Fix expat CVE (#6)

itisallgood · web-flow · commit be99429d554f · 2024-09-27T19:17:02.000+03:00
* Migrated github actions to v4

* Added fixes for expat and other cves by installing libexpat1 and updating packages
diff --git a/Dockerfile b/Dockerfile
@@ -23,12 +23,14 @@ FROM python:3.12-slim
 
 WORKDIR /app
 
+# We're installing here libexpat1, to upgrade the package to include a fix to 3 high CVEs. CVE-2024-45491,CVE-2024-45490,CVE-2024-45492
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
        curl \
        gnupg \
        lsb-release \
        unzip \
+    && apt-get install -y --no-install-recommends libexpat1 \
     && rm -rf /var/lib/apt/lists/*
 
 # Install Google cli so kubectl works w/ gke clusters
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -13,13 +13,13 @@ python = "^3.8, <3.13"
 typer = "^0.12.3"
 pyyaml = "^6.0.1"
 click-spinner = "^0.1.10"
-cryptography = "^42.0.7"
+cryptography = "43.0.1"
 dpath = "^2.0.5"
 pydantic = "^1.0"
 slack-sdk = "^3"
 pyjwt = "^2.4.0"
 requests = "^2.32.2"
-certifi = "^2024.2.2"
+certifi = "2024.7.4"
 types-toml = "^0.10.2"
 toml = "^0.10.2"
 hikaru-model-28 = "^1.1.0"
