Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tileserver-gl/5.0.0 package update #35270

Closed
wants to merge 1 commit into from
Closed

tileserver-gl/5.0.0 package update #35270

wants to merge 1 commit into from

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Nov 26, 2024

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr labels Nov 26, 2024
@github-actions GitHub Actions
Copy link
Contributor

Package tileserver-gl: Click to expand/collapse

Package tileserver-gl:
Modified: /usr/src/app/node_modules/canvas/build/Makefile
Modified: /usr/src/app/node_modules/node-gyp/gyp/pylib/gyp/pycache/init.cpython-311.pyc
Modified: /usr/src/app/node_modules/node-gyp/gyp/pylib/gyp/pycache/common.cpython-311.pyc
Modified: /usr/src/app/node_modules/node-gyp/gyp/pylib/gyp/pycache/input.cpython-311.pyc
Modified: /usr/src/app/node_modules/node-gyp/gyp/pylib/gyp/pycache/simple_copy.cpython-311.pyc
Modified: /usr/src/app/node_modules/node-gyp/gyp/pylib/gyp/pycache/xcode_emulation.cpython-311.pyc
Modified: /usr/src/app/node_modules/node-gyp/gyp/pylib/gyp/generator/pycache/init.cpython-311.pyc
Modified: /usr/src/app/node_modules/node-gyp/gyp/pylib/gyp/generator/pycache/make.cpython-311.pyc

Package tileserver-gl-compat: Click to expand/collapse

Package tileserver-gl-compat:
Unchanged

@octo-sts octo-sts bot added the bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. label Nov 26, 2024
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Nov 26, 2024

malcontent detected files with a risk score equal or higher than 'CRITICAL': Click to expand/collapse

/tmp/malcontent119297969/packages/x86_64/tileserver-gl-5.0.0-r4.apk/usr/src/app/node_modules/superagent/lib/node/http2wrapper.js [🚨 CRITICAL]

RISK KEY DESCRIPTION EVIDENCE
CRITICAL impact/remote_access/php php base64 encoded RfQ09PS0lF::$_COOKIE

@egibs egibs added the malcontent/reviewed The malcontent findings in this PR have been manually reviewed by security. label Nov 26, 2024
@powersj powersj marked this pull request as draft November 27, 2024 16:56
debasishbsws
debasishbsws requested changes Nov 30, 2024
View reviewed changes
Copy link
Member

@debasishbsws debasishbsws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Marking request change to block merging

@mamccorm
Copy link
Member

mamccorm commented Dec 9, 2024

Quick update: Automation seems to be submitting a PR to bump epoch here - theres no change so this shouldn't be happening, re: the reason for marking this in draft and blocking merge

@rawlingsj
Copy link
Member

I've deployed a fix - let's close this to verify

@rawlingsj rawlingsj closed this Dec 10, 2024
@octo-sts octo-sts bot deleted the wolfictl-d7a78f8f-bbcd-45a7-af8e-982e5dcb6201 branch December 11, 2024 00:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@debasishbsws debasishbsws debasishbsws requested changes

Assignees

@debasishbsws debasishbsws

Labels
automated pr bincapz/blocking Bincapz (aka malcontent) scan results detected CRITICALs on the packages. malcontent/reviewed The malcontent findings in this PR have been manually reviewed by security. request-version-update request for a newer version of a package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mamccorm @rawlingsj @debasishbsws @egibs @wolfi-bot