Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-5392

Dependabot Alert #7#8#9 on message-parser python dependencies

XMLWordPrintable

    • Low
    • None
    • CNF RAN Sprint 230
    • 1
    • False
    • Hide

      None

      Show
      None

      There are a few of Dependabot alert in Github for hw-event-proxy regarding message-parser.

      https://github.com/redhat-cne/hw-event-proxy/security/dependabot/7
      https://github.com/redhat-cne/hw-event-proxy/security/dependabot/8
      https://github.com/redhat-cne/hw-event-proxy/security/dependabot/9

      The python library certifi, wheel and setuptools needs to be upgrade to newer versions to prevent spyware and DOS attacks. Since the message-parser app is not exposed to outside of hw-event-proxy pod, it is not vulnerable to any direct security threat. As such, there is no need to fix previous releases. A fix in current release to remove the Github warnings should be sufficient.

              jacding@redhat.com Jack Ding
              jacding@redhat.com Jack Ding
              Niv Gal Waizer Niv Gal Waizer (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: