InfraOwner
3684aa1c6a
[Snyk] Security upgrade ubuntu from mantic-20231011 to 23.10 ( #4788 )
...
<p>This PR was automatically created by Snyk using the credentials of a real user.</p><br />Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
#### Changes included in this PR
- website/Dockerfile
We recommend upgrading to `ubuntu:23.10`, as this image has only 8 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Some of the most important vulnerabilities in your base image include:
| Severity | Priority Score / 1000 | Issue | Exploit Maturity |
| :------: | :-------------------- | :---- | :--------------- |
|  | **586** | CVE-2023-5981 <br/>[SNYK-UBUNTU2310-GNUTLS28-6069047](https://snyk.io/vuln/SNYK-UBUNTU2310-GNUTLS28-6069047 ) | No Known Exploit |
|  | **586** | CVE-2023-47038 <br/>[SNYK-UBUNTU2310-PERL-6085371](https://snyk.io/vuln/SNYK-UBUNTU2310-PERL-6085371 ) | No Known Exploit |
|  | **364** | Out-of-bounds Write <br/>[SNYK-UBUNTU2310-PROCPS-5972730](https://snyk.io/vuln/SNYK-UBUNTU2310-PROCPS-5972730 ) | No Known Exploit |
|  | **364** | Out-of-bounds Write <br/>[SNYK-UBUNTU2310-PROCPS-5972730](https://snyk.io/vuln/SNYK-UBUNTU2310-PROCPS-5972730 ) | No Known Exploit |
|  | **371** | CVE-2023-39804 <br/>[SNYK-UBUNTU2310-TAR-6096092](https://snyk.io/vuln/SNYK-UBUNTU2310-TAR-6096092 ) | No Known Exploit |
---
**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._
For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI5NjQ5YzkwMi05YWUxLTQyNTYtYTU3OS0xMmJmNWVlNGE3MzAiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6Ijk2NDljOTAyLTlhZTEtNDI1Ni1hNTc5LTEyYmY1ZWU0YTczMCJ9fQ== " width="0" height="0"/>
🧐 [View latest project report](https://app.snyk.io/org/alcion/project/be35e6c9-5393-4702-af3c-f4aebb53488e?utm_source=github-enterprise&utm_medium=referral&page=fix-pr )
🛠 [Adjust project settings](https://app.snyk.io/org/alcion/project/be35e6c9-5393-4702-af3c-f4aebb53488e?utm_source=github-enterprise&utm_medium=referral&page=fix-pr/settings )
[//]: # 'snyk:metadata:{"prId":"9649c902-9ae1-4256-a579-12bf5ee4a730","prPublicId":"9649c902-9ae1-4256-a579-12bf5ee4a730","dependencies":[{"name":"ubuntu","from":"mantic-20231011","to":"23.10"}],"packageManager":"dockerfile","projectPublicId":"be35e6c9-5393-4702-af3c-f4aebb53488e","projectUrl":"https://app.snyk.io/org/alcion/project/be35e6c9-5393-4702-af3c-f4aebb53488e?utm_source=github-enterprise&utm_medium=referral&page=fix-pr ","type":"auto","patch":[],"vulns":["SNYK-UBUNTU2310-GNUTLS28-6069047","SNYK-UBUNTU2310-PERL-6085371","SNYK-UBUNTU2310-TAR-6096092","SNYK-UBUNTU2310-PROCPS-5972730"],"upgrade":["SNYK-UBUNTU2310-GNUTLS28-6069047","SNYK-UBUNTU2310-PERL-6085371","SNYK-UBUNTU2310-PROCPS-5972730","SNYK-UBUNTU2310-PROCPS-5972730","SNYK-UBUNTU2310-TAR-6096092"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[586,586,371,364],"remediationStrategy":"vuln"}'
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr )
2023-12-05 04:19:06 +00:00
InfraOwner
13a98f8fa9
[Snyk] Security upgrade ubuntu from 23.04 to mantic-20231011 ( #4601 )
...
