Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE] Removed the netaddr gem #535

Merged
merged 2 commits into from
Nov 2, 2023
Merged

[CVE] Removed the netaddr gem #535

merged 2 commits into from
Nov 2, 2023

Conversation

ashiqueps
Copy link
Contributor

Description

As part of the workstation release readiness checks, found that the netaddr v1.5.3 has a critical vulnerability(CVE-2019-17383). The solution was to upgrade that to 2.x, but the usage of the netaddr gem in this repo was to do CIDR operations. But version 2.x doesn't support the CIDR operation and we had to do that manually. This PR removed the netaddr gem, since that is not needed anymore and updated the CIDR code to handle manually.

Related Issue

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Chore (non-breaking change that does not add functionality or fix an issue)

Checklist:

  • I have read the CONTRIBUTING document.
  • I have run the pre-merge tests locally and they pass.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • If Gemfile.lock has changed, I have used --conservative to do it and included the full output in the Description above.
  • All new and existing tests passed.
  • All commits have been signed-off for the Developer Certificate of Origin.

@ashiqueps
Removed the netaddr gem
7b574c5 
Signed-off-by: Ashique Saidalavi <[email protected]>
@ashiqueps ashiqueps requested review from a team as code owners October 25, 2023 08:00
@ashiqueps
Removed ruby 2.7 and 3.0
80bbc49 
Signed-off-by: Ashique Saidalavi <[email protected]>
@sonarcloud
Copy link

sonarcloud bot commented Oct 25, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@ashiqueps ashiqueps added the Expeditor: Bump Version Minor Used by github.minor_bump_labels to bump the Minor version number. label Oct 25, 2023
@ashiqueps ashiqueps merged commit a7941c5 into main Nov 2, 2023
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikhil2611 nikhil2611 nikhil2611 approved these changes

Assignees
No one assigned
Labels
Expeditor: Bump Version Minor Used by github.minor_bump_labels to bump the Minor version number.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ashiqueps @nikhil2611