search

scalyr / scalyr-agent-2

The source code for Scalyr Agent 2, the daemon process Scalyr customers run on their servers to collect metrics and logs.
Apache License 2.0
70 stars 60 forks source link

[Snyk] Security upgrade python from 3.8-slim to 3.13.0b2-slim #1282

Open jmakar-s1 opened 2 months ago

jmakar-s1 commented 2 months ago

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project. Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image. #### Snyk changed the following file(s): - `docker/Dockerfile.docker_monitor_testing_config` We recommend upgrading to `python:3.13.0b2-slim`, as this image has only **43** known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected. #### Vulnerabilities that will be fixed with an upgrade: | | Issue | :-------------------------:|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png 'medium severity') | Improper Check for Unusual or Exceptional Conditions
[SNYK-DEBIAN12-OPENSSL-6048820](https://snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6048820) ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png 'medium severity') | Out-of-bounds Write
[SNYK-DEBIAN12-OPENSSL-6148845](https://snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6148845) ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png 'medium severity') | CVE-2024-0727
[SNYK-DEBIAN12-OPENSSL-6190223](https://snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6190223) ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | Allocation of Resources Without Limits or Throttling
[SNYK-DEBIAN12-SYSTEMD-6277507](https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507) ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | Allocation of Resources Without Limits or Throttling
[SNYK-DEBIAN12-SYSTEMD-6277507](https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507) --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: 🧐 [View latest project report](https://app.snyk.io/org/data_platformengineering/project/3278b9c4-b414-49a7-ad7a-38814354948e?utm_source=github&utm_medium=referral&page=fix-pr) πŸ“œ [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) πŸ›  [Adjust project settings](https://app.snyk.io/org/data_platformengineering/project/3278b9c4-b414-49a7-ad7a-38814354948e?utm_source=github&utm_medium=referral&page=fix-pr/settings) πŸ“š [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) --- **Learn how to fix vulnerabilities with free interactive lessons:** πŸ¦‰ [Allocation of Resources Without Limits or Throttling](https://learn.snyk.io/lesson/no-rate-limiting/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"python","from":"3.8-slim","to":"3.13.0b2-slim"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-DEBIAN12-SYSTEMD-6277507","severity":"high","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"No Known Exploit","id":"SNYK-DEBIAN12-SYSTEMD-6277507","severity":"high","title":"Allocation of Resources Without Limits or Throttling"},{"exploit_maturity":"No Known Exploit","id":"SNYK-DEBIAN12-OPENSSL-6048820","severity":"medium","title":"Improper Check for Unusual or Exceptional Conditions"},{"exploit_maturity":"No Known Exploit","id":"SNYK-DEBIAN12-OPENSSL-6148845","severity":"medium","title":"Out-of-bounds Write"},{"exploit_maturity":"No Known Exploit","id":"SNYK-DEBIAN12-OPENSSL-6190223","severity":"medium","title":"CVE-2024-0727"}],"prId":"fa6dbc92-d0bd-4202-b73a-146474b9744e","prPublicId":"fa6dbc92-d0bd-4202-b73a-146474b9744e","packageManager":"dockerfile","priorityScoreList":[null,null,null,null],"projectPublicId":"3278b9c4-b414-49a7-ad7a-38814354948e","projectUrl":"https://app.snyk.io/org/data_platformengineering/project/3278b9c4-b414-49a7-ad7a-38814354948e?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title"],"type":"auto","upgrade":["SNYK-DEBIAN12-OPENSSL-6048820","SNYK-DEBIAN12-OPENSSL-6148845","SNYK-DEBIAN12-OPENSSL-6190223","SNYK-DEBIAN12-SYSTEMD-6277507","SNYK-DEBIAN12-SYSTEMD-6277507"],"vulns":["SNYK-DEBIAN12-SYSTEMD-6277507","SNYK-DEBIAN12-OPENSSL-6048820","SNYK-DEBIAN12-OPENSSL-6148845","SNYK-DEBIAN12-OPENSSL-6190223"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'
github-actions[bot] commented 2 months ago

Test Results

βŸβ€„β€ˆβŸβ€„17 files  +βŸβ€„β€ˆβŸβ€„βŸβ€„4β€‚β€ƒβŸβ€„β€ˆβŸβ€„17 suites  +4   27m 59s :stopwatch: + 1m 29s 1β€ˆ489 tests +βŸβ€„β€ˆβŸβ€„βŸβ€„3  1β€ˆ469 :heavy_check_mark: +βŸβ€„β€ˆβŸβ€„14β€‚β€ƒβŸβ€„20 :zzz:  -β€Š11  0 :x: Β±0  5β€ˆ755 runs  +1β€ˆ341  5β€ˆ570 :heavy_check_mark: +1β€ˆ250  185 :zzz: +91  0 :x: Β±0 

Results for commit 40414ece. ± Comparison against base commit bd676a3e.