Skip to content

Commit 50c6ac0

Browse files
everettraveneverettraven
authored
(fix): (ansible): temporarily ignore CVEs (#6471)
until we can properly resolve them by bumping the ansible version used in the base images. This will allow us to continue building base images for new releases in the meantime. Signed-off-by: Bryce Palmer <[email protected]>
1 parent f8f9819 commit 50c6ac0

File tree

2 files changed

+4
-2
lines changed

2 files changed

+4
-2
lines changed

images/ansible-operator-2.11-preview/base.Dockerfile

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,13 +27,14 @@ ENV PIP_NO_CACHE_DIR=1 \
2727
# Ensure fresh metadata rather than cached metadata, install system and pip python deps,
2828
# and remove those not needed at runtime.
2929
# pip3~=21.1 fixes a vulnerability described in https://github.com/pypa/pip/pull/9827.
30+
# TODO(everettraven): Revert all the CVE ignoring after the ansible version has been bumped.
3031
RUN set -e && yum clean all && rm -rf /var/cache/yum/* \
3132
&& yum update -y \
3233
&& yum install -y libffi-devel openssl-devel python38-devel gcc python38-pip python38-setuptools \
3334
&& pip3 install --upgrade pip~=21.1.0 \
3435
&& pip3 install pipenv==2022.1.8 \
3536
&& pipenv install --deploy \
36-
&& pipenv check -i 45114 -i 53304 -i 53303 -i 53302 -i 53299 -i 53298 -i 53301 -i 53306 -i 53307 -i 53305 -i 53048 \
37+
&& pipenv check -i 45114 -i 53304 -i 53303 -i 53302 -i 53299 -i 53298 -i 53301 -i 53306 -i 53307 -i 53305 -i 53048 -i 54468 -i 58755 \
3738
&& yum remove -y gcc libffi-devel openssl-devel python38-devel \
3839
&& yum clean all \
3940
&& rm -rf /var/cache/yum

images/ansible-operator/base.Dockerfile

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,13 +27,14 @@ ENV PIP_NO_CACHE_DIR=1 \
2727
# Ensure fresh metadata rather than cached metadata, install system and pip python deps,
2828
# and remove those not needed at runtime.
2929
# pip3~=21.1 fixes a vulnerability described in https://github.com/pypa/pip/pull/9827.
30+
# TODO(everettraven): Revert all the CVE ignoring after the ansible version has been bumped.
3031
RUN set -e && yum clean all && rm -rf /var/cache/yum/* \
3132
&& yum update -y \
3233
&& yum install -y libffi-devel openssl-devel python38-devel gcc python38-pip python38-setuptools \
3334
&& pip3 install --upgrade pip~=21.1.0 \
3435
&& pip3 install pipenv==2022.1.8 \
3536
&& pipenv install --deploy \
36-
&& pipenv check -i 42926 -i 42923 -i 45114 -i 53304 -i 53303 -i 53302 -i 53299 -i 53298 -i 53301 -i 53306 -i 53307 -i 53305 -i 53048 \
37+
&& pipenv check -i 42926 -i 42923 -i 45114 -i 53304 -i 53303 -i 53302 -i 53299 -i 53298 -i 53301 -i 53306 -i 53307 -i 53305 -i 53048 -i 54230 -i 54229 -i 54219 -i 54564 -i 54468 -i 54466 -i 54467 -i 58755 \
3738
&& yum remove -y gcc libffi-devel openssl-devel python38-devel \
3839
&& yum clean all \
3940
&& rm -rf /var/cache/yum

0 commit comments

Comments
 (0)