CheckMK-Role merge requestshttps://codebase.helmholtz.cloud/hifis-software-deployment/checkmk-role/-/merge_requests2024-03-28T06:40:44+01:00https://codebase.helmholtz.cloud/hifis-software-deployment/checkmk-role/-/merge_requests/147Chore(deps): bump ansible from 9.1.0 to 9.4.02024-03-28T06:40:44+01:00HIFIS BotChore(deps): bump ansible from 9.1.0 to 9.4.0Bumps [ansible](https://github.com/ansible-community/ansible-build-data) from 9.1.0 to 9.4.0.
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/ansible-community/ansible-build-data/commit/43b27d99608988b1d34516836...Bumps [ansible](https://github.com/ansible-community/ansible-build-data) from 9.1.0 to 9.4.0.
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/ansible-community/ansible-build-data/commit/43b27d99608988b1d345168364a3456623f12ea8"><code>43b27d9</code></a> Ansible 9.4.0: Dependencies, changelog and porting guide (<a href="https://github.com/ansible-community/ansible-build-data/issues/380">#380</a>)</li>
<li><a href="https://github.com/ansible-community/ansible-build-data/commit/de505a1637261e3f0b3a13e7db1db88d0270dfb5"><code>de505a1</code></a> cd ansible-release: include artifact URL in PR body (<a href="https://github.com/ansible-community/ansible-build-data/issues/377">#377</a>)</li>
<li><a href="https://github.com/ansible-community/ansible-build-data/commit/db95db8a068a7ac0e50c10246e7d14f1b9ef68b7"><code>db95db8</code></a> Bump actions/download-artifact from 3 to 4 (<a href="https://github.com/ansible-community/ansible-build-data/issues/370">#370</a>)</li>
<li><a href="https://github.com/ansible-community/ansible-build-data/commit/2f081080b006655f024b913d5932e9615cdfaeac"><code>2f08108</code></a> Bump actions/upload-artifact from 3 to 4 (<a href="https://github.com/ansible-community/ansible-build-data/issues/369">#369</a>)</li>
<li><a href="https://github.com/ansible-community/ansible-build-data/commit/d21223120bd7c7d08251e50c6168c06951cef759"><code>d212231</code></a> Hotfix the workdir in the Git tagging job of the PyPI publishing workflow</li>
<li><a href="https://github.com/ansible-community/ansible-build-data/commit/4ab3017218c366b12a7ff9b9d5cc2bbd33b50d74"><code>4ab3017</code></a> Ansible 9.3.0: Dependencies, changelog and porting guide (<a href="https://github.com/ansible-community/ansible-build-data/issues/375">#375</a>)</li>
<li><a href="https://github.com/ansible-community/ansible-build-data/commit/8e6516288aa29f2568809aa933a6bae26273ced4"><code>8e65162</code></a> Remove purestorage.fusion from Ansible 10 (<a href="https://github.com/ansible-community/ansible-build-data/issues/374">#374</a>)</li>
<li><a href="https://github.com/ansible-community/ansible-build-data/commit/4952ad87b16711141cdf079f3d833f0b1cd66e19"><code>4952ad8</code></a> Deprecate netapp.storagegrid (<a href="https://github.com/ansible-community/ansible-build-data/issues/372">#372</a>)</li>
<li><a href="https://github.com/ansible-community/ansible-build-data/commit/15d59523ce2da44201f6d6708c8cdc4d9de0d539"><code>15d5952</code></a> Generate changelog both as RST and MarkDown (<a href="https://github.com/ansible-community/ansible-build-data/issues/364">#364</a>)</li>
<li><a href="https://github.com/ansible-community/ansible-build-data/commit/68bb47a5ce9924dab00bf1809b34126ef4bd0856"><code>68bb47a</code></a> Bump actions/checkout from 3 to 4 (<a href="https://github.com/ansible-community/ansible-build-data/issues/368">#368</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/ansible-community/ansible-build-data/compare/9.1.0...9.4.0">compare view</a></li>
</ul>
</details>
<br />Huste, TobiasHuste, Tobiashttps://codebase.helmholtz.cloud/hifis-software-deployment/checkmk-role/-/merge_requests/146chore(deps-dev): [security] bump black from 23.12.0 to 24.3.02024-03-21T06:43:45+01:00HIFIS Botchore(deps-dev): [security] bump black from 23.12.0 to 24.3.0Bumps [black](https://github.com/psf/black) from 23.12.0 to 24.3.0. **This update includes a security fix.**
<details>
<summary>Vulnerabilities fixed</summary>
<blockquote>
<p><strong>Black vulnerable to Regular Expression Denial of Serv...Bumps [black](https://github.com/psf/black) from 23.12.0 to 24.3.0. **This update includes a security fix.**
<details>
<summary>Vulnerabilities fixed</summary>
<blockquote>
<p><strong>Black vulnerable to Regular Expression Denial of Service (ReDoS)</strong>
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.</p>
<p>Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.</p>
