Skip to content

Remediating certifi vulnerability#37

Merged
hectormachin merged 4 commits intomainfrom
hm/certifi-cve-fix
Aug 23, 2023
Merged

Remediating certifi vulnerability#37
hectormachin merged 4 commits intomainfrom
hm/certifi-cve-fix

Conversation

@hectormachin
Copy link
Copy Markdown
Contributor

@hectormachin hectormachin commented Aug 22, 2023

No description provided.

@codecov
Copy link
Copy Markdown

codecov bot commented Aug 22, 2023
edited
Loading

Codecov Report

Patch and project coverage have no change.

Comparison is base (4fcdb65) 97.13% compared to head (4afb0e1) 97.13%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main      #37   +/-   ##
=======================================
  Coverage   97.13%   97.13%           
=======================================
  Files          21       21           
  Lines         943      943           
=======================================
  Hits          916      916           
  Misses         27       27

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 22, 2023
View reviewed changes
@hectormachin hectormachin requested a review from jkeifer August 22, 2023 17:01
jkeifer
jkeifer approved these changes Aug 22, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@jkeifer jkeifer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a good change, though after reviewing the dockerfile I am concerned we have more work to do here. I think we need to adopt a versioning approach like we use in swoop-db and then structure the dockerfile in a similar way, so the resulting image has only the final venv and not the input source/repo files. See https://github.com/Element84/swoop-db/blob/main/Dockerfile, though that is a bit more complicated than what we need here because of the postgres extension installs.

But that can be follow up work, just calling it out as something we'll want to discuss.

@hectormachin hectormachin merged commit 175fde3 into main Aug 23, 2023
@hectormachin hectormachin deleted the hm/certifi-cve-fix branch August 23, 2023 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkeifer jkeifer jkeifer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hectormachin @jkeifer