1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00

fix: hack/api-docs/requirements.txt to reduce vulnerabilities (#3036)

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5840803
- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
This commit is contained in:
Moritz Johner 2024-01-19 08:04:25 +01:00 committed by GitHub
parent 31cecaa62b
commit 43b6c5eaad
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 22 additions and 8 deletions

View file

@ -10,3 +10,18 @@ updates:
directory: "/" directory: "/"
schedule: schedule:
interval: "weekly" interval: "weekly"
- package-ecosystem: docker
directory: /e2e
schedule:
interval: weekly
- package-ecosystem: docker
directory: /hack/api-docs
schedule:
interval: weekly
- package-ecosystem: pip
directory: /hack/api-docs
schedule:
interval: weekly

View file

@ -1,6 +1,6 @@
# This version of Dockerfile is for building without external dependencies. # This version of Dockerfile is for building without external dependencies.
# Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .`
FROM golang:1.21.6-alpine AS builder FROM golang:1.21.6-alpine@sha256:fd78f2fb1e49bcf343079bbbb851c936a18fc694df993cbddaa24ace0cc724c5 AS builder
ARG TARGETOS ARG TARGETOS
ARG TARGETARCH ARG TARGETARCH
ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH}
@ -12,7 +12,7 @@ COPY . /app/
RUN go build -o external-secrets main.go RUN go build -o external-secrets main.go
FROM gcr.io/distroless/static AS app FROM gcr.io/distroless/static@sha256:9be3fcc6abeaf985b5ecce59451acbcbb15e7be39472320c538d0d55a0834edc AS app
COPY --from=builder /app/external-secrets /bin/external-secrets COPY --from=builder /app/external-secrets /bin/external-secrets
# Run as UID for nobody # Run as UID for nobody

View file

@ -1,5 +1,4 @@
ARG GO_VERSION=1.21 FROM golang:1.21.6-bookworm@sha256:04cf306d01a03309934b49ac4b9f487abb8a054b71141fa53df6df482ab7d7eb as builder
FROM golang:$GO_VERSION-bookworm as builder
ENV KUBECTL_VERSION="v1.28.3" ENV KUBECTL_VERSION="v1.28.3"
ENV HELM_VERSION="v3.13.1" ENV HELM_VERSION="v3.13.1"

View file

@ -9,7 +9,7 @@ htmlmin==0.1.12
idna==3.6 idna==3.6
importlib-metadata==7.0.1 importlib-metadata==7.0.1
importlib-resources==6.1.1 importlib-resources==6.1.1
Jinja2==3.1.2 Jinja2==3.1.3
jsmin==3.0.1 jsmin==3.0.1
livereload==2.6.3 livereload==2.6.3
Markdown==3.5.2 Markdown==3.5.2
@ -29,13 +29,13 @@ platformdirs==4.1.0
Pygments==2.17.2 Pygments==2.17.2
pymdown-extensions==10.7 pymdown-extensions==10.7
python-dateutil==2.8.2 python-dateutil==2.8.2
PyYAML==5.3.1 PyYAML==6.0.1
pyyaml_env_tag==0.1 pyyaml_env_tag==0.1
regex==2023.12.25 regex==2023.12.25
requests==2.31.0 requests==2.31.0
six==1.16.0 six==1.16.0
termcolor==2.4.0 termcolor==2.4.0
tornado==6.1 tornado==6.3.3
urllib3==2.1.0 urllib3==2.1.0
verspec==0.1.0 verspec==0.1.0
watchdog==3.0.0 watchdog==3.0.0

View file

@ -2,7 +2,7 @@ FROM golang:1.21.6@sha256:6fbd2d3398db924f8d708cf6e94bd3a436bb468195daa6a96e8050
WORKDIR / WORKDIR /
COPY ./bin/external-secrets /external-secrets COPY ./bin/external-secrets /external-secrets
RUN go install github.com/go-delve/delve/cmd/dlv@latest RUN go install github.com/go-delve/delve/cmd/dlv@v1.22.0
RUN chmod +x /go/bin/dlv RUN chmod +x /go/bin/dlv
RUN mv /go/bin/dlv / RUN mv /go/bin/dlv /