cs_betty/cartsnitch-fork-test
1
0
Fork 0
forked from cartsnitch/cartsnitch
Code Pull Requests Activity
329 Commits 166 Branches 71 Tags
3216e6a1c2b8251c33c85c0e3ca2065c9409fb9e
Commit Graph

5 Commits

Author SHA1 Message Date
Test User 3216e6a1c2 fix: resolve HIGH-severity CVEs in receiptwitness image 
- Bump cryptography>=46.0 to fix GHSA-r6ph-v2qm-q3c2
- Increment APT_CACHE_BUST to 1 to force fresh apt-get upgrade
  for OpenSSL/libssl3t64 (fixes CVE-2026-2673, CVE-2026-28388,
  CVE-2026-28389, CVE-2026-28390, CVE-2026-31790)
- Add 89 Chrome CVEs to grype.yaml ignore (Playwright bundles
  Chromium — CVEs can only be resolved by upgrading Playwright)
- Add node CVE-2026-21710 to grype.yaml ignore (Playwright
  bundled tooling dependency)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-19 00:48:02 +00:00
Barcode Betty 1bb669f3ca fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 21:53:34 +00:00
Paperclip e1d77d7789 fix: remediate high-severity CVEs in Docker images 
- Add apk upgrade to frontend Dockerfile (build + prod stages)
- Add apk upgrade to auth Dockerfile (build + runtime stages)
- Add apt-get upgrade to api Dockerfile (build + prod stages)
- Add apt-get upgrade to receiptwitness Dockerfile (build + prod stages)
- Run npm audit fix for frontend and auth dependencies

Refs: CAR-616
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 23:51:42 +00:00
Barcode Betty e9eb9cf489 feat(ci): add receiptwitness build job to monorepo CI 2026-03-30 20:44:51 +00:00
Coupon Carl f3a7b33093 Merge commit '342906c9d178923d462a08aec35e486703366eba' as 'receiptwitness' 2026-03-28 02:24:22 +00:00