<p>This PR was automatically created by Snyk using the credentials of a real user.</p><br />Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
#### Changes included in this PR
- website/Dockerfile
We recommend upgrading to `ubuntu:mantic-20231011`, as this image has only 8 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Some of the most important vulnerabilities in your base image include:
| Severity | Priority Score / 1000 | Issue | Exploit Maturity |
| :------: | :-------------------- | :---- | :--------------- |
|  | **150** | Improper Input Validation <br/>[SNYK-UBUNTU2304-COREUTILS-5484945](https://snyk.io/vuln/SNYK-UBUNTU2304-COREUTILS-5484945 ) | No Known Exploit |
|  | **150** | Allocation of Resources Without Limits or Throttling <br/>[SNYK-UBUNTU2304-GLIBC-5484975](https://snyk.io/vuln/SNYK-UBUNTU2304-GLIBC-5484975 ) | No Known Exploit |
|  | **300** | Memory Leak <br/>[SNYK-UBUNTU2304-GLIBC-5919743](https://snyk.io/vuln/SNYK-UBUNTU2304-GLIBC-5919743 ) | No Known Exploit |
|  | **300** | Memory Leak <br/>[SNYK-UBUNTU2304-GLIBC-5919743](https://snyk.io/vuln/SNYK-UBUNTU2304-GLIBC-5919743 ) | No Known Exploit |
|  | **300** | CVE-2020-22916 <br/>[SNYK-UBUNTU2304-XZUTILS-5854648](https://snyk.io/vuln/SNYK-UBUNTU2304-XZUTILS-5854648 ) | No Known Exploit |
---
**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._
For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlMGFiYWIxYS0xMTNhLTQ0YjgtYjE3Yy0yZmI2ZTllOWRlNDAiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImUwYWJhYjFhLTExM2EtNDRiOC1iMTdjLTJmYjZlOWU5ZGU0MCJ9fQ== " width="0" height="0"/>
🧐 [View latest project report](https://app.snyk.io/org/alcion/project/be35e6c9-5393-4702-af3c-f4aebb53488e?utm_source=github-enterprise&utm_medium=referral&page=fix-pr )
🛠 [Adjust project settings](https://app.snyk.io/org/alcion/project/be35e6c9-5393-4702-af3c-f4aebb53488e?utm_source=github-enterprise&utm_medium=referral&page=fix-pr/settings )
[//]: # 'snyk:metadata:{"prId":"e0abab1a-113a-44b8-b17c-2fb6e9e9de40","prPublicId":"e0abab1a-113a-44b8-b17c-2fb6e9e9de40","dependencies":[{"name":"ubuntu","from":"23.04","to":"mantic-20231011"}],"packageManager":"dockerfile","projectPublicId":"be35e6c9-5393-4702-af3c-f4aebb53488e","projectUrl":"https://app.snyk.io/org/alcion/project/be35e6c9-5393-4702-af3c-f4aebb53488e?utm_source=github-enterprise&utm_medium=referral&page=fix-pr ","type":"auto","patch":[],"vulns":["SNYK-UBUNTU2304-GLIBC-5919743","SNYK-UBUNTU2304-XZUTILS-5854648","SNYK-UBUNTU2304-COREUTILS-5484945","SNYK-UBUNTU2304-GLIBC-5484975"],"upgrade":["SNYK-UBUNTU2304-COREUTILS-5484945","SNYK-UBUNTU2304-GLIBC-5484975","SNYK-UBUNTU2304-GLIBC-5919743","SNYK-UBUNTU2304-GLIBC-5919743","SNYK-UBUNTU2304-XZUTILS-5854648"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[300,300,150,150],"remediationStrategy":"vuln"}'
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Memory Leak](https://learn.snyk.io/lesson/memory-leaks/?loc=fix-pr )
🦉 [Improper Input Validation](https://learn.snyk.io/lesson/improper-input-validation/?loc=fix-pr )
🦉 [Allocation of Resources Without Limits or Throttling](https://learn.snyk.io/lesson/no-rate-limiting/?loc=fix-pr )
2023-11-30 06:27:54 +00:00
Abhishek Pandey
b00ac292c7
Add a minor fix for make buildimage ( #4295 )
...
<!-- PR description-->
`make buildimage` currently fails with `/bin/sh: 1: unzip: not found`. Adding a command to install unzip.
