MGMT-16587: Migrate from dockertest to testcontainers to mitigate CVE-2024-21626 #6109
Commits on Mar 26, 2024
-
MGMT-16587: Migrate from dockertest to testcontainers to mitigate CVE…
…-2024-21626 This PR is to address CVE-2024-21626 which is ultimately caused by a vulnerable dependency on runc < 1.1.12 The dockertest library that is used for instantiation of a database container in some of our unit tests appears to use a vulnerable version of this library. The dockertest project has not had much activity in the last 12 months. This PR migrates away from Dockertest by removing the library and all code that uses it, replacing this instead with an implementation to use TestContainers-Go. TestContainers is a much more supported and updated library with more maintainers and has up to date dependencies, including a non vulnerable version of runc.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.