Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CVE-2024-21538 vulnerability overrides, ignore in Docker image scans #3159

Closed
2 tasks
mkurapov opened this issue Dec 6, 2024 · 0 comments · Fixed by #3154
Closed
2 tasks

Add CVE-2024-21538 vulnerability overrides, ignore in Docker image scans #3159

mkurapov opened this issue Dec 6, 2024 · 0 comments · Fixed by #3154

Comments

@mkurapov
Copy link
Contributor

mkurapov commented Dec 6, 2024
edited
Loading

Context

See parent issue

Todos

  • Add to overrides in root package.json to make sure we use at least cross-spawn v7.0.5 (fix to vulnerability was fixed in 7.0.5).
  • Ignore vulnerability in Trivy and Grype docker image scans
@mkurapov mkurapov mentioned this issue Dec 6, 2024
Open
@github-project-automation github-project-automation bot moved this to Backlog in Rafiki Dec 6, 2024
@mkurapov mkurapov changed the title Fix cross-spawn v7.0.3 vulnerability Add cross-spawn vulnerability overrides Dec 6, 2024
@mkurapov mkurapov mentioned this issue Dec 6, 2024
Open
@mkurapov mkurapov changed the title Add cross-spawn vulnerability overrides Add CVE-2024-21538 vulnerability overrides, ignore in Docker image scans Dec 6, 2024
@mkurapov mkurapov linked a pull request Dec 6, 2024 that will close this issue
chore: add override for cross-spawn vulnerability #3154
Merged
6 tasks
@mkurapov mkurapov mentioned this issue Dec 6, 2024
Merged
6 tasks
@mkurapov mkurapov moved this from Backlog to Ready for Review in Rafiki Dec 6, 2024
@mkurapov mkurapov moved this from Ready for Review to In Progress in Rafiki Dec 6, 2024
@mkurapov mkurapov moved this from In Progress to Ready for Review in Rafiki Dec 6, 2024
@github-project-automation github-project-automation bot moved this from Ready for Review to Done in Rafiki Dec 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Rafiki
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: add override for cross-spawn vulnerability interledger/rafiki
1 participant
@mkurapov