---
#### Does this PR need a docs update or release note?
- [ ] ✅ Yes, it's included
- [ ] 🕐 Yes, but in a later PR
- [x] ⛔ No
#### Type of change
<!--- Please check the type of change your PR introduces: --->
- [ ] 🌻 Feature
- [ ] 🐛 Bugfix
- [x] 🗺️ Documentation
- [ ] 🤖 Supportability/Tests
- [ ] 💻 CI/Deployment
- [ ] 🧹 Tech Debt/Cleanup
#### Issue(s)
<!-- Can reference multiple issues. Use one of the following "magic words" - "closes, fixes" to auto-close the Github issue. -->
* #<issue>
#### Test Plan
<!-- How will this be tested prior to merging.-->
- [x] 💪 Manual
- [ ] ⚡ Unit test
- [ ] 💚 E2E
2023-09-19 20:39:15 +00:00
Niraj Tolia
e36545d370
Website: Upgrade Ubuntu and Node install process ( #4230 )
...
Fixes build failures and depreciations
---
#### Does this PR need a docs update or release note?
- [x] ⛔ No
#### Type of change
- [x] 🐛 Bugfix
- [x] 🗺️ Documentation
2023-09-12 23:23:10 +00:00
Niraj Tolia
2e6a47e92f
Actually upgrade the website browserlist ( #4204 )
...
The previous commit didn't actually do anything in real life.
---
#### Does this PR need a docs update or release note?
- [x] ⛔ No
#### Type of change
- [x] 🐛 Bugfix
- [x] 🗺️ Documentation
#### Test Plan
- [x] 💪 Manual
2023-09-07 16:35:11 +00:00
Niraj Tolia
bf1b290e2a
Upgrade browserlist for the website ( #4201 )
...
#### Does this PR need a docs update or release note?
- [x] ⛔ No
#### Type of change
- [x] 🗺️ Documentation
2023-09-07 00:13:17 +00:00
InfraOwner
676eb57bec
[Snyk] Security upgrade ubuntu from 22.04 to 22.10 ( #3167 )
...
<p>This PR was automatically created by Snyk using the credentials of a real user.</p><br />Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
#### Changes included in this PR
- website/Dockerfile
We recommend upgrading to `ubuntu:22.10`, as this image has only 7 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Some of the most important vulnerabilities in your base image include:
| Severity | Issue | Exploit Maturity |
| :------: | :---- | :--------------- |
|  | NULL Pointer Dereference <br/>[SNYK-UBUNTU2204-OPENSSL-3314672](https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-3314672 ) | No Known Exploit |
|  | Double Free <br/>[SNYK-UBUNTU2204-OPENSSL-3314696](https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-3314696 ) | No Known Exploit |
|  | CVE-2022-4304 <br/>[SNYK-UBUNTU2204-OPENSSL-3314710](https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-3314710 ) | No Known Exploit |
|  | Access of Resource Using Incompatible Type ('Type Confusion') <br/>[SNYK-UBUNTU2204-OPENSSL-3314792](https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-3314792 ) | No Known Exploit |
|  | Out-of-bounds Read <br/>[SNYK-UBUNTU2204-TAR-3261138](https://snyk.io/vuln/SNYK-UBUNTU2204-TAR-3261138 ) | No Known Exploit |
---
**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._
For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJjOTA4MWU0NS02YWFmLTRkZTItYjg1Yy02OWQ1NjJlYTQwYWUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImM5MDgxZTQ1LTZhYWYtNGRlMi1iODVjLTY5ZDU2MmVhNDBhZSJ9fQ== " width="0" height="0"/>
🧐 [View latest project report](https://app.snyk.io/org/alcion/project/be35e6c9-5393-4702-af3c-f4aebb53488e?utm_source=github-enterprise&utm_medium=referral&page=fix-pr )
🛠 [Adjust project settings](https://app.snyk.io/org/alcion/project/be35e6c9-5393-4702-af3c-f4aebb53488e?utm_source=github-enterprise&utm_medium=referral&page=fix-pr/settings )
