Skip to content

gevent version upgrade for vulnerability issue#6795

Merged
nischalstha9 merged 2 commits intodevelopfrom
fix/gevent-vulnerability
Apr 1, 2025
Merged

gevent version upgrade for vulnerability issue#6795
nischalstha9 merged 2 commits intodevelopfrom
fix/gevent-vulnerability

Conversation

@prabinoid
Copy link
Copy Markdown
Collaborator

@prabinoid prabinoid commented Apr 1, 2025

What type of PR is this? (check all applicable)

  • 🍕 Feature
  • 🐛 Bug Fix
  • 📝 Documentation
  • 🧑‍💻 Refactor
  • ✅ Test
  • 🤖 Build or CI
  • ❓ Other (please specify)

Describe this PR

gevent version upgraded from 22.10.2 to 23.9.0 to fix the vulnerability issue arising while container scan.

Screenshots

Screenshot 2025-04-01 at 11 54 50

@prabinoid prabinoid requested a review from nischalstha9 April 1, 2025 06:14
nischalstha9
nischalstha9 reviewed Apr 1, 2025
View reviewed changes
Comment thread Dockerfile Outdated
postgresql-client libgeos3.11.1 proj-bin curl && \
apt-get clean && rm -rf /var/lib/apt/lists/*
COPY --from=build \
COPY --from=build --chown=appuser:appuser \
Copy link
Copy Markdown
Contributor

@nischalstha9 nischalstha9 Apr 1, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have SonarQube quality fail for this copy stage. can you add following to restrict write to user only.

COPY  --from=build --chown=appuser:appuser --chmod=755 <src> <dest>

REF: https://sonarcloud.io/organizations/hotosm/rules?open=docker%3AS6504&rule_key=docker%3AS6504&tab=how_to_fix

@prabinoid prabinoid force-pushed the fix/gevent-vulnerability branch from 7d00100 to a956b4a Compare April 1, 2025 08:39
@prabinoid prabinoid deployed to 6795/merge April 1, 2025 08:39 — with GitHub Actions Active
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 1, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@nischalstha9 nischalstha9 merged commit 6adde97 into develop Apr 1, 2025
12 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nischalstha9 nischalstha9 nischalstha9 approved these changes

Assignees

No one assigned

Labels

scope: infrastructure

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@prabinoid @nischalstha9