search

scalyr / scalyr-agent-2

The source code for Scalyr Agent 2, the daemon process Scalyr customers run on their servers to collect metrics and logs.
Apache License 2.0
70 stars 59 forks source link

[Snyk] Security upgrade python from 3.8-slim to 3.13.0a3-slim #1247

Closed jmakar-s1 closed 5 months ago

jmakar-s1 commented 7 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image. #### Changes included in this PR - docker/Dockerfile.docker_monitor_testing_config We recommend upgrading to `python:3.13.0a3-slim`, as this image has only 45 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected. Some of the most important vulnerabilities in your base image include: | Severity | Priority Score / 1000 | Issue | Exploit Maturity | | :------: | :-------------------- | :---- | :--------------- | | ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **400** | Resource Exhaustion
[SNYK-DEBIAN12-EXPAT-6227597](https://snyk.io/vuln/SNYK-DEBIAN12-EXPAT-6227597) | No Known Exploit | | ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **300** | Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
[SNYK-DEBIAN12-EXPAT-6227603](https://snyk.io/vuln/SNYK-DEBIAN12-EXPAT-6227603) | No Known Exploit | | ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **471** | Allocation of Resources Without Limits or Throttling
[SNYK-DEBIAN12-SYSTEMD-6277507](https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507) | No Known Exploit | | ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **471** | Allocation of Resources Without Limits or Throttling
[SNYK-DEBIAN12-SYSTEMD-6277507](https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507) | No Known Exploit | | ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **500** | Integer Overflow or Wraparound
[SNYK-DEBIAN12-ZLIB-6008963](https://snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963) | No Known Exploit | --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: 🧐 [View latest project report](https://app.snyk.io/org/data_platformengineering/project/3278b9c4-b414-49a7-ad7a-38814354948e?utm_source=github&utm_medium=referral&page=fix-pr) πŸ›  [Adjust project settings](https://app.snyk.io/org/data_platformengineering/project/3278b9c4-b414-49a7-ad7a-38814354948e?utm_source=github&utm_medium=referral&page=fix-pr/settings) [//]: # 'snyk:metadata:{"prId":"6bace8eb-dfa7-4775-a50d-ffde37f62601","prPublicId":"6bace8eb-dfa7-4775-a50d-ffde37f62601","dependencies":[{"name":"python","from":"3.8-slim","to":"3.13.0a3-slim"}],"packageManager":"dockerfile","projectPublicId":"3278b9c4-b414-49a7-ad7a-38814354948e","projectUrl":"https://app.snyk.io/org/data_platformengineering/project/3278b9c4-b414-49a7-ad7a-38814354948e?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-DEBIAN12-ZLIB-6008963","SNYK-DEBIAN12-SYSTEMD-6277507","SNYK-DEBIAN12-EXPAT-6227597","SNYK-DEBIAN12-EXPAT-6227603"],"upgrade":["SNYK-DEBIAN12-EXPAT-6227597","SNYK-DEBIAN12-EXPAT-6227603","SNYK-DEBIAN12-SYSTEMD-6277507","SNYK-DEBIAN12-SYSTEMD-6277507","SNYK-DEBIAN12-ZLIB-6008963"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[500,471,400,300],"remediationStrategy":"vuln"}' --- **Learn how to fix vulnerabilities with free interactive lessons:** πŸ¦‰ [Allocation of Resources Without Limits or Throttling](https://learn.snyk.io/lesson/no-rate-limiting/?loc=fix-pr) πŸ¦‰ [Resource Exhaustion](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
github-actions[bot] commented 7 months ago

Test Results

βŸβ€„β€ˆβŸβ€„20 files  Β±0β€‚β€ƒβŸβ€„β€ˆβŸβ€„20 suites  Β±0   32m 7s :stopwatch: + 1m 10s 1β€ˆ486 tests Β±0  1β€ˆ466 :heavy_check_mark: Β±0β€‚β€ƒβŸβ€„20 :zzz: Β±0  0 :x: Β±0  7β€ˆ101 runs  Β±0  6β€ˆ876 :heavy_check_mark: +7  225 :zzz:  -β€Š7  0 :x: Β±0 

Results for commit f8db097c. ± Comparison against base commit 03a25ebe.

codecov[bot] commented 7 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 81.66%. Comparing base (03a25eb) to head (f8db097).

Additional details and impacted files [![Impacted file tree graph](https://app.codecov.io/gh/scalyr/scalyr-agent-2/pull/1247/graphs/tree.svg?width=650&height=150&src=pr&token=KrvyP8n7be&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scalyr)](https://app.codecov.io/gh/scalyr/scalyr-agent-2/pull/1247?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scalyr) ```diff @@ Coverage Diff @@ ## master #1247 +/- ## ========================================== - Coverage 81.77% 81.66% -0.11% ========================================== Files 176 176 Lines 42965 42965 Branches 4782 4782 ========================================== - Hits 35134 35087 -47 - Misses 6593 6639 +46 - Partials 1238 1239 +1 ``` [see 7 files with indirect coverage changes](https://app.codecov.io/gh/scalyr/scalyr-agent-2/pull/1247/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scalyr)