Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix: hack/api-docs/requirements.txt to reduce vulnerabilities (#3036)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5840803
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Moritz Johner 2 years ago
parent
31cecaa62b
commit
43b6c5eaad
5 changed files with 22 additions and 8 deletions
Split View Show Diff Stats
  1. 15 0
      .github/dependabot.yml
  2. 2 2
      Dockerfile.standalone
  3. 1 2
      e2e/Dockerfile
  4. 3 3
      hack/api-docs/requirements.txt
  5. 1 1
      tilt.debug.dockerfile

+ 15 - 0
.github/dependabot.yml
View File 

@@ -10,3 +10,18 @@ updates:
 
     directory: "/"
 
     schedule:
 
       interval: "weekly"
 
+
 
+  - package-ecosystem: docker
 
+    directory: /e2e
 
+    schedule:
 
+      interval: weekly
 
+
 
+  - package-ecosystem: docker
 
+    directory: /hack/api-docs
 
+    schedule:
 
+      interval: weekly
 
+
 
+  - package-ecosystem: pip
 
+    directory: /hack/api-docs
 
+    schedule:
 
+      interval: weekly

+ 2 - 2
Dockerfile.standalone
View File 

@@ -1,6 +1,6 @@
 
 # This version of Dockerfile is for building without external dependencies.
 
 # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .`
 
-FROM golang:1.21.6-alpine AS builder
 
+FROM golang:1.21.6-alpine@sha256:fd78f2fb1e49bcf343079bbbb851c936a18fc694df993cbddaa24ace0cc724c5 AS builder
 
 ARG TARGETOS
 
 ARG TARGETARCH
 
 ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH}
 
@@ -12,7 +12,7 @@ COPY . /app/
 
 RUN go build -o external-secrets main.go
 
 
 
-FROM gcr.io/distroless/static AS app
 
+FROM gcr.io/distroless/static@sha256:9be3fcc6abeaf985b5ecce59451acbcbb15e7be39472320c538d0d55a0834edc AS app
 
 COPY --from=builder /app/external-secrets /bin/external-secrets
 
 
 # Run as UID for nobody

+ 1 - 2
e2e/Dockerfile
View File 

@@ -1,5 +1,4 @@
 
-ARG GO_VERSION=1.21
 
-FROM golang:$GO_VERSION-bookworm as builder
 
+FROM golang:1.21.6-bookworm@sha256:04cf306d01a03309934b49ac4b9f487abb8a054b71141fa53df6df482ab7d7eb as builder
 
 
 ENV KUBECTL_VERSION="v1.28.3"
 
 ENV HELM_VERSION="v3.13.1"

+ 3 - 3
hack/api-docs/requirements.txt
View File 

@@ -9,7 +9,7 @@ htmlmin==0.1.12
 
 idna==3.6
 
 importlib-metadata==7.0.1
 
 importlib-resources==6.1.1
 
-Jinja2==3.1.2
 
+Jinja2==3.1.3
 
 jsmin==3.0.1
 
 livereload==2.6.3
 
 Markdown==3.5.2
 
@@ -29,13 +29,13 @@ platformdirs==4.1.0
 
 Pygments==2.17.2
 
 pymdown-extensions==10.7
 
 python-dateutil==2.8.2
 
-PyYAML==5.3.1
 
+PyYAML==6.0.1
 
 pyyaml_env_tag==0.1
 
 regex==2023.12.25
 
 requests==2.31.0
 
 six==1.16.0
 
 termcolor==2.4.0
 
-tornado==6.1
 
+tornado==6.3.3
 
 urllib3==2.1.0
 
 verspec==0.1.0
 
 watchdog==3.0.0

+ 1 - 1
tilt.debug.dockerfile
View File 

@@ -2,7 +2,7 @@ FROM golang:1.21.6@sha256:6fbd2d3398db924f8d708cf6e94bd3a436bb468195daa6a96e8050
 
 WORKDIR /
 
 COPY ./bin/external-secrets /external-secrets
 
 
-RUN go install github.com/go-delve/delve/cmd/dlv@latest
 
+RUN go install github.com/go-delve/delve/cmd/dlv@v1.22.0
 
 RUN chmod +x /go/bin/dlv
 
 RUN mv /go/bin/dlv /