<p>Patched versions: 24.3.0
Affected versions: >= 0, < 24.3.0</p>
</blockquote>
</details>
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/psf/black/releases">black's releases</a>.</em></p>
<blockquote>
<h2>24.3.0</h2>
<h3>Highlights</h3>
<p>This release is a milestone: it fixes Black's first CVE security vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of leading tab
characters in your docstrings, you are strongly encouraged to upgrade immediately to fix
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.</p>
<p>This release also fixes a bug in Black's AST safety check that allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and higher.</p>
<h3>Stable style</h3>
<ul>
<li>Don't move comments along with delimiters, which could cause crashes (<a href="https://github.com/psf/black/issues/4248">#4248</a>)</li>
<li>Strengthen AST safety check to catch more unsafe changes to strings. Previous versions
of Black would incorrectly format the contents of certain unusual f-strings containing
nested strings with the same quote type. Now, Black will crash on such strings until
support for the new f-string syntax is implemented. (<a href="https://github.com/psf/black/issues/4270">#4270</a>)</li>
<li>Fix a bug where line-ranges exceeding the last code line would not work as expected
(<a href="https://github.com/psf/black/issues/4273">#4273</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Fix catastrophic performance on docstrings that contain large numbers of leading tab
characters. This fixes
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.
(<a href="https://github.com/psf/black/issues/4278">#4278</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Note what happens when <code>--check</code> is used with <code>--quiet</code> (<a href="https://github.com/psf/black/issues/4236">#4236</a>)</li>
</ul>
<h2>24.2.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fixed a bug where comments where mistakenly removed along with redundant parentheses
(<a href="https://github.com/psf/black/issues/4218">#4218</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li>Move the <code>hug_parens_with_braces_and_square_brackets</code> feature to the unstable style
due to an outstanding crash and proposed formatting tweaks (<a href="https://github.com/psf/black/issues/4198">#4198</a>)</li>
<li>Fixed a bug where base expressions caused inconsistent formatting of ** in tenary
expression (<a href="https://github.com/psf/black/issues/4154">#4154</a>)</li>
<li>Checking for newline before adding one on docstring that is almost at the line limit
(<a href="https://github.com/psf/black/issues/4185">#4185</a>)</li>
<li>Remove redundant parentheses in <code>case</code> statement <code>if</code> guards (<a href="https://github.com/psf/black/issues/4214">#4214</a>).</li>
</ul>
<h3>Configuration</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/psf/black/blob/main/CHANGES.md">black's changelog</a>.</em></p>
<blockquote>
<h2>24.3.0</h2>
<h3>Highlights</h3>
<p>This release is a milestone: it fixes Black's first CVE security vulnerability. If you
run Black on untrusted input, or if you habitually put thousands of leading tab
characters in your docstrings, you are strongly encouraged to upgrade immediately to fix
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.</p>
<p>This release also fixes a bug in Black's AST safety check that allowed Black to make
incorrect changes to certain f-strings that are valid in Python 3.12 and higher.</p>
<h3>Stable style</h3>
<ul>
<li>Don't move comments along with delimiters, which could cause crashes (<a href="https://github.com/psf/black/issues/4248">#4248</a>)</li>
<li>Strengthen AST safety check to catch more unsafe changes to strings. Previous versions
of Black would incorrectly format the contents of certain unusual f-strings containing
nested strings with the same quote type. Now, Black will crash on such strings until
support for the new f-string syntax is implemented. (<a href="https://github.com/psf/black/issues/4270">#4270</a>)</li>
<li>Fix a bug where line-ranges exceeding the last code line would not work as expected
(<a href="https://github.com/psf/black/issues/4273">#4273</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Fix catastrophic performance on docstrings that contain large numbers of leading tab
characters. This fixes
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21503">CVE-2024-21503</a>.
