Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generalized state install CVE report. #3624

Open
wants to merge 1 commit into
base: version/0-48-0-RC1
Choose a base branch
from
Open

Generalized state install CVE report. #3624

wants to merge 1 commit into from
+12 −12

Conversation

mitchell-as
Copy link
Contributor

@mitchell-as mitchell-as commented Dec 24, 2024
edited by github-actions bot
Loading

BugDX-3186 When installing one package CVEs tested for one more package

Accurately listing all package names being checked would often result in a horrendously long notice.

Also, now that state install allows multiple arguments, singular "Dependency" is not good grammar.

Sample:

% state checkout qam/newpub#56a04c65-3279-43af-987a-54f371a8302d
Checking out project: qam/newpub

• Resolving Dependencies ✔ Done

  Setting up the following dependencies:
  ├─ [email protected] (7 sub-dependencies)
  ├─ [email protected] (5 sub-dependencies)
  └─ [email protected] (27 sub-dependencies)

• Checking for vulnerabilities (CVEs) x Unsafe

  Warning: Found 4 known vulnerabilities (CVEs)

  • 3 High: CVE-2024-6232, CVE-2024-7592, CVE-2023-36632
  • 1 Medium: CVE-2023-27043

  For more information on these vulnerabilities run 'state security open <ID>'.
  To disable prompting for vulnerabilities run 'state config set 
  security.prompt.enabled false'.

% state install django
█ Installing Package

Operating on project qam/newpub, located at /path/to/newpub.

• Searching for packages in the ActiveState Catalog ✔ Found
• Resolving Dependencies ✔ Done

  Installing [email protected] includes 2 direct dependencies, and 1 indirect 
  dependencies.
  ├─ [email protected] (1 dependencies)
  └─ [email protected]

• Checking for vulnerabilities (CVEs) ✔ Safe

Warning: Skipping runtime sourcing since optin.unstable.async_runtime is 
enabled. Please run 'state refresh' to manually source the runtime.

Added: language/python/django@Auto

Your local project has been updated.
Run state push to save changes to the platform.

@mitchell-as
Generalized state install CVE report.
df6a059 
Accurately listing all package names being checked would often result in a horrendously long notice.

Also, now that `state install` allows multiple arguments, singular "Dependency" is not good grammar.
@mitchell-as mitchell-as requested a review from Naatan December 24, 2024 16:56
@mitchell-as mitchell-as marked this pull request as ready for review December 24, 2024 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Naatan Naatan Awaiting requested review from Naatan

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Test: package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mitchell-as