search

scalyr / scalyr-agent-2

The source code for Scalyr Agent 2, the daemon process Scalyr customers run on their servers to collect metrics and logs.
Apache License 2.0
70 stars 60 forks source link

[Snyk] Security upgrade python from 3.8-slim to 3.13.0a4-slim #1246

Closed martin-majlis-s1 closed 3 months ago

martin-majlis-s1 commented 6 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image. #### Changes included in this PR - docker/Dockerfile.docker_monitor_testing_config We recommend upgrading to `python:3.13.0a4-slim`, as this image has only 45 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected. Some of the most important vulnerabilities in your base image include: | Severity | Priority Score / 1000 | Issue | Exploit Maturity | | :------: | :-------------------- | :---- | :--------------- | | ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **400** | Resource Exhaustion
[SNYK-DEBIAN12-EXPAT-6227597](https://snyk.io/vuln/SNYK-DEBIAN12-EXPAT-6227597) | No Known Exploit | | ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **300** | Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
[SNYK-DEBIAN12-EXPAT-6227603](https://snyk.io/vuln/SNYK-DEBIAN12-EXPAT-6227603) | No Known Exploit | | ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **471** | Allocation of Resources Without Limits or Throttling
[SNYK-DEBIAN12-SYSTEMD-6277507](https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507) | No Known Exploit | | ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **471** | Allocation of Resources Without Limits or Throttling
[SNYK-DEBIAN12-SYSTEMD-6277507](https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507) | No Known Exploit | | ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **500** | Integer Overflow or Wraparound
[SNYK-DEBIAN12-ZLIB-6008963](https://snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963) | No Known Exploit | --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: 🧐 [View latest project report](https://app.snyk.io/org/data_platformengineering/project/3278b9c4-b414-49a7-ad7a-38814354948e?utm_source=github&utm_medium=referral&page=fix-pr) πŸ›  [Adjust project settings](https://app.snyk.io/org/data_platformengineering/project/3278b9c4-b414-49a7-ad7a-38814354948e?utm_source=github&utm_medium=referral&page=fix-pr/settings) [//]: # 'snyk:metadata:{"prId":"427bca90-99d6-4d14-85ff-0e4ec427bea5","prPublicId":"427bca90-99d6-4d14-85ff-0e4ec427bea5","dependencies":[{"name":"python","from":"3.8-slim","to":"3.13.0a4-slim"}],"packageManager":"dockerfile","projectPublicId":"3278b9c4-b414-49a7-ad7a-38814354948e","projectUrl":"https://app.snyk.io/org/data_platformengineering/project/3278b9c4-b414-49a7-ad7a-38814354948e?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-DEBIAN12-ZLIB-6008963","SNYK-DEBIAN12-SYSTEMD-6277507","SNYK-DEBIAN12-EXPAT-6227597","SNYK-DEBIAN12-EXPAT-6227603"],"upgrade":["SNYK-DEBIAN12-EXPAT-6227597","SNYK-DEBIAN12-EXPAT-6227603","SNYK-DEBIAN12-SYSTEMD-6277507","SNYK-DEBIAN12-SYSTEMD-6277507","SNYK-DEBIAN12-ZLIB-6008963"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[500,471,400,300],"remediationStrategy":"vuln"}' --- **Learn how to fix vulnerabilities with free interactive lessons:** πŸ¦‰ [Allocation of Resources Without Limits or Throttling](https://learn.snyk.io/lesson/no-rate-limiting/?loc=fix-pr) πŸ¦‰ [Resource Exhaustion](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
github-actions[bot] commented 6 months ago

Test Results

βŸβ€„β€ˆβŸβ€„20 files  Β±0β€‚β€ƒβŸβ€„β€ˆβŸβ€„20 suites  Β±0   32m 22s :stopwatch: +14s 1β€ˆ486 tests Β±0  1β€ˆ466 :heavy_check_mark: Β±0β€‚β€ƒβŸβ€„20 :zzz: Β±0  0 :x: Β±0  7β€ˆ101 runs  Β±0  6β€ˆ876 :heavy_check_mark: Β±0  225 :zzz: Β±0  0 :x: Β±0 

Results for commit 9bc9bed5. ± Comparison against base commit 03a25ebe.

codecov[bot] commented 6 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 81.67%. Comparing base (03a25eb) to head (9bc9bed).

Additional details and impacted files [![Impacted file tree graph](https://app.codecov.io/gh/scalyr/scalyr-agent-2/pull/1246/graphs/tree.svg?width=650&height=150&src=pr&token=KrvyP8n7be&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scalyr)](https://app.codecov.io/gh/scalyr/scalyr-agent-2/pull/1246?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scalyr) ```diff @@ Coverage Diff @@ ## master #1246 +/- ## ========================================== - Coverage 81.74% 81.67% -0.07% ========================================== Files 176 176 Lines 42965 42965 Branches 4782 4782 ========================================== - Hits 35120 35089 -31 - Misses 6607 6636 +29 - Partials 1238 1240 +2 ``` [see 8 files with indirect coverage changes](https://app.codecov.io/gh/scalyr/scalyr-agent-2/pull/1246/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scalyr)