Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade python from 3.13.0rc1-slim-bullseye to 3.13-slim-bullseye #235

Open
wants to merge 29 commits into
base: develop
Choose a base branch
from
Open

[Snyk] Security upgrade python from 3.13.0rc1-slim-bullseye to 3.13-slim-bullseye #235

wants to merge 29 commits into from

Conversation

Abuchtela
Copy link
Owner

snyk-top-banner

Snyk has created this PR to fix 5 vulnerabilities in the dockerfile dependencies of this project.

Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.

Snyk changed the following file(s):

  • ops/docker/ci-builder/Dockerfile

We recommend upgrading to python:3.13-slim-bullseye, as this image has only 66 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Integer Overflow or Wraparound
SNYK-DEBIAN11-EXPAT-7855504		   263  
critical severity Integer Overflow or Wraparound
SNYK-DEBIAN11-EXPAT-7855505		   263  
critical severity Out-of-bounds Read
SNYK-DEBIAN11-DB53-2825168		   242  
critical severity Integer Overflow or Wraparound
SNYK-DEBIAN11-ZLIB-6008961		   240  
critical severity XML External Entity (XXE) Injection
SNYK-DEBIAN11-EXPAT-7855508		   161  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 XML External Entity (XXE) Injection

snyk-bot and others added 29 commits October 14, 2023 03:46
@snyk-bot
fix: packages/contracts-bedrock/package.json to reduce vulnerabilities
581776d 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-UNDICI-5962466
@Abuchtela
Set up CI with Azure Pipelines
744e010 
[skip ci]
@Abuchtela
Merge branch 'ethereum-optimism:develop' into develop
9628e43
@dependabot
build(deps): bump golang.org/x/crypto from 0.16.0 to 0.19.0
7ae63b5 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.19.0.
- [Commits](golang/crypto@v0.16.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build(deps): bump ethereum/client-go in /ops-bedrock
8382681 
Bumps ethereum/client-go from v1.13.5 to v1.13.13.

---
updated-dependencies:
- dependency-name: ethereum/client-go
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@Abuchtela
Merge pull request #96 from Abuchtela/dependabot/go_modules/golang.or…
1159b41 
…g/x/crypto-0.19.0

build(deps): bump golang.org/x/crypto from 0.16.0 to 0.19.0
@Abuchtela
Merge branch 'develop' into snyk-fix-9148e5c36e46a6b0aafabff61dfc4967
3b62167
@Abuchtela
Merge pull request #39 from Abuchtela/snyk-fix-9148e5c36e46a6b0aafabf…
d8ec68a 
…f61dfc4967

[Snyk] Security upgrade hardhat from 2.9.6 to 2.9.8
@Abuchtela
Merge pull request #109 from Abuchtela/dependabot/docker/ops-bedrock/…
204fd5d 
…ethereum/client-go-v1.13.13

build(deps): bump ethereum/client-go from v1.13.5 to v1.13.13 in /ops-bedrock
@dependabot @Abuchtela
build(deps-dev): bump eslint from 8.55.0 to 8.57.0
d1a61d4 
Bumps [eslint](https://github.com/eslint/eslint) from 8.55.0 to 8.57.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v8.55.0...v8.57.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@Abuchtela
Create snyk-security.yml
a8c497c
@snyk-bot @Abuchtela
fix: ops/docker/Dockerfile.packages to reduce vulnerabilities
57f11a9 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-ZLIB-6008961
- https://snyk.io/vuln/SNYK-UPSTREAM-NODE-6252335
- https://snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332
- https://snyk.io/vuln/SNYK-UPSTREAM-NODE-6255385
- https://snyk.io/vuln/SNYK-UPSTREAM-NODE-6252334
@snyk-bot @Abuchtela
fix: ops/check-changed/requirements.txt to reduce vulnerabilities
0ebc511 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-7430173
- https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250
@snyk-bot @Abuchtela
fix: ops/tag-service/requirements.txt to reduce vulnerabilities
c2c8f3c 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
@snyk-bot @Abuchtela
fix: ops/docker/ci-builder/Dockerfile to reduce vulnerabilities
9a8ba99 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-ZLIB-6008961
- https://snyk.io/vuln/SNYK-DEBIAN11-DB53-2825168
- https://snyk.io/vuln/SNYK-DEBIAN11-TAR-523480
@snyk-bot @Abuchtela
fix: ops/docker/Dockerfile.packages to reduce vulnerabilities
250ac47 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-ZLIB-6008961
- https://snyk.io/vuln/SNYK-DEBIAN11-DB53-2825168
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521063
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521063
- https://snyk.io/vuln/SNYK-DEBIAN11-TAR-523480
@snyk-bot @Abuchtela
fix: op-program/Dockerfile to reduce vulnerabilities
d4fe210 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
@snyk-bot @Abuchtela
fix: ops-bedrock/Dockerfile.stateviz to reduce vulnerabilities
40ab836 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-7413523
- https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-7413523
- https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-7413527
- https://snyk.io/vuln/SNYK-ALPINE319-OPENSSL-7413527
@snyk-bot @Abuchtela
fix: op-node/Dockerfile to reduce vulnerabilities
a4bb28f 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
@snyk-bot @Abuchtela
fix: op-batcher/Dockerfile to reduce vulnerabilities
7273d38 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
@snyk-bot @Abuchtela
fix: op-challenger/Dockerfile to reduce vulnerabilities
bcf48d1 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
@snyk-bot @Abuchtela
fix: op-proposer/Dockerfile to reduce vulnerabilities
ad6c98a 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
@snyk-bot @Abuchtela
fix: op-heartbeat/Dockerfile to reduce vulnerabilities
78190b6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
@snyk-bot @Abuchtela
fix: op-exporter/Dockerfile to reduce vulnerabilities
a7c3e96 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
@snyk-bot @Abuchtela
fix: op-wheel/Dockerfile to reduce vulnerabilities
c3ad5ef 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
@snyk-bot @Abuchtela
fix: indexer/Dockerfile to reduce vulnerabilities
8864b5c 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536
@snyk-bot @Abuchtela
fix: packages/chain-mon/package.json to reduce vulnerabilities
e813597 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918
@snyk-bot @Abuchtela
fix: packages/common-ts/package.json to reduce vulnerabilities
3787e0e 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918
@snyk-bot
fix: ops/docker/ci-builder/Dockerfile to reduce vulnerabilities
dce15f7 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-EXPAT-7855504
- https://snyk.io/vuln/SNYK-DEBIAN11-EXPAT-7855505
- https://snyk.io/vuln/SNYK-DEBIAN11-DB53-2825168
- https://snyk.io/vuln/SNYK-DEBIAN11-ZLIB-6008961
- https://snyk.io/vuln/SNYK-DEBIAN11-EXPAT-7855508
@mergify mergify bot added the A-ops label Oct 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
A-ops
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Abuchtela @snyk-bot