Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Bump the versions of libc6 and libc-bin #21

Merged
merged 3 commits into from
Jan 8, 2024
Merged

fix: Bump the versions of libc6 and libc-bin #21

merged 3 commits into from
Jan 8, 2024

Conversation

fviernau
Copy link
Contributor

@fviernau fviernau commented Dec 28, 2023
edited
Loading

The previously used versions are not available anymore. So, bump the versions to fix the broken Docker build.

Once the docker build is fixed, the job still fails due to detected security vulnerabilities. So, upgrade the affected dependencies in order to make the CI job "green".

Please see the individual commits.

@fviernau
fix: Bump the versions of libc6 and libc-bin
73eeafe 
The previously used versions are not available anymore. So, bump the
versions to fix the broken Docker build.

Signed-off-by: Frank Viernau <frank_viernau@epam.com>
@fviernau fviernau requested a review from Allob December 28, 2023 12:35
@fviernau
chore: Upgrade aiohttp to version 3.9.0
f0e44d8 
The CI job flagged vulnerability CVE-2023-49081 in the previously used
version which is fixed in version 3.9.0.

The diff results from running `poetry add aiohttp=3.9.0`.

Signed-off-by: Frank Viernau <frank_viernau@epam.com>
@fviernau
chore: Upgrade transformers to version 4.36.0
8c80910 
The previously used version exhibits the vulnerabilities `CVE-2023-6730`
and `CVE-2023-7018`. Both are fixed in version 4.36.0.

The diff results from running `poetry add transformers@4.36.0`.

Signed-off-by: Frank Viernau <frank_viernau@epam.com>
@nepalevov nepalevov added the dependencies Dependencies update label Dec 28, 2023
@Allob Allob merged commit bddb68d into development Jan 8, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Allob Allob Allob approved these changes

Assignees

@Allob Allob

Labels
dependencies Dependencies update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fviernau @Allob @nepalevov