Skip to content

Fixing Vulnerabilities #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 31 commits into
base: master
Choose a base branch
from
Open

Fixing Vulnerabilities #37

wants to merge 31 commits into from

Conversation

@joseguzman1337
Copy link

@joseguzman1337 joseguzman1337 commented Aug 10, 2023

Please look at the commits to view each file's details and their objectives.

snyk-bot and others added 30 commits November 13, 2021 23:52
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
1c3ec19 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151
@snyk-bot
fix: Dockerfile to reduce vulnerabilities
05834ff 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893
- https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1075326
- https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1569403
- https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1569406
- https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-567125
@joseguzman1337
Merge pull request #2 from 4k4xs4pH1r3/snyk-fix-8309bb15f8a0d95dcc148…
ec48b9a 
…3065dc3a4fc

[Snyk] Security upgrade python from 3.8.0-slim to 3.9.7-slim
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
85345d9 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1533435
@joseguzman1337
Merge pull request #3 from 4k4xs4pH1r3/snyk-fix-75a2a4e6d16e13b65761c…
a02f6ad 
…495baf93263

[Snyk] Fix for 2 vulnerabilities
@joseguzman1337
Merge pull request #1 from 4k4xs4pH1r3/snyk-fix-bc25f2a4d0daf849cc28d…
5b4b011 
…87a1471413d

[Snyk] Security upgrade pyyaml from 5.3.1 to 5.4
@joseguzman1337
Create SECURITY.md
eb0aa88
@joseguzman1337
Create codeql-analysis.yml
6bb6092
@joseguzman1337
Create anchore-analysis.yml
16946f5
@joseguzman1337
Create kubesec-analysis.yml
8d0cc95
@joseguzman1337
Create semgrep-analysis.yml
26de9ed
@joseguzman1337
Create snyk-container-analysis.yml
8ccec17
@joseguzman1337
Create snyk-infrastructure-analysis.yml
8de8e9f
@joseguzman1337
Create trivy-analysis.yml
228facf
@mend-bolt-for-github
Add .whitesource configuration file
ed15563
@snyk-bot
fix: Dockerfile to reduce vulnerabilities
ba00fdd 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-EXPAT-2384928
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340908
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340908
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340922
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340922
@joseguzman1337
Merge pull request #6 from 4k4xs4pH1r3/snyk-fix-47d7be2a36a7df6496ae6…
fbbe4c4 
…a891f9ad4c2

[Snyk] Security upgrade python from 3.9.7-slim to 3.10.1-slim
@snyk-bot
fix: Dockerfile to reduce vulnerabilities
47a8392 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-EXPAT-2384928
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340908
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340908
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340922
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340922
@joseguzman1337
Merge pull request #7 from 4k4xs4pH1r3/snyk-fix-237b9365c92df6570b446…
be08ebf 
…fb6f4041c29

[Snyk] Security upgrade python from 3.10.1-slim to 3.11-rc-slim
@snyk-bot
fix: Dockerfile to reduce vulnerabilities
c6de418 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-EXPAT-2384928
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340908
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340908
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340922
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340922
@joseguzman1337
Merge pull request #8 from 4k4xs4pH1r3/snyk-fix-237b9365c92df6570b446…
fc4ffb5 
…fb6f4041c29

[Snyk] Security upgrade python from 3.10.1-slim to 3.11-rc-slim
@joseguzman1337
Merge pull request #4 from 4k4xs4pH1r3/whitesource/configure
ad133fe 
Configure WhiteSource Bolt for GitHub
@dependabot
Bump requests from 2.24.0 to 2.31.0
d1e932d 
Bumps [requests](https://github.com/psf/requests) from 2.24.0 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.24.0...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@joseguzman1337
Merge pull request #10 from 4k4xs4pH1r3/dependabot/pip/requests-2.31.0
7cd2434 
Bump requests from 2.24.0 to 2.31.0
@joseguzman1337
Merge branch 'vchinnipilli:master' into master
549efb7
@dependabot
Bump urllib3 from 1.26.5 to 1.26.18
8b09b88 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.5 to 1.26.18.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.5...1.26.18)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@joseguzman1337
Merge pull request #12 from 4k4xs4pH1r3/dependabot/pip/urllib3-1.26.18
8673a83 
Bump urllib3 from 1.26.5 to 1.26.18
@dependabot
Bump the pip group across 1 directory with 2 updates
102cfbe 
Bumps the pip group with 2 updates in the / directory: [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).


Updates `requests` from 2.31.0 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.32.2)

Updates `urllib3` from 1.26.18 to 1.26.19
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/1.26.19/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.18...1.26.19)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: urllib3
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@joseguzman1337
Merge pull request #14 from joseguzman1337/dependabot/pip/pip-9c2a80d4ef
f4dbf70 
Bump the pip group across 1 directory with 2 updates
@dependabot
Bump the pip group across 1 directory with 2 updates
9a16ffb 
Bumps the pip group with 2 updates in the / directory: [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).


Updates `requests` from 2.32.2 to 2.32.4
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.2...v2.32.4)

Updates `urllib3` from 1.26.19 to 2.5.0
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.19...2.5.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: urllib3
  dependency-version: 2.5.0
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@joseguzman1337
Merge pull request #15 from joseguzman1337/dependabot/pip/pip-c55f158233
a8af96d 
Bump the pip group across 1 directory with 2 updates
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@joseguzman1337 @snyk-bot