From 7391c53d577565882fe1d393d67c09665b0e3be0 Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Fri, 5 Apr 2024 11:28:27 -0700 Subject: [PATCH 1/5] Latest vulnerability fixes - ip 1. Package ip had vulnerabilities. Upgrading node-alpine docker image to latest available version. This node image does not contain the ip package at all. Additionally, the latest ip version 2.0.1 might not contain the remediation as yet. --- frontend/Dockerfile | 2 +- frontend/docker/Dockerfile.dev | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 59681e9e..2992bc5a 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -1,4 +1,4 @@ -FROM node:21.5.0-alpine +FROM node:21.7.2-alpine VOLUME /public/plots RUN mkdir -p /public diff --git a/frontend/docker/Dockerfile.dev b/frontend/docker/Dockerfile.dev index 06bd14c7..fce76232 100644 --- a/frontend/docker/Dockerfile.dev +++ b/frontend/docker/Dockerfile.dev @@ -1,4 +1,4 @@ -FROM node:21.5.0-alpine +FROM node:21.7.2-alpine RUN mkdir -p /public WORKDIR /public From 8ff17fe4969540ac90b4c1cc659e87a69f68e844 Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Fri, 5 Apr 2024 12:23:41 -0700 Subject: [PATCH 2/5] Updating pillow version Pillow version upgraded in viz_scripts/docker/environment36.dashboard.additions.yml. --- viz_scripts/docker/environment36.dashboard.additions.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/viz_scripts/docker/environment36.dashboard.additions.yml b/viz_scripts/docker/environment36.dashboard.additions.yml index 59d26ebc..54b740e7 100644 --- a/viz_scripts/docker/environment36.dashboard.additions.yml +++ b/viz_scripts/docker/environment36.dashboard.additions.yml @@ -7,3 +7,4 @@ dependencies: - pip: - nbparameterise==0.6 - devcron==0.4 + - pillow==10.3.0 \ No newline at end of file From fe4e3a0d685c603bdc2a027f4d1eb1d84dad3b64 Mon Sep 17 00:00:00 2001 From: Mukul Chandrakant Mahadik Date: Fri, 5 Apr 2024 12:25:06 -0700 Subject: [PATCH 3/5] Whitespace fix --- viz_scripts/docker/environment36.dashboard.additions.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/viz_scripts/docker/environment36.dashboard.additions.yml b/viz_scripts/docker/environment36.dashboard.additions.yml index 54b740e7..35151e25 100644 --- a/viz_scripts/docker/environment36.dashboard.additions.yml +++ b/viz_scripts/docker/environment36.dashboard.additions.yml @@ -7,4 +7,5 @@ dependencies: - pip: - nbparameterise==0.6 - devcron==0.4 - - pillow==10.3.0 \ No newline at end of file + - pillow==10.3.0 + From 9a9cf4cb4a954adce48407b4da29e30cf35ac7b3 Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Mon, 8 Apr 2024 12:14:54 -0700 Subject: [PATCH 4/5] Updated Docker image tag Bumped up latest server image used build from as base docker image. --- viz_scripts/Dockerfile | 2 +- viz_scripts/docker/Dockerfile.dev | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/viz_scripts/Dockerfile b/viz_scripts/Dockerfile index 9dea3301..4eeddf8a 100644 --- a/viz_scripts/Dockerfile +++ b/viz_scripts/Dockerfile @@ -1,5 +1,5 @@ # python 3 -FROM shankari/e-mission-server:master_2024-02-10--19-38 +FROM shankari/e-mission-server:master_2024-04-08--17-44 VOLUME /plots diff --git a/viz_scripts/docker/Dockerfile.dev b/viz_scripts/docker/Dockerfile.dev index 2fe505b2..435ea392 100644 --- a/viz_scripts/docker/Dockerfile.dev +++ b/viz_scripts/docker/Dockerfile.dev @@ -1,5 +1,5 @@ # python 3 -FROM shankari/e-mission-server:master_2024-02-10--19-38 +FROM shankari/e-mission-server:master_2024-04-08--17-44 VOLUME /plots From 7ad517387dd09040ed882e9f0dcc4a1dd514be3f Mon Sep 17 00:00:00 2001 From: "Mahadik, Mukul Chandrakant" Date: Mon, 8 Apr 2024 17:13:06 -0700 Subject: [PATCH 5/5] Reverted addition of pillow package Initially, AWS mentioned it as a SUPPRESSED status vulnerability with HIGH severity. Hence I added it. However, we don't really use pillow in public-dash viz_scripts and now can observe that the pillow vulnerability status has been changed to CLOSED. --- viz_scripts/docker/environment36.dashboard.additions.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/viz_scripts/docker/environment36.dashboard.additions.yml b/viz_scripts/docker/environment36.dashboard.additions.yml index 35151e25..59d26ebc 100644 --- a/viz_scripts/docker/environment36.dashboard.additions.yml +++ b/viz_scripts/docker/environment36.dashboard.additions.yml @@ -7,5 +7,3 @@ dependencies: - pip: - nbparameterise==0.6 - devcron==0.4 - - pillow==10.3.0 -