Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[EAUX-1241] Kong Pongo Update #12

Open
wants to merge 188 commits into
base: master
Choose a base branch
from
Open

[EAUX-1241] Kong Pongo Update #12

wants to merge 188 commits into from

Conversation

KalshuCodes
Copy link

Added Support for Kong Pongo Update

outsinre and others added 30 commits September 25, 2024 17:47
Speeds up build and reduces image size.

(cherry picked from commit 8409030)
Speeds up build and reduces image size.

(cherry picked from commit b2380fc)
Tieske and others added 25 commits September 25, 2024 19:32
(cherry picked from commit e1a57c7)
… for busted tests

KAG-5187

(cherry picked from commit 63fb02b)
eg. using 3.4.x.x would resolve to 3.4.3.2 instead of 3.4.3.12
due to the double digit patch version.

(cherry picked from commit 7c5916a)
(cherry picked from commit b10fea7)
…-compose for busted tests"

This reverts commit 63fb02b.

(cherry picked from commit 54d8e9a)
…r command"

This reverts commit 779b50a.

(cherry picked from commit 3924625)
(cherry picked from commit d9f36cd)
… for busted tests

KAG-5187

(cherry picked from commit 893a851)
(cherry picked from commit 6ce752c)
(cherry picked from commit fb9d5b8)
@KalshuCodes KalshuCodes self-assigned this Oct 1, 2024
Comment on lines +46 to 47
image: ${POSTGRES_IMAGE:-postgres:13}
environment:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use of non-harbor in base image is not allowed

🔴 Fix or ignore this finding to merge your pull request.


Ignore this finding from custom-docker-base-image-check-docker-compose.

Copy link

semgrep-app bot commented Oct 1, 2024

Semgrep found 63 ssc-10a84674-202a-46d1-bb07-4c1c38a464f7 findings:

  • kong-versions/3.6.1.6/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.7.0.0/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.2/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/2.8.4.7/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.3.11/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.7.1.2/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.3.5/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.2.2.5/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.3.12/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/2.8.4.4/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.3.3/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.6.1.0/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.2.2.3/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/2.8.5/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.1.1/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/2.8.4.6/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/2.8.4.12/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.3.9/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/2.8.4.5/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/2.8.4/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.5.0.7/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.7.0/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.3.6/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.8.0/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/2.8.4.8/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.7.1/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.1.0/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/2.8.4.11/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.5.0.4/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.3.2/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.1/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/2.8.4.10/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.1.1.6/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.3.8/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.1.1.5/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/2.8.4.3/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.6.1.2/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.5.0.3/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.6.0/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.3.7/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.3.1.1/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.5.0.1/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.5.0.2/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.5.0/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.6.0.0/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.2.0/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/2.8.4.9/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.3.1/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.2.2.1/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.5.0.6/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.2.2.4/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.2.2.2/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.4.3.4/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.6.1.4/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.6.1.3/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.8.0.0/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.6.1.5/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.6.1.1/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.6.1.7/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.6.1/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.5.0.0/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.5.0.5/kong/spec/fixtures/grpc/target/go.mod
  • kong-versions/3.7.1.1/kong/spec/fixtures/grpc/target/go.mod

Risk: Affected versions of google.golang.org/grpc are vulnerable to Uncontrolled Resource Consumption. An attacker can force the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit by executing a combination of sending, canceling, and re-sending HTTP/2 requests.

Fix: Upgrade this library to at least version 1.56.3 at kong-pongo/kong-versions/3.6.1.6/kong/spec/fixtures/grpc/target/go.mod:8.

Reference(s): GHSA-m425-mq94-257g, CVE-2023-44487

⚪️ This finding does not block your pull request.


Ignore this finding from ssc-10a84674-202a-46d1-bb07-4c1c38a464f7.

Semgrep found 6 ssc-5a557c33-4191-4714-a574-8efb44cf209b findings:

  • kong-versions/3.3.1.1/kong/spec-ee/kong-api-tests/package-lock.json
  • kong-versions/3.4.1.0/kong/spec-ee/kong-api-tests/package-lock.json
  • kong-versions/3.4.1.1/kong/spec-ee/kong-api-tests/package-lock.json
  • kong-versions/3.4.2.0/kong/spec-ee/kong-api-tests/package-lock.json
  • kong-versions/3.4.3.1/kong/spec-ee/kong-api-tests/package-lock.json
  • kong-versions/3.4.3.2/kong/spec-ee/kong-api-tests/package-lock.json

Risk: Affected version of get-func-name is vulnerable to Uncontrolled Resource Consumption / Inefficient Regular Expression Complexity. The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks.

Fix: Upgrade this library to at least version 2.0.1 at kong-pongo/kong-versions/3.3.1.1/kong/spec-ee/kong-api-tests/package-lock.json:4566.

Reference(s): GHSA-4q6p-r6v2-jvc5, CVE-2023-43646

⚪️ This finding does not block your pull request.


Ignore this finding from ssc-5a557c33-4191-4714-a574-8efb44cf209b.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.