(<a href="https://github.com/psf/black/issues/4278">#4278</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Note what happens when <code>--check</code> is used with <code>--quiet</code> (<a href="https://github.com/psf/black/issues/4236">#4236</a>)</li>
</ul>
<h2>24.2.0</h2>
<h3>Stable style</h3>
<ul>
<li>Fixed a bug where comments where mistakenly removed along with redundant parentheses
(<a href="https://github.com/psf/black/issues/4218">#4218</a>)</li>
</ul>
<h3>Preview style</h3>
<ul>
<li>Move the <code>hug_parens_with_braces_and_square_brackets</code> feature to the unstable style
due to an outstanding crash and proposed formatting tweaks (<a href="https://github.com/psf/black/issues/4198">#4198</a>)</li>
<li>Fixed a bug where base expressions caused inconsistent formatting of ** in tenary
expression (<a href="https://github.com/psf/black/issues/4154">#4154</a>)</li>
<li>Checking for newline before adding one on docstring that is almost at the line limit
(<a href="https://github.com/psf/black/issues/4185">#4185</a>)</li>
<li>Remove redundant parentheses in <code>case</code> statement <code>if</code> guards (<a href="https://github.com/psf/black/issues/4214">#4214</a>).</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/psf/black/commit/552baf822992936134cbd31a38f69c8cfe7c0f05"><code>552baf8</code></a> Prepare release 24.3.0 (<a href="https://github.com/psf/black/issues/4279">#4279</a>)</li>
<li><a href="https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8"><code>f000936</code></a> Fix catastrophic performance in lines_with_leading_tabs_expanded() (<a href="https://github.com/psf/black/issues/4278">#4278</a>)</li>
<li><a href="https://github.com/psf/black/commit/7b5a657285f38126bf28483478bbd9ea928077ec"><code>7b5a657</code></a> Fix --line-ranges behavior when ranges are at EOF (<a href="https://github.com/psf/black/issues/4273">#4273</a>)</li>
<li><a href="https://github.com/psf/black/commit/1abcffc81816257985678f08c61584ed4287f22a"><code>1abcffc</code></a> Use regex where we ignore case on windows (<a href="https://github.com/psf/black/issues/4252">#4252</a>)</li>
<li><a href="https://github.com/psf/black/commit/719e67462c80574c81a96faa144886de6da84489"><code>719e674</code></a> Fix 4227: Improve documentation for --quiet --check (<a href="https://github.com/psf/black/issues/4236">#4236</a>)</li>
<li><a href="https://github.com/psf/black/commit/e5510afc06cd238cd0cba4095283943a870a7e7b"><code>e5510af</code></a> update plugin url for Thonny (<a href="https://github.com/psf/black/issues/4259">#4259</a>)</li>
<li><a href="https://github.com/psf/black/commit/6af7d1109693c4ad3af08ecbc34649c232b47a6d"><code>6af7d11</code></a> Fix AST safety check false negative (<a href="https://github.com/psf/black/issues/4270">#4270</a>)</li>
<li><a href="https://github.com/psf/black/commit/f03ee113c9f3dfeb477f2d4247bfb7de2e5f465c"><code>f03ee11</code></a> Ensure <code>blib2to3.pygram</code> is initialized before use (<a href="https://github.com/psf/black/issues/4224">#4224</a>)</li>
<li><a href="https://github.com/psf/black/commit/e4bfedbec2e8b10cc6b7b31442478f05db0ce06d"><code>e4bfedb</code></a> fix: Don't move comments while splitting delimiters (<a href="https://github.com/psf/black/issues/4248">#4248</a>)</li>
<li><a href="https://github.com/psf/black/commit/d0287e1f7558d97e6c0ebd6dc5bcb5b970e2bf8c"><code>d0287e1</code></a> Make trailing comma logic more concise (<a href="https://github.com/psf/black/issues/4202">#4202</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/psf/black/compare/23.12.0...24.3.0">compare view</a></li>
</ul>
</details>
<br />Huste, TobiasHuste, Tobiashttps://codebase.helmholtz.cloud/hifis-software-deployment/checkmk-role/-/merge_requests/145chore(deps-dev): bump ansible-lint from 6.22.1 to 24.2.12024-03-22T06:41:51+01:00HIFIS Botchore(deps-dev): bump ansible-lint from 6.22.1 to 24.2.1Bumps [ansible-lint](https://github.com/ansible/ansible-lint) from 6.22.1 to 24.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/ansible/ansible-lint/releases">ansible-lint's releases</a>.</...Bumps [ansible-lint](https://github.com/ansible/ansible-lint) from 6.22.1 to 24.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/ansible/ansible-lint/releases">ansible-lint's releases</a>.</em></p>
