK-DEBIAN12-PYTHON311-3325304","priority_score":614,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"high","score":400},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"}],"prId":"099035f6-b637-48ee-96af-27582056e1da","prPublicId":"099035f6-b637-48ee-96af-27582056e1da","packageManager":"dockerfile","priorityScoreList":[614,614],"projectPublicId":"1177e431-4f44-4df7-bfb9-797060f3b235","projectUrl":"https://app.snyk.io/org/assisted-installer/project/1177e431-4f44-4df7-bfb9-797060f3b235?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-DEBIAN12-PYTHON311-3325304","SNYK-DEBIAN12-PYTHON311-3325304","SNYK-DEBIAN12-PYTHON311-3325304","SNYK-DEBIAN12-PYTHON311-5853785","SNYK-DEBIAN12-PYTHON311-5853785"],"vulns":["SNYK-DEBIAN12-PYTHON311-3325304","SNYK-DEBIAN12-PYTHON311-5853785"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'
openshift-ci[bot] commented 2 weeks ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adriengentil

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/assisted-installer-agent/blob/master/OWNERS)~~ [adriengentil] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
codecov[bot] commented 2 weeks ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 59.91%. Comparing base (3963f20) to head (ae69663).

Additional details and impacted files [![Impacted file tree graph](https://app.codecov.io/gh/openshift/assisted-installer-agent/pull/741/graphs/tree.svg?width=650&height=150&src=pr&token=ZYXZPU4167&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=openshift)](https://app.codecov.io/gh/openshift/assisted-installer-agent/pull/741?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=openshift) ```diff @@ Coverage Diff @@ ## master #741 +/- ## ======================================= Coverage 59.91% 59.91% ======================================= Files 74 74 Lines 3710 3710 ======================================= Hits 2223 2223 Misses 1329 1329 Partials 158 158 ```
openshift-ci[bot] commented 2 weeks ago

@adriengentil: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/edge-lint ae69663b35d15c6d4cb797ad70ac4f7fe088ac46 link true /test edge-lint

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
adriengentil commented 1 week ago

closing because it tries update deps inside vendor/ dir