Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: weaviate patched image with fixed CVE #2412

Closed
wants to merge 10 commits into from

Conversation

SandhyaRavi2403
Copy link
Contributor

What problem does this PR solve?:
patch weaviate image with fixed CVE's

`sandhya.ravi@GT9X7CVF5F kommander-applications % trivy image ghcr.io/mesosphere/dkp-container-images/cr.weaviate.io/semitechnologies/weaviate:1.21.4-d2iq.0
--vuln-type os --ignore-unfixed | grep Total
2024-07-16T00:23:52+05:30 INFO Need to update DB
2024-07-16T00:23:52+05:30 INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
49.73 MiB / 49.73 MiB [---------------------------------------------------------------------------------------] 100.00% 3.46 MiB p/s 15s
2024-07-16T00:24:08+05:30 INFO Vulnerability scanning is enabled
2024-07-16T00:24:08+05:30 INFO Secret scanning is enabled
2024-07-16T00:24:08+05:30 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-16T00:24:08+05:30 INFO Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-16T00:24:11+05:30 INFO Detected OS family="alpine" version="3.18.3"
2024-07-16T00:24:11+05:30 INFO [alpine] Detecting vulnerabilities... os_version="3.18" repository="3.18" pkg_num=17
2024-07-16T00:24:11+05:30 INFO Number of language-specific files num=1
2024-07-16T00:24:11+05:30 INFO [gobinary] Detecting vulnerabilities...
2024-07-16T00:24:11+05:30 WARN Using severities from other vendors for some vulnerabilities. Read https://aquasecurity.github.io/trivy/v0.53/docs/scanner/vulnerability#severity-selection for details.

ghcr.io/mesosphere/dkp-container-images/cr.weaviate.io/semitechnologies/weaviate:1.21.4-d2iq.0 (alpine 3.18.3)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)`

workflow link:
https://github.com/mesosphere/dkp-container-images/actions/runs/9844219091

Which issue(s) does this PR fix?:

https://jira.nutanix.com/browse/NCN-101394

Special notes for your reviewer:

Does this PR introduce a user-facing change?:


Checklist

  • If the PR adds a version bump, ensure there is no breaking change in Licensing model (or NA).
  • If a chart is changed or app configuration is significantly changed, the chart version is correctly incremented (so that apps are not automatically upgraded from a previous version of DKP).

@SandhyaRavi2403 SandhyaRavi2403 self-assigned this Jul 15, 2024
@github-actions github-actions bot added services/ai-navigator-app size/S Denotes a PR that changes 10-29 lines, ignoring generated files. ok-to-test Signals mergebot that CI checks are ready to be kicked off update-licenses signals mergebot to update licenses.d2iq.yaml and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jul 15, 2024
@coveralls
Copy link

coveralls commented Jul 15, 2024

Pull Request Test Coverage Report for Build 10089083247

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 51.515%

Totals Coverage Status
Change from base Build 10085416370: 0.0%
Covered Lines: 136
Relevant Lines: 264

💛 - Coveralls

@github-actions github-actions bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jul 15, 2024
@github-actions github-actions bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jul 15, 2024
@github-actions github-actions bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 15, 2024
@SandhyaRavi2403 SandhyaRavi2403 deleted the sandhya/cve-fix-weaviate branch July 25, 2024 07:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ok-to-test Signals mergebot that CI checks are ready to be kicked off services/ai-navigator-app size/S Denotes a PR that changes 10-29 lines, ignoring generated files. update-licenses signals mergebot to update licenses.d2iq.yaml
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants