Merge pull request #70 from sanjay-reddy-kandi/main

tbelmega · web-flow · commit 596e7a97e066 · 2024-07-18T12:01:09.000-04:00
release/v2.6.6
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,17 @@
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.6.6] - 2024-07
+### Fixed
+- Updated the base python image in the Dockerfile used to mitigate [CVE-2023-50387](https://security-tracker.debian.org/tracker/CVE-2023-50387), [CVE-2023-5678](https://security-tracker.debian.org/tracker/CVE-2023-5678), [CVE-2024-0727](https://security-tracker.debian.org/tracker/CVE-2024-0727), [CVE-2023-6129](https://security-tracker.debian.org/tracker/CVE-2023-6129) and several low severity vulnerabilities
+- Updated braces to mitigate [CVE-2024-4068](https://nvd.nist.gov/vuln/detail/CVE-2024-4068).
+- Updated IDNA to mitigate [CVE-2024-3651](https://nvd.nist.gov/vuln/detail/CVE-2024-3651).
+- Updated urllib3 to mitigate [CVE-2024-37891](https://nvd.nist.gov/vuln/detail/CVE-2024-37891).
+- Updated setuptools to mitigate [CVE-2024-6345](https://nvd.nist.gov/vuln/detail/CVE-2024-6345).
+- Updated requests to mitigate [CVE-2024-35195](https://nvd.nist.gov/vuln/detail/CVE-2024-35195).
+- Updated Certifi to mitigate [CVE-2024-39689](https://nvd.nist.gov/vuln/detail/CVE-2024-39689).
+- Updated boto3, botocore, s3transfer to resolve conflicting dependencies.
+
 ## [2.6.5] - 2024-02
 ### Fixed
 - Updated the base python image in the Dockerfile used to mitigate [CVE-2023-47038](https://security-tracker.debian.org/tracker/CVE-2023-47038).
diff --git a/source/Dockerfile b/source/Dockerfile
@@ -1,4 +1,4 @@
-FROM public.ecr.aws/docker/library/python:3.12.2-slim-bookworm
+FROM public.ecr.aws/docker/library/python:3.12.4-slim-bookworm
 COPY workspaces_app /workspaces_app
 
 WORKDIR /workspaces_app
diff --git a/source/package-lock.json b/source/package-lock.json
diff --git a/source/package.json b/source/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cost-optimizer-for-amazon-workspaces",
-  "version": "2.6.5",
+  "version": "2.6.6",
   "description": "Cost Optimizer for Amazon Workspaces (SO0018)",
   "license": "Apache-2.0",
   "repository": {
@@ -15,10 +15,10 @@
     "test": "jest --coverage",
     "license-report": "license-report --output=csv --delimiter=' under ' --fields=name --fields=licenseType",
     "cdk": "cdk",
-    "bootstrap": "SOLUTION_VERSION=v2.6.5 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces cdk bootstrap",
-    "deploy": "SOLUTION_VERSION=v2.6.5 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces cdk deploy cost-optimizer-for-amazon-workspaces",
-    "deploySpoke": "SOLUTION_VERSION=v2.6.5 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces cdk deploy cost-optimizer-for-amazon-workspaces-spoke",
-    "synth": "SOLUTION_VERSION=v2.6.5 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces DIST_OUTPUT_BUCKET=solutions-reference cdk synth"
+    "bootstrap": "SOLUTION_VERSION=v2.6.6 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces cdk bootstrap",
+    "deploy": "SOLUTION_VERSION=v2.6.6 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces cdk deploy cost-optimizer-for-amazon-workspaces",
+    "deploySpoke": "SOLUTION_VERSION=v2.6.6 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces cdk deploy cost-optimizer-for-amazon-workspaces-spoke",
+    "synth": "SOLUTION_VERSION=v2.6.6 SOLUTION_NAME=cost-optimizer-for-amazon-workspaces SOLUTION_TRADEMARKEDNAME=cost-optimizer-for-amazon-workspaces DIST_OUTPUT_BUCKET=solutions-reference cdk synth"
   },
   "devDependencies": {
     "@aws-cdk/assert": "2.68.0",
diff --git a/source/testing_requirements.txt b/source/testing_requirements.txt
@@ -1,21 +1,21 @@
 pytest>=7.2.0
 pytest-mock==3.10.0
 coverage==7.2.0
-requests==2.31.0
-boto3==1.28.68
+requests==2.32.0
+boto3==1.34.144
 attrs==v23.1.0
-botocore==1.31.68
-certifi==2023.7.22
+botocore==1.34.144
+certifi==2024.07.04
 charset-normalizer==2.1.1
-idna==3.4
+idna==3.7
 iniconfig==2.0.0
 jmespath==1.0.1
 packaging==23.0
 pluggy==1.0.0
 pyparsing==3.0.9
 python-dateutil==2.8.2
-s3transfer==0.7.0
+s3transfer==0.10.2
 six==1.16.0
 tomli==2.0.1
-urllib3==2.0.7
+urllib3==2.2.2
 freezegun==1.2.2
diff --git a/source/workspaces_app/requirements.txt b/source/workspaces_app/requirements.txt
@@ -1,11 +1,11 @@
-boto3==1.28.68
-botocore==1.31.68
-certifi==2023.7.22
+boto3==1.34.144
+botocore==1.34.144
+certifi==2024.07.04
 charset-normalizer==2.1.1
-idna==3.4
+idna==3.7
 jmespath==1.0.1
 python-dateutil==2.8.2
-requests==2.31.0
-s3transfer==0.7.0
+requests==2.32.0
+s3transfer==0.10.2
 six==1.16.0
-urllib3==2.0.7
+urllib3==2.2.2
diff --git a/source/workspaces_app/setup_requirements.txt b/source/workspaces_app/setup_requirements.txt
@@ -1,2 +1,2 @@
 pip==24.0
-setuptools==68.2.0
+setuptools==70.0.0

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM public.ecr.aws/docker/library/python:3.12.2-slim-bookworm`
	`1`	`+FROM public.ecr.aws/docker/library/python:3.12.4-slim-bookworm`
`2`	`2`	`COPY workspaces_app /workspaces_app`
`3`	`3`
`4`	`4`	`WORKDIR /workspaces_app`
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`pip==24.0`
`2`		`-setuptools==68.2.0`
	`2`	`+setuptools==70.0.0`