From f1540d03584d62e214947ecff1e73dbd60e1b9d8 Mon Sep 17 00:00:00 2001 From: Josh Simmonds Date: Wed, 10 Apr 2024 23:03:03 +0000 Subject: [PATCH] Fix: Update cURL container to address CVE-2023-38545 & CVE-2023-38546 (#218) * Fix: Update cURL container to address CVE-2023-38545 & CVE-2023-38546 * Bump chart minor rev, update changelog * Update unit tests and confirm passage --- CHANGELOG.md | 4 ++++ Chart.yaml | 2 +- tests/__snapshot__/jmx-servicemonitor_test.yaml.snap | 2 +- tests/__snapshot__/puppetdb-pvc_test.yaml.snap | 2 +- tests/__snapshot__/puppetdb-servicemonitor_test.yaml.snap | 2 +- tests/__snapshot__/puppetdb.networkpolicy_test.yaml.snap | 2 +- tests/__snapshot__/puppetserver-ca-pvc_test.yaml.snap | 2 +- .../puppetserver-compilers.deployment_test.yaml.snap | 4 ++-- .../puppetserver-compilers.networkpolicy_test.yaml.snap | 2 +- tests/__snapshot__/puppetserver-compilers.pdb_test.yaml.snap | 2 +- .../puppetserver-compilers.statefulset_test.yaml.snap | 4 ++-- .../puppetserver-masters.networkpolicy_test.yaml.snap | 2 +- tests/__snapshot__/puppetserver-masters.pdb_test.yaml.snap | 2 +- tests/__snapshot__/puppetserver-pvc_test.yaml.snap | 2 +- .../puppetserver-statefulset.compilers_test.yaml.snap | 4 ++-- values.yaml | 2 +- 16 files changed, 22 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a369c89..751c619 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ This file documents all notable changes to Puppet Server Helm Chart. The release numbering uses [semantic versioning](http://semver.org). NOTE: The change log until version `v0.2.4` is auto-generated. + +## [v9.3.3](https://github.com/puppetlabs/puppetserver-helm-chart/tree/v9.3.2) (2024-04-10) +- Fix: Update cURL container to address CVE-2023-38545 & CVE-2023-38546 + ## [v9.3.2](https://github.com/puppetlabs/puppetserver-helm-chart/tree/v9.3.2) (2024-04-08) - Fix: Fixes bug in puppet-preinstall template when puppetserver.preGeneratedCertsJob is enabled. diff --git a/Chart.yaml b/Chart.yaml index 23d1544..62783b3 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: puppetserver -version: 9.3.2 +version: 9.3.3 appVersion: 7.13.0 description: Puppet automates the delivery and operation of software. keywords: ["puppet", "puppetserver", "automation", "iac", "infrastructure", "cm", "ci", "cd"] diff --git a/tests/__snapshot__/jmx-servicemonitor_test.yaml.snap b/tests/__snapshot__/jmx-servicemonitor_test.yaml.snap index c7022f8..9f6aaf5 100644 --- a/tests/__snapshot__/jmx-servicemonitor_test.yaml.snap +++ b/tests/__snapshot__/jmx-servicemonitor_test.yaml.snap @@ -9,7 +9,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 release: kube-prometheus-stack name: puppetserver-jmx namespace: puppet diff --git a/tests/__snapshot__/puppetdb-pvc_test.yaml.snap b/tests/__snapshot__/puppetdb-pvc_test.yaml.snap index ad87724..63dfd4b 100644 --- a/tests/__snapshot__/puppetdb-pvc_test.yaml.snap +++ b/tests/__snapshot__/puppetdb-pvc_test.yaml.snap @@ -10,7 +10,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 name: puppetserver-puppetdb-claim spec: accessModes: diff --git a/tests/__snapshot__/puppetdb-servicemonitor_test.yaml.snap b/tests/__snapshot__/puppetdb-servicemonitor_test.yaml.snap index cb7bac4..87c6e5b 100644 --- a/tests/__snapshot__/puppetdb-servicemonitor_test.yaml.snap +++ b/tests/__snapshot__/puppetdb-servicemonitor_test.yaml.snap @@ -9,7 +9,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 release: kube-prometheus-stack name: puppetserver-puppetdb namespace: puppet diff --git a/tests/__snapshot__/puppetdb.networkpolicy_test.yaml.snap b/tests/__snapshot__/puppetdb.networkpolicy_test.yaml.snap index 4683356..3c3a66c 100644 --- a/tests/__snapshot__/puppetdb.networkpolicy_test.yaml.snap +++ b/tests/__snapshot__/puppetdb.networkpolicy_test.yaml.snap @@ -9,7 +9,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 name: puppetserver-puppetdb spec: egress: diff --git a/tests/__snapshot__/puppetserver-ca-pvc_test.yaml.snap b/tests/__snapshot__/puppetserver-ca-pvc_test.yaml.snap index fb3e5c3..d458eff 100644 --- a/tests/__snapshot__/puppetserver-ca-pvc_test.yaml.snap +++ b/tests/__snapshot__/puppetserver-ca-pvc_test.yaml.snap @@ -10,7 +10,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 name: puppetserver-ca-claim spec: accessModes: diff --git a/tests/__snapshot__/puppetserver-compilers.deployment_test.yaml.snap b/tests/__snapshot__/puppetserver-compilers.deployment_test.yaml.snap index 705481f..6211bd1 100644 --- a/tests/__snapshot__/puppetserver-compilers.deployment_test.yaml.snap +++ b/tests/__snapshot__/puppetserver-compilers.deployment_test.yaml.snap @@ -9,7 +9,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 name: puppetserver-puppetserver-compiler spec: replicas: 1 @@ -31,7 +31,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 spec: containers: - env: diff --git a/tests/__snapshot__/puppetserver-compilers.networkpolicy_test.yaml.snap b/tests/__snapshot__/puppetserver-compilers.networkpolicy_test.yaml.snap index 25b935e..45a6cfc 100644 --- a/tests/__snapshot__/puppetserver-compilers.networkpolicy_test.yaml.snap +++ b/tests/__snapshot__/puppetserver-compilers.networkpolicy_test.yaml.snap @@ -9,7 +9,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 name: puppetserver-puppetserver-compilers spec: egress: diff --git a/tests/__snapshot__/puppetserver-compilers.pdb_test.yaml.snap b/tests/__snapshot__/puppetserver-compilers.pdb_test.yaml.snap index aeb9e4d..082309d 100644 --- a/tests/__snapshot__/puppetserver-compilers.pdb_test.yaml.snap +++ b/tests/__snapshot__/puppetserver-compilers.pdb_test.yaml.snap @@ -9,7 +9,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 name: puppetserver-compilers spec: maxUnavailable: 2 diff --git a/tests/__snapshot__/puppetserver-compilers.statefulset_test.yaml.snap b/tests/__snapshot__/puppetserver-compilers.statefulset_test.yaml.snap index 02eda5f..95a1e7c 100644 --- a/tests/__snapshot__/puppetserver-compilers.statefulset_test.yaml.snap +++ b/tests/__snapshot__/puppetserver-compilers.statefulset_test.yaml.snap @@ -9,7 +9,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 name: puppetserver-puppetserver-compiler spec: podManagementPolicy: OrderedReady @@ -32,7 +32,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 spec: containers: - env: diff --git a/tests/__snapshot__/puppetserver-masters.networkpolicy_test.yaml.snap b/tests/__snapshot__/puppetserver-masters.networkpolicy_test.yaml.snap index accebc1..bf842e5 100644 --- a/tests/__snapshot__/puppetserver-masters.networkpolicy_test.yaml.snap +++ b/tests/__snapshot__/puppetserver-masters.networkpolicy_test.yaml.snap @@ -9,7 +9,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 name: puppetserver-puppetserver spec: egress: diff --git a/tests/__snapshot__/puppetserver-masters.pdb_test.yaml.snap b/tests/__snapshot__/puppetserver-masters.pdb_test.yaml.snap index 0f9cccb..4b768ce 100644 --- a/tests/__snapshot__/puppetserver-masters.pdb_test.yaml.snap +++ b/tests/__snapshot__/puppetserver-masters.pdb_test.yaml.snap @@ -9,7 +9,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 name: puppetserver-masters spec: maxUnavailable: 2 diff --git a/tests/__snapshot__/puppetserver-pvc_test.yaml.snap b/tests/__snapshot__/puppetserver-pvc_test.yaml.snap index 7f4651a..c0582a9 100644 --- a/tests/__snapshot__/puppetserver-pvc_test.yaml.snap +++ b/tests/__snapshot__/puppetserver-pvc_test.yaml.snap @@ -10,7 +10,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-9.3.2 + helm.sh/chart: puppetserver-9.3.3 name: puppetserver-puppet-claim spec: accessModes: diff --git a/tests/__snapshot__/puppetserver-statefulset.compilers_test.yaml.snap b/tests/__snapshot__/puppetserver-statefulset.compilers_test.yaml.snap index c87dd47..95a1e7c 100644 --- a/tests/__snapshot__/puppetserver-statefulset.compilers_test.yaml.snap +++ b/tests/__snapshot__/puppetserver-statefulset.compilers_test.yaml.snap @@ -9,7 +9,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-8.3.0 + helm.sh/chart: puppetserver-9.3.3 name: puppetserver-puppetserver-compiler spec: podManagementPolicy: OrderedReady @@ -32,7 +32,7 @@ manifest should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 7.13.0 - helm.sh/chart: puppetserver-8.3.0 + helm.sh/chart: puppetserver-9.3.3 spec: containers: - env: diff --git a/values.yaml b/values.yaml index 6a4051d..53ba694 100644 --- a/values.yaml +++ b/values.yaml @@ -12,7 +12,7 @@ global: curl: image: curlimages/curl - tag: 7.87.0 + tag: 8.7.1 imagePullPolicy: IfNotPresent r10k: