From 7b1ddc356316b7a40c22fcbfa9d2fa73d859ee04 Mon Sep 17 00:00:00 2001 From: kamyarz-aws <120507168+kamyarz-aws@users.noreply.github.com> Date: Mon, 19 Aug 2024 16:21:54 -0400 Subject: [PATCH] Update to version v3.2.11 (#207) --- CHANGELOG.md | 10 ++++++++++ VERSION.txt | 2 +- .../Dockerfile | 10 +++++----- source/api-services/package-lock.json | 14 +++++++------- source/api-services/package.json | 2 +- source/console/package-lock.json | 6 +++--- source/console/package.json | 2 +- source/custom-resource/package-lock.json | 14 +++++++------- source/custom-resource/package.json | 2 +- source/infrastructure/package-lock.json | 4 ++-- source/infrastructure/package.json | 2 +- source/package-lock.json | 4 ++-- source/package.json | 2 +- source/real-time-data-publisher/package-lock.json | 6 +++--- source/real-time-data-publisher/package.json | 2 +- source/results-parser/package-lock.json | 14 +++++++------- source/results-parser/package.json | 2 +- source/solution-utils/package-lock.json | 12 ++++++------ source/solution-utils/package.json | 2 +- source/task-canceler/package-lock.json | 6 +++--- source/task-canceler/package.json | 2 +- source/task-runner/package-lock.json | 6 +++--- source/task-runner/package.json | 2 +- source/task-status-checker/package-lock.json | 6 +++--- source/task-status-checker/package.json | 2 +- 25 files changed, 73 insertions(+), 63 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 68ae761..22fb4c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [3.2.11] - 2024-08-19 + +### Updated + +- Updated taurus from 1.16.31 to 1.16.34 +- Updated axios to 1.7.4 to mitigate [CVE-2024-39338](https://nvd.nist.gov/vuln/detail/CVE-2024-39338) +- Updated urllib3 to 2.2.2 to mitgate [CVE-2024-37891](https://nvd.nist.gov/vuln/detail/CVE-2024-37891) +- Updated Werkzeug to 3.0.3 to mitigate [CVE-2024-34069](https://nvd.nist.gov/vuln/detail/CVE-2024-34069) +- Updated cryptography to 42.0.6 to mitigate [CVE-2024-2511](https://nvd.nist.gov/vuln/detail/CVE-2024-2511) + ## [3.2.10] - 2024-08-02 ### Updated diff --git a/VERSION.txt b/VERSION.txt index d6bb32f..5860a72 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -3.2.10 \ No newline at end of file +3.2.11 \ No newline at end of file diff --git a/deployment/ecr/distributed-load-testing-on-aws-load-tester/Dockerfile b/deployment/ecr/distributed-load-testing-on-aws-load-tester/Dockerfile index 6406060..86e4824 100644 --- a/deployment/ecr/distributed-load-testing-on-aws-load-tester/Dockerfile +++ b/deployment/ecr/distributed-load-testing-on-aws-load-tester/Dockerfile @@ -1,4 +1,4 @@ -FROM blazemeter/taurus:1.16.31 +FROM blazemeter/taurus:1.16.34 # taurus includes python and pip RUN /usr/bin/python3 -m pip install --upgrade pip RUN pip install --no-cache-dir awscli @@ -23,21 +23,21 @@ RUN python3 /bzt-configs/jar_updater.py # Remove K6 as it is not supported in DLT by default RUN apt remove -y k6 -RUN /bin/bash -c "source /etc/profile.d/rbenv.sh && yes | rbenv uninstall $(cat /usr/local/rbenv/version)" +RUN /bin/bash -c "source /etc/profile.d/rbenv.sh && rbenv uninstall --force $(cat /usr/local/rbenv/version)" RUN rm -rf /usr/local/rbenv # Replacing urllib3 with more stable Versions to resolve vulnerabilities -RUN pip install urllib3==2.0.7 +RUN pip install urllib3==2.2.2 RUN rm -rf /root/.bzt/python-packages/3.10.12/urllib3* RUN cp -r /usr/local/lib/python3.10/dist-packages/urllib3* /root/.bzt/python-packages/3.10.12/ # Replacing Werkzeug with more stable version to resolve vulnerabilities -RUN pip install Werkzeug==3.0.1 +RUN pip install Werkzeug==3.0.3 RUN rm -rf /root/.bzt/python-packages/3.10.12/werkzeug* RUN cp -r /usr/local/lib/python3.10/dist-packages/werkzeug* /root/.bzt/python-packages/3.10.12/ # Replacing cryptography with more stable version to resolve vulnerabilities -RUN pip install cryptography==42.0.5 +RUN pip install cryptography==42.0.6 RUN rm -rf /root/.bzt/python-packages/3.10.12/cryptography* RUN cp -r /usr/local/lib/python3.10/dist-packages/cryptography* /root/.bzt/python-packages/3.10.12/ diff --git a/source/api-services/package-lock.json