Skip to content

Commit 33df251

Browse files
grotagrota
authored
Merge pull request #23 from sparkfabrik/install_djlint
refs #000: install djlint
2 parents 4172aa7 + 66ba8d9 commit 33df251

File tree

2 files changed

+28
-26
lines changed

2 files changed

+28
-26
lines changed

Dockerfile

+3-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
FROM composer:2.3.5
22
RUN apk add --no-cache \
3-
build-base libxslt-dev libxml2-dev libgcrypt-dev git unzip wget curl libpng-dev && \
3+
build-base libxslt-dev libxml2-dev libgcrypt-dev git unzip wget curl libpng-dev py3-pip && \
44
docker-php-ext-install xml xsl gd
55

66
WORKDIR /app
@@ -10,3 +10,5 @@ COPY composer* ./
1010
RUN composer install --ignore-platform-reqs -v --no-interaction --prefer-dist --no-progress
1111

1212
COPY . ./
13+
14+
RUN pip install djlint --root-user-action=ignore

tests/expected_reports/security-checker.html

+25-25
Original file line numberDiff line numberDiff line change
@@ -19,69 +19,69 @@ <h1>security-checker</h1>
1919
* CVE-2022-41343: Remote file inclusion
2020
https://github.com/advisories/GHSA-6x28-7h8c-chx4
2121

22-
* CVE-2023-23924: Dompdf vulnerable to URI validation failure on SVG parsing
23-
https://github.com/advisories/GHSA-3cw5-7cxw-v5qg
24-
25-
* CVE-2014-5013: Remote Code Execution (complement of CVE-2014-2383)
26-
https://github.com/dompdf/dompdf/releases/tag/v0.6.2
22+
* CVE-2022-0085: Server-Side Request Forgery in dompdf/dompdf
23+
https://github.com/advisories/GHSA-pf6p-25r2-fx45
2724

2825
* CVE-2014-5012: Denial Of Service Vector
2926
https://github.com/dompdf/dompdf/releases/tag/v0.6.2
3027

3128
* CVE-2014-5011: Information Disclosure
3229
https://github.com/dompdf/dompdf/releases/tag/v0.6.2
3330

34-
* CVE-2022-0085: Server-Side Request Forgery in dompdf/dompdf
35-
https://github.com/advisories/GHSA-pf6p-25r2-fx45
31+
* CVE-2023-23924: Dompdf vulnerable to URI validation failure on SVG parsing
32+
https://github.com/advisories/GHSA-3cw5-7cxw-v5qg
33+
34+
* CVE-2014-5013: Remote Code Execution (complement of CVE-2014-2383)
35+
https://github.com/dompdf/dompdf/releases/tag/v0.6.2
3636

3737
drupal/core (8.9.13)
3838
--------------------
3939

40-
* CVE-2021-33829: Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003
41-
https://www.drupal.org/sa-core-2021-003
42-
43-
* CVE-2022-25277: Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
44-
https://www.drupal.org/sa-core-2022-014
40+
* CVE-2022-25278: Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
41+
https://www.drupal.org/sa-core-2022-013
4542

4643
* CVE-2020-13672: Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002
4744
https://www.drupal.org/sa-core-2021-002
4845

4946
* Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005
5047
https://www.drupal.org/sa-core-2021-005
5148

52-
* CVE-2022-25278: Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
53-
https://www.drupal.org/sa-core-2022-013
49+
* CVE-2022-25277: Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
50+
https://www.drupal.org/sa-core-2022-014
51+
52+
* CVE-2021-33829: Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003
53+
https://www.drupal.org/sa-core-2021-003
5454

5555
* CVE-2022-25275: Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
5656
https://www.drupal.org/sa-core-2022-012
5757

5858
guzzlehttp/guzzle (6.5.4)
5959
-------------------------
6060

61-
* CVE-2022-31091: Change in port should be considered a change in origin
62-
https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699
61+
* CVE-2022-31090: CURLOPT_HTTPAUTH option not cleared on change of origin
62+
https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
63+
64+
* CVE-2022-31042: Failure to strip the Cookie header on change in host or HTTP downgrade
65+
https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
6366

6467
* CVE-2022-29248: Cross-domain cookie leakage
6568
https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
6669

70+
* CVE-2022-31091: Change in port should be considered a change in origin
71+
https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699
72+
6773
* CVE-2022-31043: Fix failure to strip Authorization header on HTTP downgrade
6874
https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
6975

70-
* CVE-2022-31042: Failure to strip the Cookie header on change in host or HTTP downgrade
71-
https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
72-
73-
* CVE-2022-31090: CURLOPT_HTTPAUTH option not cleared on change of origin
74-
https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
75-
7676
guzzlehttp/psr7 (1.6.1)
7777
-----------------------
7878

79-
* CVE-2023-29197: Improper header validation
80-
https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw
81-
8279
* CVE-2022-24775: Inproper parsing of HTTP headers
8380
https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
8481

82+
* CVE-2023-29197: Improper header validation
83+
https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw
84+
8585
laminas/laminas-diactoros (1.8.7p2)
8686
-----------------------------------
8787

0 commit comments

Comments
 (0)