diff --git a/docker/ci/Dockerfile b/docker/ci/Dockerfile index 9fa6c1dabdb..365f4929bcb 100644 --- a/docker/ci/Dockerfile +++ b/docker/ci/Dockerfile @@ -16,9 +16,9 @@ FROM gcr.io/oss-vdb/worker RUN apt-get update && \ apt-get install -y \ - wget \ - google-cloud-sdk-datastore-emulator \ - openjdk-11-jre # Needed for Datastore emulator. + wget \ + google-cloud-sdk-datastore-emulator \ + openjdk-11-jre # Needed for Datastore emulator. COPY daemon.json /etc/docker/daemon.json COPY install_go.sh /tmp/install_go.sh @@ -26,6 +26,6 @@ COPY install_go.sh /tmp/install_go.sh RUN "/tmp/install_go.sh" "/tmp" ENV PATH "$PATH:/root/.go/bin:/root/go/bin" -RUN go install -tags extended github.com/gohugoio/hugo@v0.107.0 +RUN go install -tags extended github.com/gohugoio/hugo@v0.111.3 ENTRYPOINT [] diff --git a/docker/ci/build.sh b/docker/ci/build.sh new file mode 100755 index 00000000000..8a20769d31a --- /dev/null +++ b/docker/ci/build.sh @@ -0,0 +1,19 @@ +#!/bin/bash -x +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +docker build -t gcr.io/oss-vdb/ci:$1 -t gcr.io/oss-vdb/ci:latest . && \ +gcloud docker -- push gcr.io/oss-vdb/ci:$1 && \ +gcloud docker -- push gcr.io/oss-vdb/ci:latest diff --git a/docker/deployment/build.sh b/docker/deployment/build.sh new file mode 100755 index 00000000000..a240d89c210 --- /dev/null +++ b/docker/deployment/build.sh @@ -0,0 +1,19 @@ +#!/bin/bash -x +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +docker build -t gcr.io/oss-vdb/deployment:$1 -t gcr.io/oss-vdb/deployment:latest . && \ +gcloud docker -- push gcr.io/oss-vdb/deployment:$1 && \ +gcloud docker -- push gcr.io/oss-vdb/deployment:latest diff --git a/gcp/appengine/blog/content/posts/using-the-determineversion-api.md b/gcp/appengine/blog/content/posts/using-the-determineversion-api.md index 17b8c584b77..ade0d969917 100644 --- a/gcp/appengine/blog/content/posts/using-the-determineversion-api.md +++ b/gcp/appengine/blog/content/posts/using-the-determineversion-api.md @@ -115,7 +115,7 @@ And we get a response: { "id": "OSV-2021-777", "summary": "Heap-use-after-free in xmlAddNextSibling", - "details": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34461\n\n```\nCrash type: Heap-use-after-free READ4\nCrashstate:\nxmlAddNextSibling\nxmlXIncludeCopyRange\nxmlXIncludeCopyXPointer\n```\n", + "details": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34461\n\n```\nCrash type: Heap-use-after-free READ4\nCrash state:\nxmlAddNextSibling\nxmlXIncludeCopyRange\nxmlXIncludeCopyXPointer\n```\n", "modified": "2023-05-19T14:06:37.864410Z", "published": "2021-05-20T00:00:30.166614Z", "references": [ @@ -175,7 +175,7 @@ And we get a response: ### Step 5: Consider the response Finally, we consider the response and draw conclusions. - + To be sure we have caught any potential vulnerabilities, we could make further queries for other versions with similar scores. It is our opinion that this is generally unnecessary, but it could be done. In this case, even if the actual version is not `2.11.3`, we can be fairly confident that the vulnerability that we found ([OSV-2021-777](https://osv.dev/vulnerability/OSV-2021-777)) is in our local copy of libxml2. This is because there is overlap between the other likely versions of libxml2 and the versions vulnerable to OSV-2021-777. diff --git a/gcp/appengine/frontend3/package.json b/gcp/appengine/frontend3/package.json index f7ebabbf353..d28d7edf4bb 100644 --- a/gcp/appengine/frontend3/package.json +++ b/gcp/appengine/frontend3/package.json @@ -33,7 +33,7 @@ "sass-loader": "12.6.0", "style-loader": "3.3.3", "webpack": "5.87.0", - "webpack-cli": "^4.10.0", + "webpack-cli": "4.10.0", "webpack-dev-server": "4.15.1" } -} +} \ No newline at end of file