b/source/api-services/package-lock.json index 9484758..01fcdcf 100644 --- a/source/api-services/package-lock.json +++ b/source/api-services/package-lock.json @@ -1,12 +1,12 @@ { "name": "api-services", - "version": "3.2.10", + "version": "3.2.11", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "api-services", - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "aws-sdk": "^2.1001.0", @@ -22,7 +22,7 @@ } }, "../solution-utils": { - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "axios": "^1.6.0", @@ -1248,11 +1248,11 @@ } }, "node_modules/axios": { - "version": "1.6.7", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.7.tgz", - "integrity": "sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA==", + "version": "1.7.4", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz", + "integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==", "dependencies": { - "follow-redirects": "^1.15.4", + "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } diff --git a/source/api-services/package.json b/source/api-services/package.json index a1d0e3b..5f18e7a 100644 --- a/source/api-services/package.json +++ b/source/api-services/package.json @@ -1,6 +1,6 @@ { "name": "api-services", - "version": "3.2.10", + "version": "3.2.11", "description": "REST API micro services", "repository": { "type": "git", diff --git a/source/console/package-lock.json b/source/console/package-lock.json index 82feb91..2a2f21e 100644 --- a/source/console/package-lock.json +++ b/source/console/package-lock.json @@ -1,12 +1,12 @@ { "name": "distributed-load-testing-on-aws-ui", - "version": "3.2.10", + "version": "3.2.11", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "distributed-load-testing-on-aws-ui", - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "@aws-amplify/pubsub": "^6.0.16", @@ -35,7 +35,7 @@ } }, "../solution-utils": { - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "axios": "^1.6.0", diff --git a/source/console/package.json b/source/console/package.json index 6371087..ed33e3f 100644 --- a/source/console/package.json +++ b/source/console/package.json @@ -1,6 +1,6 @@ { "name": "distributed-load-testing-on-aws-ui", - "version": "3.2.10", + "version": "3.2.11", "private": true, "license": "Apache-2.0", "author": { diff --git a/source/custom-resource/package-lock.json b/source/custom-resource/package-lock.json index 567d2be..e5f8e79 100644 --- a/source/custom-resource/package-lock.json +++ b/source/custom-resource/package-lock.json @@ -1,12 +1,12 @@ { "name": "custom-resource", - "version": "3.2.10", + "version": "3.2.11", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "custom-resource", - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "aws-sdk": "^2.1001.0", @@ -24,7 +24,7 @@ } }, "../solution-utils": { - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "axios": "^1.6.0", @@ -1276,11 +1276,11 @@ } }, "node_modules/axios": { - "version": "1.6.7", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.7.tgz", - "integrity": "sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA==", + "version": "1.7.4", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz", + "integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==", "dependencies": { - "follow-redirects": "^1.15.4", + "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } diff --git a/source/custom-resource/package.json b/source/custom-resource/package.json index 816c371..0847f9c 100644 --- a/source/custom-resource/package.json +++ b/source/custom-resource/package.json @@ -1,6 +1,6 @@ { "name": "custom-resource", - "version": "3.2.10", + "version": "3.2.11", "description": "cfn custom resources for distributed load testing on AWS workflow", "repository": { "type": "git", diff --git a/source/infrastructure/package-lock.json b/source/infrastructure/package-lock.json index 404f12f..2e85a6d 100644 --- a/source/infrastructure/package-lock.json +++ b/source/infrastructure/package-lock.json @@ -1,12 +1,12 @@ { "name": "distributed-load-testing-on-aws-infrastructure", - "version": "3.2.10", + "version": "3.2.11", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "distributed-load-testing-on-aws-infrastructure", - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "source-map-support": "^0.5.16" diff --git a/source/infrastructure/package.json b/source/infrastructure/package.json index 1c4c712..4c8c9b7 100644 --- a/source/infrastructure/package.json +++ b/source/infrastructure/package.json @@ -1,6 +1,6 @@ { "name": "distributed-load-testing-on-aws-infrastructure", - "version": "3.2.10", + "version": "3.2.11", "author": { "name": "Amazon Web Services", "url": "https://aws.amazon.com/solutions" diff --git a/source/package-lock.json b/source/package-lock.json index 7083acc..4a7f756 100644 --- a/source/package-lock.json +++ b/source/package-lock.json @@ -1,12 +1,12 @@ { "name": "source", - "version": "3.2.10", + "version": "3.2.11", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "source", - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "devDependencies": { "@types/node": "^18.8.0", diff --git a/source/package.json b/source/package.json index f260ff5..fdffe78 100644 --- a/source/package.json +++ b/source/package.json @@ -1,6 +1,6 @@ { "name": "source", - "version": "3.2.10", + "version": "3.2.11", "private": true, "description": "ESLint and prettier dependencies to be used within the solution", "license": "Apache-2.0", diff --git a/source/real-time-data-publisher/package-lock.json b/source/real-time-data-publisher/package-lock.json index 2838394..53ad41c 100644 --- a/source/real-time-data-publisher/package-lock.json +++ b/source/real-time-data-publisher/package-lock.json @@ -1,12 +1,12 @@ { "name": "real-time-data-publisher", - "version": "3.2.10", + "version": "3.2.11", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "real-time-data-publisher", - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "aws-sdk": "^2.1001.0", @@ -20,7 +20,7 @@ } }, "../solution-utils": { - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "axios": "^1.6.0", diff --git a/source/real-time-data-publisher/package.json b/source/real-time-data-publisher/package.json index 302e8dc..1630b82 100644 --- a/source/real-time-data-publisher/package.json +++ b/source/real-time-data-publisher/package.json @@ -1,6 +1,6 @@ { "name": "real-time-data-publisher", - "version": "3.2.10", + "version": "3.2.11", "description": "Publishes real time test data to an IoT endpoint", "repository": { "type": "git", diff --git a/source/results-parser/package-lock.json b/source/results-parser/package-lock.json index a03003f..6c785a7 100644 --- a/source/results-parser/package-lock.json +++ b/source/results-parser/package-lock.json @@ -1,12 +1,12 @@ { "name": "results-parser", - "version": "3.2.10", + "version": "3.2.11", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "results-parser", - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "aws-sdk": "^2.1001.0", @@ -23,7 +23,7 @@ } }, "../solution-utils": { - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "axios": "^1.6.0", @@ -1249,11 +1249,11 @@ } }, "node_modules/axios": { - "version": "1.6.7", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.7.tgz", - "integrity": "sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA==", + "version": "1.7.4", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz", + "integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==", "dependencies": { - "follow-redirects": "^1.15.4", + "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } diff --git a/source/results-parser/package.json b/source/results-parser/package.json index 2a3635b..2047151 100644 --- a/source/results-parser/package.json +++ b/source/results-parser/package.json @@ -1,6 +1,6 @@ { "name": "results-parser", - "version": "3.2.10", + "version": "3.2.11", "description": "result parser for indexing xml test results to DynamoDB", "repository": { "type": "git", diff --git a/source/solution-utils/package-lock.json b/source/solution-utils/package-lock.json index 3297433..b5ac9ab 100644 --- a/source/solution-utils/package-lock.json +++ b/source/solution-utils/package-lock.json @@ -1,12 +1,12 @@ { "name": "solution-utils", - "version": "3.2.10", + "version": "3.2.11", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "solution-utils", - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "axios": "^1.6.0", @@ -1201,11 +1201,11 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "node_modules/axios": { - "version": "1.6.7", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.7.tgz", - "integrity": "sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA==", + "version": "1.7.4", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz", + "integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==", "dependencies": { - "follow-redirects": "^1.15.4", + "follow-redirects": "^1.15.6", "form-data": "^4.0.0", "proxy-from-env": "^1.1.0" } diff --git a/source/solution-utils/package.json b/source/solution-utils/package.json index db9d9ec..cf28ff7 100644 --- a/source/solution-utils/package.json +++ b/source/solution-utils/package.json @@ -1,6 +1,6 @@ { "name": "solution-utils", - "version": "3.2.10", + "version": "3.2.11", "description": "Utilities package for Distributed Load Testing on AWS", "license": "Apache-2.0", "author": { diff --git a/source/task-canceler/package-lock.json b/source/task-canceler/package-lock.json index e2fbd6e..53803b2 100644 --- a/source/task-canceler/package-lock.json +++ b/source/task-canceler/package-lock.json @@ -1,12 +1,12 @@ { "name": "task-canceler", - "version": "3.2.10", + "version": "3.2.11", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "task-canceler", - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "aws-sdk": "^2.1001.0", @@ -20,7 +20,7 @@ } }, "../solution-utils": { - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "axios": "^1.6.0", diff --git a/source/task-canceler/package.json b/source/task-canceler/package.json index 193f79c..f72087e 100644 --- a/source/task-canceler/package.json +++ b/source/task-canceler/package.json @@ -1,6 +1,6 @@ { "name": "task-canceler", - "version": "3.2.10", + "version": "3.2.11", "description": "Triggered by api-services lambda function, cancels ecs tasks", "repository": { "type": "git", diff --git a/source/task-runner/package-lock.json b/source/task-runner/package-lock.json index 2bc4a09..dca179a 100644 --- a/source/task-runner/package-lock.json +++ b/source/task-runner/package-lock.json @@ -1,12 +1,12 @@ { "name": "task-runner", - "version": "3.2.10", + "version": "3.2.11", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "task-runner", - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "aws-sdk": "^2.1001.0", @@ -21,7 +21,7 @@ } }, "../solution-utils": { - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "axios": "^1.6.0", diff --git a/source/task-runner/package.json b/source/task-runner/package.json index 9119040..105bec5 100644 --- a/source/task-runner/package.json +++ b/source/task-runner/package.json @@ -1,6 +1,6 @@ { "name": "task-runner", - "version": "3.2.10", + "version": "3.2.11", "description": "Triggered by Step Functions, runs ecs task Definitions", "repository": { "type": "git", diff --git a/source/task-status-checker/package-lock.json b/source/task-status-checker/package-lock.json index 8ed69f1..47946e5 100644 --- a/source/task-status-checker/package-lock.json +++ b/source/task-status-checker/package-lock.json @@ -1,12 +1,12 @@ { "name": "task-status-checker", - "version": "3.2.10", + "version": "3.2.11", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "task-status-checker", - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "aws-sdk": "^2.1001.0", @@ -20,7 +20,7 @@ } }, "../solution-utils": { - "version": "3.2.10", + "version": "3.2.11", "license": "Apache-2.0", "dependencies": { "axios": "^1.6.0", diff --git a/source/task-status-checker/package.json b/source/task-status-checker/package.json index 73a3c44..6d7f9e1 100644 --- a/source/task-status-checker/package.json +++ b/source/task-status-checker/package.json @@ -1,6 +1,6 @@ { "name": "task-status-checker", - "version": "3.2.10", + "version": "3.2.11", "description": "checks if tasks are running or not", "repository": { "type": "git",