Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update cypress/factory to Debian 12.6 #1138

Merged
merged 5 commits into from
Jul 8, 2024
Merged

fix: update cypress/factory to Debian 12.6 #1138

merged 5 commits into from
Jul 8, 2024

Conversation

MikeMcC399
Copy link
Collaborator

Issue

  • Debian 12.6 was released on June 29th, 2024 and contains vulnerability fixes which are not included in cypress/factory:4.0.2 (current latest).

Change

Update to debian:12.6-slim in cypress/factory, specifying exact version of Debian for documentation clarity of version in use.

Verification

On Ubuntu 22.04.4 LTS, Node.js v20.15.0 LTS

Execute:

cd factory
docker compose build factory
docker compose build

and confirm that all images are built without errors or warnings.

Continue with

cd test-project
set -a && . ../.env && set +a
docker compose run test-factory-all-included

and confirm that the image builds without errors or warnings and runs successfully.

@cypress-app-bot
Copy link

@MikeMcC399 MikeMcC399 self-assigned this Jul 3, 2024
@MikeMcC399
Copy link
Collaborator Author

All fixed issues from Debian are now included

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

$ trivy image --ignore-unfixed  cypress/factory:4.0.3
2024-07-03T11:25:05+02:00       INFO    Vulnerability scanning is enabled
2024-07-03T11:25:05+02:00       INFO    Secret scanning is enabled
2024-07-03T11:25:05+02:00       INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-03T11:25:05+02:00       INFO    Please see also https://aquasecurity.github.io/trivy/v0.53/docs/scanner/secret#recommendation for faster secret detection
2024-07-03T11:25:05+02:00       INFO    Detected OS     family="debian" version="12.6"
2024-07-03T11:25:05+02:00       INFO    [debian] Detecting vulnerabilities...   os_version="12" pkg_num=282
2024-07-03T11:25:05+02:00       INFO    Number of language-specific files       num=0
2024-07-03T11:25:05+02:00       WARN    Using severities from other vendors for some vulnerabilities. Read https://aquasecurity.github.io/trivy/v0.53/docs/scanner/vulnerability#severity-selection for details.

cypress/factory:4.0.3 (debian 12.6)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

@MikeMcC399 MikeMcC399 marked this pull request as ready for review July 3, 2024 09:33
@MikeMcC399 MikeMcC399 marked this pull request as draft July 3, 2024 11:03
@MikeMcC399

This comment was marked as outdated.

Sign in to view
@MikeMcC399 MikeMcC399 marked this pull request as ready for review July 3, 2024 11:54
@MikeMcC399
Copy link
Collaborator Author

Ready for review and merge

@MikeMcC399
Copy link
Collaborator Author

@jennifer-shehane

  • There was a lot of flakiness merging into master, however that last PR (build: disable default provenance attestation #1152) succeeded, which means that all the preceding PRs work as well.

  • This PR, to update to Debian 12.6, can now be merged as well. It should only cause a new cypress/factory release.

image

@jennifer-shehane jennifer-shehane merged commit e9615f9 into cypress-io:master Jul 8, 2024
31 checks passed
@MikeMcC399 MikeMcC399 deleted the debian-12-6 branch July 9, 2024 05:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AtofStryker AtofStryker AtofStryker approved these changes

@jennifer-shehane jennifer-shehane jennifer-shehane approved these changes

Assignees

@MikeMcC399 MikeMcC399

Labels
type: enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Request to update cypress/factory to Debian 12.6
4 participants
@MikeMcC399 @cypress-app-bot @jennifer-shehane @AtofStryker