Skip to content

Commit

Permalink
Update depenency to avoid CVE-2022-4904 (#54)
Browse files Browse the repository at this point in the history 
* Update SDK on v0.3.2

* Update packages

* Update NOTICE-3RD-PARTY-CONTENT.md

* Update NOTICE.md

* Update Dockerfile

* Fix SDK version

---------

Co-authored-by: BjoernAtBosch <[email protected]>
  • Loading branch information
@kse3hi @BjoernAtBosch
kse3hi and BjoernAtBosch authored Jun 26, 2023
1 parent 56ffb6b commit 685e87c
Show file tree
Hide file tree
Showing 9 changed files with 17 additions and 16 deletions.
2 changes: 1 addition & 1 deletion .devcontainer/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
#
# SPDX-License-Identifier: Apache-2.0

FROM ghcr.io/eclipse-velocitas/devcontainer-base-images/cpp:v0.1.2
FROM ghcr.io/eclipse-velocitas/devcontainer-base-images/cpp:v0.1.3

ARG REINSTALL_CMAKE_VERSION_FROM_SOURCE
ENV REINSTALL_CMAKE_VERSION_FROM_SOURCE="${REINSTALL_CMAKE_VERSION_FROM_SOURCE:-none}"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/build-docker-image.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
build-image:
name: "Building image (${{ matrix.component.name }})"
runs-on: ubuntu-latest
container: ghcr.io/eclipse-velocitas/devcontainer-base-images/cpp:v0.1.2
container: ghcr.io/eclipse-velocitas/devcontainer-base-images/cpp:v0.1.3
strategy:
matrix:
component: ${{ fromJson(inputs.deployment-matrix-str) }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ on:
jobs:
build-and-publish:
runs-on: ubuntu-22.04
container: ghcr.io/eclipse-velocitas/devcontainer-base-images/cpp:v0.1.2
container: ghcr.io/eclipse-velocitas/devcontainer-base-images/cpp:v0.1.3
name: "Build, Test and Lint"
steps:
- name: Checkout repository
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ensure-lifecycle.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ on:
jobs:
check-sync:
runs-on: ubuntu-22.04
container: ghcr.io/eclipse-velocitas/devcontainer-base-images/cpp:v0.1.2
container: ghcr.io/eclipse-velocitas/devcontainer-base-images/cpp:v0.1.3
name: Are files in sync?

steps:
Expand Down
4 changes: 2 additions & 2 deletions .velocitas.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,15 @@
},
{
"name": "devenv-github-workflows",
"version": "v2.0.7"
"version": "v2.0.9"
},
{
"name": "devenv-github-templates",
"version": "v1.0.1"
},
{
"name": "devenv-devcontainer-setup",
"version": "v1.1.8"
"version": "v1.1.9"
}
],
"variables": {
Expand Down
8 changes: 4 additions & 4 deletions NOTICE-3RD-PARTY-CONTENT.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,17 @@
|distlib|0.3.6|Python Software Foundation License|
|distro|1.7.0|Apache 2.0|
|fasteners|0.18|Apache 2.0|
|filelock|3.12.0|The Unlicense (Unlicense)|
|filelock|3.12.2|The Unlicense (Unlicense)|
|gcovr|5.2|BSD|
|identify|2.5.24|MIT|
|idna|3.4|BSD|
|Jinja2|3.1.2|New BSD|
|lxml|4.9.2|New BSD|
|MarkupSafe|2.1.2|New BSD|
|MarkupSafe|2.1.3|New BSD|
|node-semver|0.6.1|MIT|
|nodeenv|1.8.0|BSD|
|patch-ng|1.17.4|MIT|
|platformdirs|3.5.1|MIT|
|platformdirs|3.8.0|MIT|
|pluginbase|1.0.1|BSD|
|pre-commit|2.20.0|MIT|
|Pygments|2.15.1|Simplified BSD|
Expand All @@ -36,7 +36,7 @@
|toml|0.10.2|MIT|
|tqdm|4.65.0|MIT<br/>Mozilla Public License 2.0 (MPL 2.0)|
|urllib3|1.26.16|MIT|
|virtualenv|20.23.0|MIT|
|virtualenv|20.23.1|MIT|
## Workflows
| Dependency | Version | License |
|:-----------|:-------:|--------:|
Expand Down
9 changes: 5 additions & 4 deletions NOTICE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,18 +48,19 @@ The C++ dependencies should be normally also listed in the auto-generated notice
Due to the limited Conan support of the Pivotal License Finder currently used in our [License Check](https://github.com/eclipse-velocitas/license-check),
they are given here (manually added) for time being:


| Dependency | Version | License |
|:-----------|:-------:|--------:|
|abseil|20220623.0|Apache 2.0|
|c-ares|1.18.1|c-ares (MIT-style)|
|cpr|1.9.3|MIT|
|c-ares|1.19.1|c-ares (MIT-style)|
|cpr|1.10.1|MIT|
|fmt|9.1.0|MIT|
|googleapis|cci.20221108|Apache 2.0|
|grpc|1.50.1|Apache 2.0|
|grpc-proto|cci.20220627|Apache 2.0|
|libcurl|7.87.0|CURL|
|libcurl|8.1.2|CURL|
|nlohmann_json|3.11.2|MIT|
|openssl|1.1.1t|OpenSSL License AND SSLeay License|
|openssl|1.1.1u|OpenSSL License AND SSLeay License|
|paho-mqtt-c|1.3.9|EPL 2.0 AND EDL 1.0|
|paho-mqtt-cpp|1.2.0|EPL 1.0 AND EDL 1.0|
|protobuf|3.21.9|Google License|
Expand Down
2 changes: 1 addition & 1 deletion app/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

# syntax = docker/dockerfile:1.2

FROM ghcr.io/eclipse-velocitas/vehicle-app-cpp-sdk:v0.3.1 as builder
FROM ghcr.io/eclipse-velocitas/vehicle-app-cpp-sdk:v0.3.2 as builder

RUN apk update && \
apk add ninja && \
Expand Down
2 changes: 1 addition & 1 deletion sdk
Submodule sdk updated 7 files
+4 −4 NOTICE-3RD-PARTY-CONTENT.md
+4 −4 NOTICE.md
+6 −5 conanfile.py
+1 −1 examples/seat-adjuster/AppManifest.json
+2 −2 examples/seat-adjuster/src/SeatAdjusterApp.cpp
+1 −1 examples/seat-adjuster/src/SeatAdjusterApp.h
+1 −1 examples/set-data-points/AppManifest.json

0 comments on commit 685e87c

Please sign in to comment.