Project

General

Profile

Actions

Support #20325

closed

Review dependabot alerts

Added by Peter Amstutz over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Due date:
Story points:
-
Release relationship:
Auto
Actions #1

Updated by Lucas Di Pentima over 1 year ago

  • Status changed from New to In Progress
Actions #4

Updated by Lucas Di Pentima over 1 year ago

Handling https://github.com/arvados/arvados/security/dependabot/97 by upgrading the rack gem on RailsAPI & WB1.

Update: 1cb23beff - branch 20325-rack-upgrade
Test run: developer-run-tests: #3587

Actions #5

Updated by Lucas Di Pentima over 1 year ago

Dismissed https://github.com/arvados/arvados/security/dependabot/107 as we're not using the vulnerable code.

Actions #6

Updated by Lucas Di Pentima over 1 year ago

Dismissed https://github.com/arvados/arvados/security/dependabot/2 & https://github.com/arvados/arvados/security/dependabot/5 as the risk is tolerable because is related to doc generation and doesn't affect running clusters.

Actions #7

Updated by Lucas Di Pentima over 1 year ago

Handling https://github.com/arvados/arvados/security/dependabot/96 by upgrading the golang.org/x/net module.

Updates at ee9e02d91 - branch 20325-go-x-net-upgrade
Test run: developer-run-tests: #3588

Actions #8

Updated by Lucas Di Pentima over 1 year ago

Handling https://github.com/arvados/arvados/security/dependabot/109 by upgrading nokogiri on both RailsAPI & WB1.

Updates at a56ec3ec5 - branch 20325-nokogiri-upgrade
Test run: developer-run-tests: #3589

Actions #12

Updated by Lucas Di Pentima over 1 year ago

Handling https://github.com/arvados/arvados/security/dependabot/64 & https://github.com/arvados/arvados/security/dependabot/65 by upgrading globalid gem on RailsAPI & WB1

Updates at a6775c492 - branch 20325-globalid-gem-upgrade
Test run: developer-run-tests: #3599

Actions #13

Updated by Lucas Di Pentima over 1 year ago

  • Release set to 62
Actions #14

Updated by Lucas Di Pentima over 1 year ago

Handling https://github.com/arvados/arvados/security/dependabot/91 by upgrading github.com/docker/distribution to version 2.8.1

Updates at b3c7d9bbf - branch 20325-go-docker-distribution-upgrade
Test run: developer-run-tests: #3603

Actions #15

Updated by Lucas Di Pentima over 1 year ago

Dismissed https://github.com/arvados/arvados/security/dependabot/81 & https://github.com/arvados/arvados/security/dependabot/82 as we don't seem to use the underscore method on user provided input.

Actions #16

Updated by Peter Amstutz over 1 year ago

  • Target version changed from Development 2023-04-26 sprint to Development 2023-05-10 sprint
Actions #17

Updated by Peter Amstutz over 1 year ago

  • Release changed from 62 to 63
Actions #18

Updated by Lucas Di Pentima over 1 year ago

Handling https://github.com/arvados/arvados/security/dependabot/110 & https://github.com/arvados/arvados/security/dependabot/111 by upgrading jquery-rails and its dependencies on RailsAPI & WB1

Updates at ab72becc8 - branch 20325-jquery-rails-upgrade
Test run: developer-run-tests: #3649
WB1 integration re-run: developer-run-tests-apps-workbench-integration: #3940

Actions #19

Updated by Peter Amstutz over 1 year ago

  • Target version changed from Development 2023-05-10 sprint to Development 2023-05-24 sprint
Actions #20

Updated by Lucas Di Pentima over 1 year ago

Handling https://github.com/arvados/arvados/security/dependabot/112 by upgrading the github.com/docker/distribution module to version v2.8.2+incompatible.

Updates at ee1e494c0 - branch 20325-go-docker-distribution-upgrade2
Test run: developer-run-tests: #3651

Actions #21

Updated by Peter Amstutz over 1 year ago

  • Release deleted (63)
Actions #23

Updated by Peter Amstutz over 1 year ago

  • Target version changed from Development 2023-05-24 sprint to Development 2023-06-07
Actions #24

Updated by Peter Amstutz over 1 year ago

  • Target version changed from Development 2023-06-07 to Development 2023-05-24 sprint
Actions #25

Updated by Peter Amstutz over 1 year ago

  • Status changed from In Progress to Resolved
Actions #26

Updated by Peter Amstutz about 1 year ago

  • Release set to 66
Actions

Also available in: Atom PDF