Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Fixes for certifi #60

Closed
wants to merge 1 commit into from
Closed

Security Fixes for certifi #60

wants to merge 1 commit into from

Conversation

ddonahue007
Copy link
Contributor

This PR addresses High and Medium level Vulnerabilities.

Before updates:

> grype docker:yuptoo:latest --only-fixed
 ✔ Vulnerability DB                [no update available]  
 ✔ Loaded image                                                                                                                                                                   quay.io/ddonahue/yuptoo:latest
 ✔ Parsed image                                                                                                                          sha256:3d83f621f0bb4f8fa6a9a5fe42e42a4668751838853e245ca1f8b32547adb363
 ✔ Cataloged packages              [139 packages]  
 ✔ Scanned for vulnerabilities     [96 vulnerabilities]  
   ├── 3 critical, 3 high, 46 medium, 42 low, 0 negligible (2 unknown)
   └── 4 fixed
NAME      INSTALLED  FIXED-IN    TYPE    VULNERABILITY        SEVERITY 
certifi   2022.12.7  2022.12.07  python  GHSA-43fp-rhv2-5gv8  Medium <----------------- These
certifi   2022.12.7  2023.7.22   python  GHSA-xqr8-7jwr-rhp7  High <--------------- /
pip       20.2.4     21.1        python  GHSA-5xp3-jfq3-5q8x  Medium    
requests  2.28.2     2.31.0      python  GHSA-j8r2-6x86-q33q  Medium

After updates:

> grype docker:yuptoo:latest --only-fixed
 ✔ Vulnerability DB                [no update available]  
 ✔ Loaded image                                                                                                                                                                   quay.io/ddonahue/yuptoo:latest
 ✔ Parsed image                                                                                                                          sha256:c742fb5d47d34038920d66a431c9a739030391b2e01234ad34e9f5c9ea2836b5
 ✔ Cataloged packages              [139 packages]  
 ✔ Scanned for vulnerabilities     [94 vulnerabilities]  
   ├── 3 critical, 2 high, 45 medium, 42 low, 0 negligible (2 unknown)
   └── 2 fixed
NAME      INSTALLED  FIXED-IN  TYPE    VULNERABILITY        SEVERITY 
pip       20.2.4     21.1      python  GHSA-5xp3-jfq3-5q8x  Medium    
requests  2.28.2     2.31.0    python  GHSA-j8r2-6x86-q33q  Medium

@ddonahue007
Security Fix - PYSEC-2023-135
c21e8e9 
Tie versions to Z-stream release updates
@ddonahue007 ddonahue007 changed the title Security Fix es for certifi Security Fixes for certifi Aug 29, 2023
@codecov-commenter
Copy link

Codecov Report

Patch has no changes to coverable lines.

📢 Thoughts on this report? Let us know!.

@ddonahue007 ddonahue007 deleted the PYSEC-2023-135 branch September 5, 2023 12:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ddonahue007 @codecov-commenter