Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: bump karma container image to address critical CVEs #1770

Merged
merged 4 commits into from
Dec 19, 2023
Merged

fix: bump karma container image to address critical CVEs #1770

merged 4 commits into from
Dec 19, 2023

Conversation

mhrabovcin
Copy link
Contributor

What problem does this PR solve?:
Use a new karma container image that resolves critical vulnerabilities.

trivy image mhrabovcin/karma:v0.88-d2iq-server-name.1 --severity CRITICAL
2023-12-15T16:53:52.225+0100    INFO    Vulnerability scanning is enabled
2023-12-15T16:53:52.226+0100    INFO    Secret scanning is enabled
2023-12-15T16:53:52.226+0100    INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-12-15T16:53:52.226+0100    INFO    Please see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection
2023-12-15T16:53:52.238+0100    INFO    Detected OS: debian
2023-12-15T16:53:52.238+0100    INFO    Detecting Debian vulnerabilities...
2023-12-15T16:53:52.242+0100    INFO    Number of language-specific files: 1
2023-12-15T16:53:52.242+0100    INFO    Detecting gobinary vulnerabilities...

mhrabovcin/karma:v0.88-d2iq-server-name.1 (debian 11.8)

Total: 0 (CRITICAL: 0)

Which issue(s) does this PR fix?:

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Checklist

  • If the PR adds a version bump, ensure there is no breaking change in Licensing model (or NA).
  • If a chart is changed or app configuration is significantly changed, the chart version is correctly incremented (so that apps are not automatically upgraded from a previous version of DKP).

@mhrabovcin mhrabovcin added do-not-merge open-kommander-pr Automatically triggers the creation of a PR in Kommander repo services/karma labels Dec 15, 2023
@mhrabovcin mhrabovcin self-assigned this Dec 15, 2023
@github-actions github-actions bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Dec 15, 2023
@d2iq-mergebot
Copy link
Contributor

This repo has @d2iq-mergebot integration. You can perform the following commands by submitting a comment. Submit a comment with content "@d2iq-mergebot help" to view more detailed help text and examples. Be sure the have a look at the mergebot documentation, too.For help using mergebot, please refer to the README file here: https://github.com/mesosphere/mergebot/blob/main/README.md
Enabled Mergebot commands:
@d2iq-mergebot test all
@d2iq-mergebot test
@d2iq-mergebot override-status
@d2iq-mergebot help
@d2iq-mergebot backport

@github-actions GitHub Actions
Copy link
Contributor

✅ Created Kommander branch to test kommander-applications changes: https://github.com/mesosphere/kommander/tree/kapps/main/mh/karma/fix-critical-cves

@coveralls
Copy link

coveralls commented Dec 15, 2023
edited
Loading

Pull Request Test Coverage Report for Build 7246701448

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 79.532%
Totals Coverage Status
Change from base Build 7220136479: 0.0%
Covered Lines: 136
Relevant Lines: 171
💛 - Coveralls

palexster
palexster approved these changes Dec 15, 2023
View reviewed changes
licenses.d2iq.yaml Outdated Show resolved Hide resolved
services/karma/2.0.3/defaults/cm.yaml Outdated Show resolved Hide resolved
mikolajb
mikolajb approved these changes Dec 15, 2023
View reviewed changes
Copy link
Contributor

@mikolajb mikolajb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's just address Alex's question 🙏🏻

@mhrabovcin mhrabovcin merged commit b1b7e2f into main Dec 19, 2023
23 checks passed
@mhrabovcin mhrabovcin deleted the mh/karma/fix-critical-cves branch December 19, 2023 10:35
@mhrabovcin mhrabovcin restored the mh/karma/fix-critical-cves branch December 19, 2023 10:38
mhrabovcin added a commit that referenced this pull request Dec 19, 2023
@mhrabovcin
fix: bump karma container image to address critical CVEs (#1770)
f5295a1 
* fix: bump karma container image to address critical CVEs

* chore: update licenses for karma

* fix: use mesosphere repo source for karma image

* fix: use karma chart version 2.0.2
@mhrabovcin mhrabovcin mentioned this pull request Dec 19, 2023
Merged
2 tasks
mhrabovcin added a commit that referenced this pull request Dec 19, 2023
@mhrabovcin
fix: bump karma container image to address critical CVEs (2.7) (#1773)
591933e 
fix: bump karma container image to address critical CVEs (#1770)

* fix: bump karma container image to address critical CVEs

* chore: update licenses for karma

* fix: use mesosphere repo source for karma image

* fix: use karma chart version 2.0.2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikolajb mikolajb mikolajb approved these changes

@palexster palexster palexster approved these changes

@takirala takirala Awaiting requested review from takirala

@gracedo gracedo Awaiting requested review from gracedo

@cwyl02 cwyl02 Awaiting requested review from cwyl02

Assignees

@mhrabovcin mhrabovcin

Labels
backport-to-release-2.7 open-kommander-pr Automatically triggers the creation of a PR in Kommander repo ready-for-review services/karma size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mhrabovcin @d2iq-mergebot @coveralls @mikolajb @palexster