🚀 Geodesic is a DevOps Linux Toolbox in Docker
APACHE-2.0 License
Bot releases are visible (Hide)
Bumps awscli from 1.16.226 to 1.16.230.
Signed-off-by: dependabot-preview[bot] [email protected]
aws-cli
1.16.209 -> 1.16.226ansible
2.7.12 -> 2.8.4Bring in bug and security fixes and new features
PyYAML is pinned to version 3.13 because that is the latest version that awsebcli
supports. This version of PyYAML has a known vulnerability, CVE-2017-18342, summarized as "the yaml.load() API could execute arbitrary code if used with untrusted data."
At the moment, the only tools Geodesic ships with that use PyYAML (as far as we have been able to determine) are awscli
and awsebcli
. (The yq
command included in Geodesic is a golang tool and not the python-yq
that uses PyYAML.)
awscli
says their tool is not affected by the vulnerability: https://github.com/aws/aws-cli/issues/3828
awsebcli
and CVE-2017-18342Users of awsebcli
or who install their own Python packages should take appropriate precautions.
Due to operational errors, the 0.121.0 release was incorrectly published twice, once as 1.121.0 and once as 0.121.0 but pointing to the wrong commit. Users may want to avoid this release in favor of the prior 0.120.4 or next 0.122.0 release to avoid confusion. However, you can verify which version you have by examining these points:
rootfs/usr/local/bin/codefresh-pipeline
while the next release doesPublished by Nuru about 5 years ago
A typo in grafana-db
broke downloading Grafana dashboards from arbitrary URLs.
Fixed in #517
cloudposse/packages
from 0.90.0 to 0.116.0Published by Nuru about 5 years ago
Revert git to v2.20.1 and other tweaks.
See #508 for details.
Published by aknysh about 5 years ago
export TF_MODULE_CACHE=.module
mkdir -p ${TF_MODULE_CACHE}
TFENV_BLACKLIST
if the variable is not already one setFor more, see PR #499
Published by Nuru over 5 years ago