Merge pull request #62 from aws-solutions/feature/v2.6.4

updated to feature v2.6.4
aws-solutions · Oct 26, 2023 · a18e0a3 · a18e0a3
2 parents 45a5940 + 2e6a0d6
commit a18e0a3
Show file tree

Hide file tree

Showing 10 changed files with 68 additions and 55 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,12 @@
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.6.4] - 2023-10
+ ### Fixed
+ - Updated @babel/traverse to mitigate [CVE-2023-45133](https://github.com/aws-solutions/cost-optimizer-for-amazon-workspaces/pull/61)
+ - Updated urllib3 to mitigate [CVE-2023-45803](https://github.com/aws-solutions/cost-optimizer-for-amazon-workspaces/pull/59)
+ - Updated the base python image in the Dockerfile used to fix the following CVEs: [CVE-2023-29491](https://nvd.nist.gov/vuln/detail/CVE-2023-29491), [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911), [CVE-2023-36054](https://nvd.nist.gov/vuln/detail/CVE-2023-36054), [CVE-2023-3446](https://nvd.nist.gov/vuln/detail/CVE-2023-3446), [CVE-2023-3817](https://nvd.nist.gov/vuln/detail/CVE-2023-3817).
+
 ## [2.6.3] - 2023-09
  ### Fixed
  - Added the bugfix to skip the processing of the workspaces in error state.

diff --git a/source/Dockerfile b/source/Dockerfile
@@ -1,12 +1,10 @@
-FROM public.ecr.aws/docker/library/python:3.11.5-slim-bullseye
+FROM public.ecr.aws/docker/library/python:3.11.6-slim-bullseye
 COPY workspaces_app /workspaces_app
 
 WORKDIR /workspaces_app
-
 RUN adduser -uid 1001 nonroot
 USER nonroot
 
 RUN pip install -r ./setup_requirements.txt
 RUN pip install -r ./requirements.txt
-
 CMD python3 ./main.py
diff --git a/source/lambda/account_registration_provider/account_registration_provider.py b/source/lambda/account_registration_provider/account_registration_provider.py
@@ -12,7 +12,7 @@
 
 logger = logging.getLogger(__name__)
 log_level = getattr(logging, str(os.getenv('LOG_LEVEL', 'INFO')))
-logging.basicConfig(stream=sys.stdout, format='%(levelname)s: %(message)s', level=log_level)
+logging.basicConfig(stream=sys.stdout, format='%(levelname)s: %(message)s', level=log_level)  # NOSONAR
 
 boto_config = botocore.config.Config(
     retries={

diff --git a/source/lambda/uuid_generator/uuid_generator.py b/source/lambda/uuid_generator/uuid_generator.py
@@ -12,7 +12,7 @@
 
 logger = logging.getLogger(__name__)
 log_level = getattr(logging, str(os.getenv('LOG_LEVEL', 'INFO')))
-logging.basicConfig(stream=sys.stdout, format='%(levelname)s: %(message)s', level=log_level)
+logging.basicConfig(stream=sys.stdout, format='%(levelname)s: %(message)s', level=log_level)  # NOSONAR
 boto_config = botocore.config.Config(user_agent_extra=os.getenv('USER_AGENT_STRING'))
 cfn_client = boto3.client('cloudformation', config=boto_config)
 

diff --git a/source/package-lock.json b/source/package-lock.json
diff --git a/source/package.json b/source/package.json
@@ -27,7 +27,7 @@
     "@types/sinon": "^10.0.16",
     "aws-cdk": "^2.94.0",
     "jest": "^29.6.4",
-    "sinon": "^16.0.0",
+    "sinon": "^17.0.0",
     "ts-jest": "^29.1.1",
     "ts-node": "^10.9.1",
     "typescript": "^5.2.2",

diff --git a/source/testing_requirements.txt b/source/testing_requirements.txt
@@ -3,9 +3,9 @@ pytest>=7.2.0
 pytest-mock==3.10.0
 coverage==7.2.0
 requests==2.31.0
-boto3==1.26.48
+boto3==1.28.68
 attrs==v23.1.0
-botocore==1.29.48
+botocore==1.31.68
 certifi==2023.7.22
 charset-normalizer==2.1.1
 idna==3.4
@@ -15,8 +15,8 @@ packaging==23.0
 pluggy==1.0.0
 pyparsing==3.0.9
 python-dateutil==2.8.2
-s3transfer==0.6.0
+s3transfer==0.7.0
 six==1.16.0
 tomli==2.0.1
-urllib3==1.26.14
+urllib3==2.0.7
 freezegun==1.2.2
diff --git a/source/workspaces_app/main.py b/source/workspaces_app/main.py
@@ -33,7 +33,7 @@
 def configure_logging() -> None:
     """Configure root logger level based on `LogLevel` environment variable."""
     log_level = getattr(logging, str(os.getenv('LogLevel', 'INFO')))
-    logging.basicConfig(stream=sys.stdout, format='%(levelname)s: %(message)s', level=log_level)
+    logging.basicConfig(stream=sys.stdout, format='%(levelname)s: %(message)s', level=log_level)  # NOSONAR
 
 
 def ecs_handler() -> None:

diff --git a/source/workspaces_app/requirements.txt b/source/workspaces_app/requirements.txt
@@ -1,11 +1,11 @@
-boto3==1.26.48
-botocore==1.29.48
+boto3==1.28.68
+botocore==1.31.68
 certifi==2023.7.22
 charset-normalizer==2.1.1
 idna==3.4
 jmespath==1.0.1
 python-dateutil==2.8.2
 requests==2.31.0
-s3transfer==0.6.0
+s3transfer==0.7.0
 six==1.16.0
-urllib3==1.26.14
+urllib3==2.0.7
diff --git a/source/workspaces_app/workspaces_app/workspaces_helper.py b/source/workspaces_app/workspaces_app/workspaces_helper.py
@@ -161,7 +161,7 @@ def get_workspaces_for_directory(self, directory_id: str) -> typing.List[dict]:
         except botocore.exceptions.ClientError as e:
             log.error(f'Error while getting the list of workspace for directory ID '
                       f'{directory_id}: Error: {e}')
-        log.debug(f'Returning the list of directories as {list_workspaces}')
+        log.debug(f'Returning the list of workspaces as {list_workspaces}')
         return list_workspaces
 
     def get_termination_status(self, workspace_id, billable_time, tags):