Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue 809] Security ECS Container CVE #949

Merged
merged 5 commits into from
Jan 2, 2024
Merged

[Issue 809] Security ECS Container CVE #949

merged 5 commits into from
Jan 2, 2024

Conversation

SammySteiner
Copy link
Contributor

Summary

Fixes #809

Time to review: ? mins

Changes proposed

Updating packages, modules, and dependencies

Context for reviewers

not sure on the best process to test these changes

@SammySteiner
Copy link
Contributor Author

SammySteiner commented Dec 29, 2023
edited
Loading

Seeing the following api vulnerabilities:

image

CVE-2023-5678
and
SNYK-PYTHON-CRYPTOGRAPHY-6126975
Are part of the cryptography 41.0.7 module, but that is the latest cryptography release, so there is no action to be taken at this time.
CVE-2023-5752 is present on all python docker images, so there no action to be taken at this time.

Seeing the following frontend vulnerability:

image

CVE-2022-29526
This is a subpackage of the storybook package, which shouldn't have been included in the final build in our pipeline, so I'm not sure why this package is even still here. That being said, while there is a fix to this go library, the fix hasn't been released in storybook, for which we're using the latest release.

@SammySteiner SammySteiner marked this pull request as ready for review December 29, 2023 14:53
@SammySteiner SammySteiner requested review from chouinar and aplybeah and removed request for andycochran December 29, 2023 14:54
acouch
acouch approved these changes Dec 29, 2023
View reviewed changes
Copy link
Collaborator

@acouch acouch left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(praise) This is fantastic progress, thanks!
(nit) Update title before merging.

@SammySteiner SammySteiner changed the title Sammysteiner/809 container CVE [Issue 809] Security ECS Container CVE Jan 2, 2024
@SammySteiner SammySteiner merged commit fe6d925 into main Jan 2, 2024
24 checks passed
@SammySteiner SammySteiner deleted the sammysteiner/809-container-cve branch January 2, 2024 18:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@acouch acouch acouch approved these changes

@chouinar chouinar Awaiting requested review from chouinar chouinar is a code owner

@aplybeah aplybeah Awaiting requested review from aplybeah

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Task] Address vulnerability scans on containers
2 participants
@SammySteiner @acouch