[Snyk] Security upgrade ubuntu from 22.04 to 22.10 #218
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Streamline CI builds
Trigger gh-pages build on push to master
Bumps [github.com/gookit/color](https://github.com/gookit/color) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/gookit/color/releases) - [Commits](gookit/color@v1.2.3...v1.2.4) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Bumps [github.com/go-errors/errors](https://github.com/go-errors/errors) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/go-errors/errors/releases) - [Commits](go-errors/errors@v1.0.1...v1.0.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
* Remove debug log, disable favicon for edit entry modal * Fix messages in bg not visible * Improve form handling for keystore creation * Fix show errors form handling * Form handling on register modal * Fix issue with invitations page breaking UI right after registration, remove logging * Refine keystore routing, refine authstate store * Allow deletion of accepted (but not finalized) invitation * Disable revocation for now * Cleanup * Keystore deletion * fix keystore name trim on creation * Allow test suites to run in parallel
Pkgs error handling, cleanup unused pkgs
* Refine error handling on server domain and application * Fix various access control issues * Safeguard around functional opts being nil * Refine error handling on storage adapters * Refine server's rest API * Fix test suites
* Add golangci-lint on CI * Fix golangci-lint suggestions * Add .gitkeep & keep it when building * Update generated files
Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/gin-gonic/gin/releases) - [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md) - [Commits](gin-gonic/gin@v1.9.0...v1.9.1) --- updated-dependencies: - dependency-name: github.com/gin-gonic/gin dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 4.1.4 to 4.1.5. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v4.1.5/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v4.1.5/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.11.6 to 1.11.7. - [Release notes](https://github.com/mongodb/mongo-go-driver/releases) - [Commits](mongodb/mongo-go-driver@v1.11.6...v1.11.7) --- updated-dependencies: - dependency-name: go.mongodb.org/mongo-driver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/go-co-op/gocron](https://github.com/go-co-op/gocron) from 1.27.0 to 1.28.3. - [Release notes](https://github.com/go-co-op/gocron/releases) - [Commits](go-co-op/gocron@v1.27.0...v1.28.3) --- updated-dependencies: - dependency-name: github.com/go-co-op/gocron dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/deepmap/oapi-codegen](https://github.com/deepmap/oapi-codegen) from 1.12.4 to 1.13.0. - [Release notes](https://github.com/deepmap/oapi-codegen/releases) - [Commits](oapi-codegen/oapi-codegen@v1.12.4...v1.13.0) --- updated-dependencies: - dependency-name: github.com/deepmap/oapi-codegen dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.10.0. - [Commits](golang/crypto@v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Refine client domain * Refine user domain entity * Depend on lint to bail CI early * Refine app * Cleanup app ifaces * Refine error handling on application * Cleanup enclaverepo * Refine error handling on enclaverepo * Fix dependency between enclaverepo and remote * Move remote-related encryption to remote module * Refine error handling on remote adapter * Partially refine rest http server port * Fix sync bug * Fix test suites * Improve golangci-lint * Refine rest api returned errors * Organize client rest api file structure & cleanup middleware * Parallelize all tests * Add some error handling on keystores/invitations * Remove metrics endpoint * Fix lint * Refine applications startup * Remove config pkg * Fix shutdown error * Refine shared secrets calculations * Move keypair generation to enclave * Fix invitations count on sidebar * Refine invitations page statuses * Cleanup routers * Some more error handling * Silent authentication cronjob
Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/otiai10/copy/releases) - [Commits](otiai10/copy@v1.11.0...v1.12.0) --- updated-dependencies: - dependency-name: github.com/otiai10/copy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-UBUNTU2204-BASH-3098342 - https://snyk.io/vuln/SNYK-UBUNTU2204-COREUTILS-2801226 - https://snyk.io/vuln/SNYK-UBUNTU2204-GLIBC-2801292 - https://snyk.io/vuln/SNYK-UBUNTU2204-LIBCAP2-5538282 - https://snyk.io/vuln/SNYK-UBUNTU2204-LIBCAP2-5538296
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
✨ Snyk has automatically assigned this pull request, set who gets assigned.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Changes included in this PR
We recommend upgrading to
ubuntu:22.10, as this image has only 10 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Some of the most important vulnerabilities in your base image include:
SNYK-UBUNTU2204-BASH-3098342
SNYK-UBUNTU2204-COREUTILS-2801226
SNYK-UBUNTU2204-GLIBC-2801292
SNYK-UBUNTU2204-LIBCAP2-5538282
SNYK-UBUNTU2204-LIBCAP2-5538296
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Memory Leak
🦉 Allocation of Resources Without Limits or Throttling