-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[#52] Fix CVE-2023-40217. #53
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know this is not yet ready to ready.
So far, it looks good.
Many thanks.
Only minor comments
This reverts commit 6f45388.
Co-authored-by: Adi Roiban <[email protected]>
.github/workflows/docker.yaml
Outdated
@@ -94,3 +95,74 @@ jobs: | |||
with: | |||
sudo: false | |||
limit-access-to-actor: true | |||
|
|||
linux-arm64: | |||
runs-on: laja |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that is best to start a linux container on macos, and run the action runner inside the container and then have this job run
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True, the support for launching containers from GitHub's runner is exclusive to Linux.
For later reference, on macOS it errors out with: Error: Container operations are only supported on Linux runners
The To avoid their automatic removal, they've been copied manually to |
Scope
Fixes #52
Changes
Updates used Python version to 3.11.6 to fix CVE-2023-40217.
Drive-by changes:
ssl
to fix CVE-2023-4807 (where built from sources).cryptography
to version 41.0.4 with OpenSSL 3.1.3 to fix CVE-2023-4807.setuptools
to 68.2.2,cffi
to 1.16.0,setproctitle
to 1.3.3,charset_normalizer
to 3.3.0.Testing
Review changes.
Check the automated tests.