[//]: # 'snyk:metadata:{"prId":"c9081e45-6aaf-4de2-b85c-69d562ea40ae","prPublicId":"c9081e45-6aaf-4de2-b85c-69d562ea40ae","dependencies":[{"name":"ubuntu","from":"22.04","to":"22.10"}],"packageManager":"dockerfile","projectPublicId":"be35e6c9-5393-4702-af3c-f4aebb53488e","projectUrl":"https://app.snyk.io/org/alcion/project/be35e6c9-5393-4702-af3c-f4aebb53488e?utm_source=github-enterprise&utm_medium=referral&page=fix-pr ","type":"auto","patch":[],"vulns":["SNYK-UBUNTU2204-TAR-3261138","SNYK-UBUNTU2204-OPENSSL-3314792","SNYK-UBUNTU2204-OPENSSL-3314672","SNYK-UBUNTU2204-OPENSSL-3314696","SNYK-UBUNTU2204-OPENSSL-3314710"],"upgrade":["SNYK-UBUNTU2204-OPENSSL-3314672","SNYK-UBUNTU2204-OPENSSL-3314696","SNYK-UBUNTU2204-OPENSSL-3314710","SNYK-UBUNTU2204-OPENSSL-3314792","SNYK-UBUNTU2204-TAR-3261138"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title"],"priorityScoreList":[null,null,null,null,null],"remediationStrategy":"vuln"}'
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [NULL Pointer Dereference](https://learn.snyk.io/lessons/null-dereference/cpp/?loc=fix-pr )
2023-04-20 20:51:06 +00:00
Niraj Tolia
95dda0425b
Support building Arm website Docker image ( #1733 )
...
## Description
This change uses the local arch to pull the right packages in for Arm
vs. x86_64.
2022-12-08 07:51:43 +00:00
Abin Simon
a5ad6e6788
Rework CI to handle combined website and docs ( #1568 )
...
## Description
This reworks CI now that we have merged docs and website into a single deployment.
## Type of change
<!--- Please check the type of change your PR introduces: --->
- [ ] 🌻 Feature
- [ ] 🐛 Bugfix
- [ ] 🗺️ Documentation
- [ ] 🤖 Test
- [x] 💻 CI/Deployment
- [ ] 🐹 Trivial/Minor
## Issue(s)
<!-- Can reference multiple issues. Use one of the following "magic words" - "closes, fixes" to auto-close the Github issue. -->
* Fixes https://github.com/alcionai/corso/issues/1551
## Test Plan
<!-- How will this be tested prior to merging.-->
- [x] 💪 Manual
- [ ] ⚡ Unit test
- [ ] 💚 E2E
2022-12-01 16:50:04 +00:00
Abin Simon
4b94c4f012
Option to not use docker for Makefile in docs/website ( #1087 )
...
## Description
This makes it so that we have an option to locally run all Makefile targets without having to go through Docker. That said, it retains Docker as the default way to run it, but now we can set an evn variable `CORSO_USE_DOCKER=-1` to skip running through docker. I understand if this looks a bit hacky and don't want to add it in, but thought I wold propose this anyways. While not major, I was able to get a good amount of decrease in build times.
## Type of change
<!--- Please check the type of change your PR introduces: --->
- [ ] 🌻 Feature
- [ ] 🐛 Bugfix
- [ ] 🗺️ Documentation
- [ ] 🤖 Test
- [x] 💻 CI/Deployment
- [ ] 🐹 Trivial/Minor
## Issue(s)
<!-- Can reference multiple issues. Use one of the following "magic words" - "closes, fixes" to auto-close the Github issue. -->
* #<issue>
## Test Plan
<!-- How will this be tested prior to merging.-->
- [x] 💪 Manual
- [ ] ⚡ Unit test
- [ ] 💚 E2E
2022-10-14 03:18:50 +00:00
Niraj Tolia
5e0fe9561c
Corso website template + build framework ( #723 )
...
## Description
This PR imports a Tailwind-based website template and adds a
build hardness for it.
Please check the type of change your PR introduces:
- [x] 🌻 Feature
## Test Plan
- [x] 💪 Manual
2022-09-02 00:03:10 +00:00