<blockquote>
<h2>v24.2.1</h2>
<h2>Bugfixes</h2>
<ul>
<li>Fix error suppression when syntax is incorrect (<a href="https://github.com/ansible/ansible-lint/issues/4026">#4026</a>) <a href="https://github.com/audgirka"><code>@audgirka</code></a></li>
<li>Set global <code>cache_dir_lock</code> (<a href="https://github.com/ansible/ansible-lint/issues/4055">#4055</a>) <a href="https://github.com/guppy0130"><code>@guppy0130</code></a></li>
<li>[role-name] Handle string role dependencies (<a href="https://github.com/ansible/ansible-lint/issues/4054">#4054</a>) <a href="https://github.com/corubba"><code>@corubba</code></a></li>
<li>Support for upcoming Ubuntu 24.04 and Fedora 40 (<a href="https://github.com/ansible/ansible-lint/issues/4051">#4051</a>) <a href="https://github.com/mafalb"><code>@mafalb</code></a></li>
<li>Update documentation for syntax-check[unknown-module] (<a href="https://github.com/ansible/ansible-lint/issues/4049">#4049</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li>
<li>Add OpenWRT 23.05 to valid versions (<a href="https://github.com/ansible/ansible-lint/issues/4041">#4041</a>) <a href="https://github.com/jonkerj"><code>@jonkerj</code></a></li>
<li>Update task name in <code>notify</code> for a task against <code>name[casing]</code> error (<a href="https://github.com/ansible/ansible-lint/issues/4038">#4038</a>) <a href="https://github.com/audgirka"><code>@audgirka</code></a></li>
<li>accept yum history and info as valid commands (<a href="https://github.com/ansible/ansible-lint/issues/4025">#4025</a>) <a href="https://github.com/konstruktoid"><code>@konstruktoid</code></a></li>
<li>Add attributes for role argument specs (<a href="https://github.com/ansible/ansible-lint/issues/4018">#4018</a>) <a href="https://github.com/felixfontein"><code>@felixfontein</code></a></li>
</ul>
<h2>v24.2.0</h2>
<h2>Minor Changes</h2>
<ul>
<li>Drop support for Python 3.9 (<a href="https://github.com/ansible/ansible-lint/issues/4009">#4009</a>) <a href="https://github.com/audgirka"><code>@audgirka</code></a></li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fix scenario when role has no <code>dependencies</code> section in <code>meta/main.yml</code> (<a href="https://github.com/ansible/ansible-lint/issues/3993">#3993</a>) <a href="https://github.com/audgirka"><code>@audgirka</code></a></li>
</ul>
<h2>v6.22.2</h2>
<h2>Bugfixes</h2>
<ul>
<li>Fix key error for name[casing] rule (<a href="https://github.com/ansible/ansible-lint/issues/3987">#3987</a>) <a href="https://github.com/ajinkyau"><code>@ajinkyau</code></a></li>
<li>Allow dashes in legacy role namespaces (<a href="https://github.com/ansible/ansible-lint/issues/3962">#3962</a>) <a href="https://github.com/sur5r"><code>@sur5r</code></a></li>
<li>Use new ansible-compat verbosity levels (<a href="https://github.com/ansible/ansible-lint/issues/3975">#3975</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li>
<li>Remove dependency on newer requests library (<a href="https://github.com/ansible/ansible-lint/issues/3959">#3959</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li>
<li>Ignore set-property for systemd command (<a href="https://github.com/ansible/ansible-lint/issues/3949">#3949</a>) <a href="https://github.com/alanbbr"><code>@alanbbr</code></a></li>
<li>Correct requires_ansible error message (<a href="https://github.com/ansible/ansible-lint/issues/3954">#3954</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li>
<li>Improve transformation for <code>no-free-form</code> rule (<a href="https://github.com/ansible/ansible-lint/issues/3945">#3945</a>) <a href="https://github.com/ajinkyau"><code>@ajinkyau</code></a></li>
<li>Documentation improvement (<a href="https://github.com/ansible/ansible-lint/issues/3946">#3946</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li>
<li>docs: fix grammatical issue in philosophy Q&A section (<a href="https://github.com/ansible/ansible-lint/issues/3934">#3934</a>) <a href="https://github.com/davidhulick"><code>@davidhulick</code></a></li>
<li>Update supported versions of ansible (<a href="https://github.com/ansible/ansible-lint/issues/3930">#3930</a>) <a href="https://github.com/ajinkyau"><code>@ajinkyau</code></a></li>
