Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update/vulns #727

Merged
merged 2 commits into from
Dec 13, 2023
Merged

Update/vulns #727

merged 2 commits into from
Dec 13, 2023

Conversation

Aurelian-Shuttleworth
Copy link
Contributor

@Aurelian-Shuttleworth Aurelian-Shuttleworth commented Dec 4, 2023
edited
Loading

Description of your changes

As per Issue721 this is a minimal update to address multiple medium and high vulnerabilities detected by Snyk.

These issues need to be resolved as they block terraform docs use in many enterprises use cases.

Important to note, I also updated the Dockerfile as vulnerabilities were detected inside.

I have:

How has this code been tested

  • Tested image in private CI pipelines
  • ran make test
  • tested image using snyk container test

If additional tests are required, please let me know.

@Aurelian-Shuttleworth
Upgrade Google Cloud Go packages in go.sum
21a9745 
Numerous Google Cloud Go packages have been upgraded to their latest versions in the go.sum dependencies file. This enhances the codebase with the latest features, improvements, and bug fixes offered by these packages. It's part of an effort to keep the project's dependencies up to date and ensure the application runs optimally with the latest available resources.

Signed-off-by: Aurelian Shuttleworth <aurelian@shuttleworth.tech>
@Aurelian-Shuttleworth
Update OpenSSL package to mitigate CVE-2023-5363
65b37fb 
OpenSSL package was updated in the Dockerfile to mitigate potential threats associated with vulnerability CVE-2023-5363. Specifically, the command "RUN apk add --no-cache --upgrade "openssl>=3.1.4-r1"" was added to ensure an updated version of OpenSSL is used which addresses the mentioned vulnerability. This enhances the overall security of our Docker containerised application.

Signed-off-by: Aurelian Shuttleworth <aurelian@shuttleworth.tech>
@Aurelian-Shuttleworth Aurelian-Shuttleworth mentioned this pull request Dec 4, 2023
Open
@Aurelian-Shuttleworth
Copy link
Contributor Author

@khos2ow Could I get your eyes on this PR ^_^

@khos2ow khos2ow added this to In progress in v0.17 via automation Dec 13, 2023
@khos2ow khos2ow added dependencies Pull requests that update a dependency file docker labels Dec 13, 2023
khos2ow
khos2ow approved these changes Dec 13, 2023
View reviewed changes
Copy link
Member

@khos2ow khos2ow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @Aurelian-Shuttleworth!

v0.17 automation moved this from In progress to Reviewer approved Dec 13, 2023
@khos2ow khos2ow merged commit f249586 into terraform-docs:master Dec 13, 2023
15 checks passed
v0.17 automation moved this from Reviewer approved to Done Dec 13, 2023
@albertorm95
Copy link

Should we compile it? or will there be a new release?

@tbugfinder
Copy link

I guess fork

@floh96
Copy link

floh96 commented Dec 15, 2023

@khos2ow @metmajer Could you create a release please?

@tbugfinder
Copy link

and also add maintainers... ?

@khos2ow
Copy link
Member

khos2ow commented Dec 18, 2023

Sorry folks, a new release will be cut shortly!

@khos2ow khos2ow mentioned this pull request Dec 18, 2023
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khos2ow khos2ow khos2ow approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file docker size/XL
Projects
No open projects
v0.17
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Aurelian-Shuttleworth @albertorm95 @tbugfinder @floh96 @khos2ow