Update dependencies 09.2024 (#1400)

* Update dependencies 09.2024 * Fix CVE-2024-6345 * Fix CVE-2024-34156, CVE-2024-34156 * Temporary ignore CVE-2024-34156
equinor · Sep 30, 2024 · 430dfe7 · 430dfe7
1 parent 19fc575
commit 430dfe7
Show file tree

Hide file tree

Showing 4 changed files with 127 additions and 108 deletions.
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,2 @@
+# There is no fix for this CVE in https://github.com/argoproj/argo-workflows CLI
+CVE-2024-34156
diff --git a/Dockerfile b/Dockerfile
@@ -10,6 +10,9 @@ RUN apt-get update && apt-get install -y \
     git \
     && rm -rf /var/lib/apt/lists/*
 
+# Fix CVE-2024-6345
+RUN pip install setuptools==70.0.0
+
 WORKDIR /code
 RUN rm -rf /code/dist \
     && python setup.py sdist \
@@ -34,6 +37,9 @@ RUN apt-get update && apt-get install -y \
     jq \
     && rm -rf /var/lib/apt/lists/*
 
+# Fix CVE-2024-6345
+RUN pip install setuptools==70.0.0
+
 # Install requirements separately for improved docker caching
 COPY --from=builder /code/prereq.txt .
 RUN pip install --no-deps -r prereq.txt --no-cache-dir
@@ -47,7 +53,7 @@ RUN pip install gordo-packed.tar.gz[full]
 
 # Install GordoDeploy dependencies
 ARG HTTPS_PROXY
-ARG KUBECTL_VERSION="v1.30.2"
+ARG KUBECTL_VERSION="v1.31.1"
 
 #donwload & install kubectl
 RUN curl -sSL -o /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl &&\
@@ -74,7 +80,7 @@ RUN cp ${HOME}/build.sh /usr/bin/build \
 WORKDIR ${HOME}
 
 #download & install argo
-ENV ARGO_VERSIONS="[{\"number\":3,\"version\":\"3.5.8\"}]"
+ENV ARGO_VERSIONS="[{\"number\":3,\"version\":\"3.5.11\"}]"
 COPY scripts/download_argo.py ./download_argo.py
 RUN python3 ./download_argo.py -o /usr/local/bin
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# There is no fix for this CVE in https://github.com/argoproj/argo-workflows CLI
		CVE-2024-34156