Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(lambda-layer-awscli): contains a CLI version with a CVE #18727

Merged
merged 2 commits into from
Jan 28, 2022
Merged

chore(lambda-layer-awscli): contains a CLI version with a CVE #18727

merged 2 commits into from
Jan 28, 2022

Conversation

rix0rrr
Copy link
Contributor

@rix0rrr rix0rrr commented Jan 28, 2022

The version of PyYAML that comes wit the AWS CLI we use has
a CVE reported against it: CVE-2020-14343

Upgrade to a version of AWS CLI that has PyYAML >= 5.4.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@rix0rrr
fix(lambda-layer-awscli): contains a CLI version with a CVE
f44e6db 
The version of PyYAML that comes wit the AWS CLI we use has
a CVE reported against it: CVE-2020-14343

Upgrade to a version of AWS CLI that has PyYAML >= 5.4.
@rix0rrr rix0rrr requested a review from a team January 28, 2022 18:32
@rix0rrr rix0rrr self-assigned this Jan 28, 2022
@gitpod-io
Copy link

gitpod-io bot commented Jan 28, 2022

@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Jan 28, 2022
@rix0rrr rix0rrr changed the title fix(lambda-layer-awscli): contains a CLI version with a CVE chore(lambda-layer-awscli): contains a CLI version with a CVE Jan 28, 2022
@mergify
Copy link
Contributor

mergify bot commented Jan 28, 2022

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: 3e372b1
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 32b6243 into master Jan 28, 2022
@mergify mergify bot deleted the huijbers/awscli-upgrade branch January 28, 2022 20:30
@mergify
Copy link
Contributor

mergify bot commented Jan 28, 2022

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

kornicameister added a commit to kornicameister/aws-cdk that referenced this pull request Feb 3, 2022
@kornicameister
Merge remote-tracking branch 'origin/master'
abfff4b 
* origin/master: (74 commits)
  chore: remove reliance on `decdk` in build system (aws#18760)
  chore: add repository directory for all packages.json  (aws#17203)
  docs(ecs): correct comment documentation for NetworkMode (aws#17841)
  feat(ecs): expose image name in container definition (aws#17793)
  feat(ecr): add server-side encryption configuration  (aws#16966)
  chore(region-info): ap-southeast-3 (Jakarta) ROUTE_53_BUCKET_WEBSITE_ZONE_ID (aws#18110)
  chore: reassign njlynch's ownership areas (aws#18751)
  chore(ecs-service-extensions): migrate tests to assertions (aws#18649)
  chore(s3): Fixed documentation for `InventoryFormat.ORC` (aws#18717)
  feat(iot): add Action to republish MQTT messages to another MQTT topic (aws#18661)
  chore(rds): add support for PostgreSQL 14 (aws#18713)
  fix(core): correctly reference versionless secure parameters (aws#18730)
  fix(ec2): `UserData.addSignalOnExitCommand` does not work in combination with `userDataCausesReplacement` (aws#18726)
  fix(vpc): Vpc.fromLookup should throw if subnet group name tag is explicitly given and does not exist (aws#18714)
  docs(dynamodb): add note around table encryption (aws#18721)
  chore: override `markdown-it` version (aws#18723)
  docs(cfnspec): update CloudFormation documentation (aws#18741)
  chore(release): 1.142.0
  chore(lambda-layer-awscli): contains a CLI version with a CVE (aws#18727)
  chore(lambda-python): remove Pillow dependency (aws#18722)
  ...
TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this pull request Feb 21, 2022
@rix0rrr @TikiTDO
chore(lambda-layer-awscli): contains a CLI version with a CVE (aws#18727
cf8c166 
)

The version of PyYAML that comes wit the AWS CLI we use has
a CVE reported against it: CVE-2020-14343

Upgrade to a version of AWS CLI that has PyYAML >= 5.4.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gabewomble gabewomble gabewomble approved these changes

Assignees

@rix0rrr rix0rrr

Labels
@aws-cdk/aws-lambda-layer-awscli contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rix0rrr @aws-cdk-automation @gabewomble