Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade ubuntu from latest to 22.10 #194

Merged
merged 2 commits into from
Apr 19, 2023
Merged

[Snyk] Security upgrade ubuntu from latest to 22.10 #194

merged 2 commits into from
Apr 19, 2023

Conversation

infamousjoeg
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • Dockerfile

We recommend upgrading to ubuntu:22.10, as this image has only 7 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
medium severity 300 NULL Pointer Dereference
SNYK-UBUNTU2204-OPENSSL-3314672		 No Known Exploit
medium severity 300 Double Free
SNYK-UBUNTU2204-OPENSSL-3314696		 No Known Exploit
high severity 400 Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-UBUNTU2204-OPENSSL-3314792		 No Known Exploit
medium severity 300 Off-by-one Error
SNYK-UBUNTU2204-SYSTEMD-3098846		 No Known Exploit
medium severity 514 Out-of-bounds Read
SNYK-UBUNTU2204-TAR-3261138		 No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

Learn how to fix vulnerabilities with free interactive lessons:

🦉 NULL Pointer Dereference

@infamousjoeg infamousjoeg changed the base branch from main to v1.0.0-release April 19, 2023 14:49
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@infamousjoeg infamousjoeg merged commit 94476f9 into v1.0.0-release Apr 19, 2023
@infamousjoeg infamousjoeg deleted the snyk-fix-0376561e03ef6626cfc983a6f2320611 branch April 19, 2023 17:08
infamousjoeg added a commit that referenced this pull request Aug 23, 2023
@infamousjoeg @matiya
@dependabot @snyk-bot
v1.0.0 Release (#203)
ffd7d77 
* Add aws-cli based role assumption for authn-iam (#190)

* Typo in doc cybr_accounts_add (#192)

* Typo in doc cybr_accounts_add

Secret parameter should be -c, not -s

* Update account.go

* Bump golang.org/x/sys from 0.0.0-20220405052023-b1e9470b6e64 to 0.1.0 (#191)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.0.0-20220405052023-b1e9470b6e64 to 0.1.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/commits/v0.1.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Snyk] Security upgrade ubuntu from latest to 22.10 (#194)

* fix: Dockerfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-3314672
- https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-3314696
- https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-3314792
- https://snyk.io/vuln/SNYK-UBUNTU2204-SYSTEMD-3098846
- https://snyk.io/vuln/SNYK-UBUNTU2204-TAR-3261138

* Set non-root `cybr` user as default

---------

Co-authored-by: snyk-bot <snyk-bot@snyk.io>

* Update action versions & add Conjur fetching (#195) (#196)

* Update action versions & add Conjur fetching

* flip Go install to after source checkout

* update go-version

* go-version to version

* version set to latest

* add debug step

* switch from authn-jwt to authn due to iat issues

* Add unlock & checkin to cybr accounts (#199)

* [Snyk] Security upgrade ubuntu from latest to kinetic (#197)

* Update action versions & add Conjur fetching (#195)

* Update action versions & add Conjur fetching

* flip Go install to after source checkout

* update go-version

* go-version to version

* version set to latest

* add debug step

* switch from authn-jwt to authn due to iat issues

* fix: Dockerfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-UBUNTU2204-BASH-3098342
- https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-5296052
- https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-5296082
- https://snyk.io/vuln/SNYK-UBUNTU2204-SHADOW-5425688
- https://snyk.io/vuln/SNYK-UBUNTU2204-SHADOW-5425688

---------

Co-authored-by: snyk-bot <snyk-bot@snyk.io>

* Fixes #189 add support for cyberark identity authentication (#202)

* Initial commit

* Implement Identity check for httpjson

* Update GitHub Workflows for successful tests (#200)

* Update action versions & add Conjur fetching (#195)

* Update action versions & add Conjur fetching

* flip Go install to after source checkout

* update go-version

* go-version to version

* version set to latest

* add debug step

* switch from authn-jwt to authn due to iat issues

* Update README.md

* Identity StartAuthentication implemented

* refactored StartAuth

* Began implementation of Password AdvanceAuth

* Identity auth-type tested successfully

* Added color to terminal

* Update /docs

* Updated README

* Use platform discovery instead of requiring TenantID

* Derive PCloud URL from Platform Discovery

* Derive PCloud URL from Platform Discovery

* Updated docs to remove tenant ID requirement

* Fix 7 code smells

* remove duplicate tests on v* branch

* Only test on push

* Fix go test failures

* Generate new docs

* Bump version to 1.0.0-release

* add ReadInput function (#204)

* Added SignOutSession function (#205)

* Update Makefile

* Add Polling of OOBPending (#206)

* channel oob polling & otp input

* Have otp code on same line

* rm bin and add to .gitignore

* Add .gitignore

* Add version to binary release

* Fixes #207 Add remaining scopes to cybr accounts change (#208)

* Add remaining scopes to cybr accounts change

* Remove VaultOnly tests & fix code smell

* fixed account credentials unit tests

* final unit tests fix

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Matias Siracusa <matias.siracusa@gmx.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@infamousjoeg @snyk-bot