<li>Fix backward compatibility (<a href="https://github.com/ansible/ansible-lint/issues/3929">#3929</a>) <a href="https://github.com/McSim85"><code>@McSim85</code></a></li>
<li>Fix auto capitalization for name[prefix] rule (<a href="https://github.com/ansible/ansible-lint/issues/3922">#3922</a>) <a href="https://github.com/ajinkyau"><code>@ajinkyau</code></a></li>
<li>Fix role deps check for detecting path names (<a href="https://github.com/ansible/ansible-lint/issues/3923">#3923</a>) <a href="https://github.com/cavcrosby"><code>@cavcrosby</code></a></li>
<li>Avoid warnings about PATH with pipx installations (<a href="https://github.com/ansible/ansible-lint/issues/3920">#3920</a>) <a href="https://github.com/ssbarnea"><code>@ssbarnea</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/ansible/ansible-lint/commit/ce2ebd7df4486adde693d7a70f0a9cd1814bce35"><code>ce2ebd7</code></a> Fix error suppression when syntax is incorrect (<a href="https://github.com/ansible/ansible-lint/issues/4026">#4026</a>)</li>
<li><a href="https://github.com/ansible/ansible-lint/commit/ee7ede5ee8eb1e595bad193e4ca8ac974e7708bf"><code>ee7ede5</code></a> Bump the dependencies group in /.config with 12 updates (<a href="https://github.com/ansible/ansible-lint/issues/4062">#4062</a>)</li>
<li><a href="https://github.com/ansible/ansible-lint/commit/b35bf7e98f274ce04ca7461266f6614d8cb5bb5b"><code>b35bf7e</code></a> Inherit secrets in ack pipeline (<a href="https://github.com/ansible/ansible-lint/issues/4064">#4064</a>)</li>
<li><a href="https://github.com/ansible/ansible-lint/commit/7d4659b3557a9663d1fa4b8b60299e18d7afad78"><code>7d4659b</code></a> Update CODEOWNERS (<a href="https://github.com/ansible/ansible-lint/issues/4063">#4063</a>)</li>
<li><a href="https://github.com/ansible/ansible-lint/commit/36e2674032ccb6c5f610a1b683c9e8c0b5ec80ab"><code>36e2674</code></a> Set global <code>cache_dir_lock</code> (<a href="https://github.com/ansible/ansible-lint/issues/4055">#4055</a>)</li>
<li><a href="https://github.com/ansible/ansible-lint/commit/6d247c1bd68921c5d94832e1d386e82be2d59516"><code>6d247c1</code></a> [role-name] Handle string role dependencies (<a href="https://github.com/ansible/ansible-lint/issues/4054">#4054</a>)</li>
<li><a href="https://github.com/ansible/ansible-lint/commit/d65aeedabe39693df00f4d4b722f7f4ae87cf90d"><code>d65aeed</code></a> Support for upcoming Ubuntu 24.04 and Fedora 40 (<a href="https://github.com/ansible/ansible-lint/issues/4051">#4051</a>)</li>
<li><a href="https://github.com/ansible/ansible-lint/commit/f7b204d26e4d677661a0c9352b65b082e26aa8e1"><code>f7b204d</code></a> Fix docs build (<a href="https://github.com/ansible/ansible-lint/issues/4058">#4058</a>)</li>
<li><a href="https://github.com/ansible/ansible-lint/commit/cb9d760cf0fca236835d87199b4e6888776dcd69"><code>cb9d760</code></a> Bump the dependencies group in /.config with 15 updates (<a href="https://github.com/ansible/ansible-lint/issues/4050">#4050</a>)</li>
<li><a href="https://github.com/ansible/ansible-lint/commit/efeda675d142f8c97a4e4c34f2a2516f8abb784c"><code>efeda67</code></a> Update documentation for syntax-check[unknown-module] (<a href="https://github.com/ansible/ansible-lint/issues/4049">#4049</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/ansible/ansible-lint/compare/v6.22.1...v24.2.1">compare view</a></li>
</ul>
</details>
<br />Huste, TobiasHuste, Tobiashttps://codebase.helmholtz.cloud/hifis-software-deployment/checkmk-role/-/merge_requests/143chore(deps): [security] bump cryptography from 41.0.7 to 42.0.42024-03-26T06:42:16+01:00HIFIS Botchore(deps): [security] bump cryptography from 41.0.7 to 42.0.4Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.7 to 42.0.4. **This update includes security fixes.**
<details>
<summary>Vulnerabilities fixed</summary>
<blockquote>
<p><strong>Python Cryptography package vulnerable ...Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.7 to 42.0.4. **This update includes security fixes.**
<details>
<summary>Vulnerabilities fixed</summary>
<blockquote>
<p><strong>Python Cryptography package vulnerable to Bleichenbacher timing oracle attack</strong>
