chef-server
chef-server copied to clipboard
chef
Upgrading to node.js 14.21.3 in oc-id
Description
Upgrading current node.js version 4.18.1 to 14.23.3 to address CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936 and CVE-2023-24807. oc-id component of Infra Server embedded in Chef Automate(4.12.69) has these vulnerabilities. [Please describe what this change achieves] Upgrading plan.sh of oc-id to consume node14 hab package to resolve these vulnerabilities.
Tested this change in oc-id embeded Chef Automate in the following environments:
- Non air-gapped installation of automate HA
- On-prem deployment with Chef-managed database
- AWS deployment with Chef-managed database
Issues Resolved
[List any existing issues this PR resolves, or any Discourse or StackOverflow discussions that are relevant]
Check List
- [ ] New functionality includes tests
- [ ] All buildkite tests pass
- [ ] Full omnibus build and tests in buildkite pass
- [ ] All commits have been signed-off for the Developer Certificate of Origin. See https://github.com/chef/chef/blob/main/CONTRIBUTING.md#developer-certification-of-origin-dco
- [ ] PR title is a worthy inclusion in the CHANGELOG
Deploy Preview for chef-server processing.
| Name | Link |
|---|---|
| Latest commit | 4fc5b5fd73266033effc9f99fb9c66c8e69c7056 |
| Latest deploy log | https://app.netlify.com/sites/chef-server/deploys/66bb24829837ad0008b814b1 |
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
SonarQube Quality Gate
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
No Duplication information
![sonarqube-for-infrastructure-prod[bot] avatar](https://avatars.githubusercontent.com/in/285599?v=4 "Published by a pub.dev verified publisher"){kind=small}
Have you tested the omnibus and hab build? @saghoshprogress Yes, here are the successful omnibus and hab builds: https://buildkite.com/chef/chef-chef-server-main-omnibus-adhoc/builds/6355#_ https://buildkite.com/chef/chef-chef-server-main-habitat-build/builds/1176#_
@RoyShravani As discussed, Please create a PR in automate also to verify the chef-server private pipeline status with the habitat oc-id new tag. you can find the tags in the pipline: https://buildkite.com/chef/chef-chef-server-main-habitat-build/builds/1176#_
@jashaik created a PR in automate :https://github.com/chef/automate/pull/8478 the automate verify-private pipeline are green ocid : https://buildkite.com/chef/chef-automate-main-verify-private/builds/34915#0190988c-a18b-4541-a09b-bc508c6fb098 ocid config patch: https://buildkite.com/chef/chef-automate-main-verify-private/builds/34915#0190981f-7361-49c0-8b2c-0b1831609312
chef-server builds: https://buildkite.com/chef/chef-automate-main-verify-private/builds/34915#0190988c-9027-4fed-a00c-41dcd961c718 chef-server only: https://buildkite.com/chef/chef-automate-main-verify-private/builds/34915#0190981f-7337-483f-bf2b-1d936196b15f ha chef server: https://buildkite.com/chef/chef-automate-main-verify-private/builds/34915#01909afd-ec29-4a79-91da-2aacacdedc63
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud