Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: dependabot security updates #5608

Merged
merged 11 commits into from
Aug 9, 2024
Merged

fix: dependabot security updates #5608

merged 11 commits into from
Aug 9, 2024

Conversation

Ash-exp
Copy link
Contributor

@Ash-exp Ash-exp commented Aug 2, 2024
edited
Loading

Description

Bumps github.com/argoproj/argo-cd/v2 v2.8.17 => v2.8.19
Bumps github.com/gorilla/schema v1.1.0 => v1.4.1
Bumps k8s.io/kubernetes v1.26.11 => v1.27.13
Bumps github.com/hashicorp/go-retryablehttp v0.7.4 => v0.7.7 // indirect
Removed gopkg.in/square/go-jose.v2

Fixes #5649
Fixes #5601

Checklist:

  • The title of the PR states what changed and the related issues number (used for the release note).
  • Does this PR requires documentation updates?
  • I've updated documentation as required by this PR.
  • I have performed a self-review of my own code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have tested it for all user roles.
  • I have added all the required unit/api test cases.

Does this PR introduce a user-facing change?

@Ash-exp
fix: Vulnerability Potential memory exhaustion attack due to sparse s…
de0d20e 
…lice deserialization (#5572)

* fix: Vulnerability Potential memory exhaustion attack due to sparse slice deserialization

* added vendor files
@Ash-exp
fix: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algor…
209dac5 
…ithms in Redis Cache (#5570)
@Ash-exp
fix: bumb authenticator version v0.4.35-0.20240607135426-c86e868ecee1…
dc7483d 
… to v0.4.35-0.20240731093814-ae0cb999d5d0 and go-gitlab version v0.86.0 to v0.107.0
@Ash-exp
fix: bumped k8s.io/kubernetes version v1.26.11 to v1.27.13
bb8b609
@Ash-exp
dumped gopkg.in/square/go-jose.v2 dependency
31309fe
@Ash-exp Ash-exp self-assigned this Aug 2, 2024
@gitguardian GitGuardian
Copy link

gitguardian bot commented Aug 7, 2024
edited
Loading

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
9498692 Triggered Generic Password ef387b3 pkg/gitops/GitOpsConfigService.go View secret
9498692 Triggered Generic Password ef387b3 pkg/gitops/GitOpsConfigService.go View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Aug 9, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@Ash-exp Ash-exp merged commit 8391e55 into main Aug 9, 2024
14 checks passed
@Ash-exp Ash-exp deleted the chore-dependabot-fixes branch August 9, 2024 09:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nishant-d nishant-d nishant-d approved these changes

@vikramdevtron vikramdevtron Awaiting requested review from vikramdevtron vikramdevtron is a code owner

@kripanshdevtron kripanshdevtron Awaiting requested review from kripanshdevtron

@prakarsh-dt prakarsh-dt Awaiting requested review from prakarsh-dt prakarsh-dt is a code owner

Assignees

@Ash-exp Ash-exp

Labels
PR:Ready-to-Review
Projects
None yet
Milestone
No milestone
2 participants
@Ash-exp @nishant-d