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.</p>
<p>Patched versions: 42.0.0
Affected versions: < 42.0.0</p>
</blockquote>
<blockquote>
<p><strong>Null pointer dereference in PKCS12 parsing</strong>
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL
to crash leading to a potential Denial of Service attack</p>
<p>Impact summary: Applications loading files in the PKCS12 format from untrusted
sources might terminate abruptly.</p>
<p>A file in PKCS12 format can contain certificates and keys and may come from an
untrusted source. The PKCS12 specification allows certain fields to be NULL, but
OpenSSL does not correctly check for this case. This can lead to a NULL pointer
dereference that results in OpenSSL crashing. If an application processes PKCS12
files from an untrusted source using the OpenSSL APIs then that application will
be vulnerable to this issue.</p>
<p>OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().</p>
<p>We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
function is related to writing data we do not consider it security significant.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
<blockquote>
<p>Patched versions: 42.0.2
Affected versions: < 42.0.2</p>
</blockquote>
<blockquote>
<p><strong>cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override</strong>
If <code>pkcs12.serialize_key_and_certificates</code> is called with both:</p>
<ol>
<li>A certificate whose public key did not match the provided private key</li>
<li>An <code>encryption_algorithm</code> with <code>hmac_hash</code> set (via <code>PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)</code></li>
</ol>
<p>Then a NULL pointer dereference would occur, crashing the Python process.</p>
<p>This has been resolved, and now a <code>ValueError</code> is properly raised.</p>
<p>Patched in <a href="https://github.com/pyca/cryptography/pull/10423">pyca/cryptography#10423</a></p>
<p>Patched versions: 42.0.4
Affected versions: >= 38.0.0, < 42.0.4</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p>
<blockquote>
<p>42.0.4 - 2024-02-20</p>
<pre><code>
* Fixed a null-pointer-dereference and segfault that could occur when creating
a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
definitions in :rfc:`2633` :rfc:`3370`.
<p>.. _v42-0-3:</p>
<p>42.0.3 - 2024-02-15
</code></pre></p>
<ul>
<li>Fixed an initialization issue that caused key loading failures for some
users.</li>
</ul>
<p>.. _v42-0-2:</p>
<p>42.0.2 - 2024-01-30</p>
<pre><code>
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
``X25519PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
``X448PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
and ``DHPrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
<p>.. _v42-0-1:</p>
<p>42.0.1 - 2024-01-24
</code></pre></p>
<ul>
<li>Fixed an issue with incorrect keyword-argument naming with <code>EllipticCurvePrivateKey</code>
:meth:<code>~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign</code>.</li>
<li>Resolved compatibility issue with loading certain RSA public keys in
:func:<code>~cryptography.hazmat.primitives.serialization.load_pem_public_key</code>.</li>
</ul>
<p>.. _v42-0-0:</p>
<p>42.0.0 - 2024-01-22</p>
<pre><code>
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pyca/cryptography/commit/fe18470f7d05f963e7267e34fdf985d81ea6ceea"><code>fe18470</code></a> Bump for 42.0.4 release (<a href="https://github.com/pyca/cryptography/issues/10445">#10445</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/aaa2dd06ed470695de818405a982d4c459869803"><code>aaa2dd0</code></a> Fix ASN.1 issues in PKCS#7 and S/MIME signing (<a href="https://github.com/pyca/cryptography/issues/10373">#10373</a>) (<a href="https://github.com/pyca/cryptography/issues/10442">#10442</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/7a4d012991061974da5d9cb7614de65eac94f49b"><code>7a4d012</code></a> Fixes <a href="https://github.com/pyca/cryptography/issues/10422">#10422</a> -- don't crash when a PKCS#12 key and cert don't match (<a href="https://github.com/pyca/cryptography/issues/10423">#10423</a>) ...</li>
<li><a href="https://github.com/pyca/cryptography/commit/df314bb182bdfd661333969a94325e4680d785f6"><code>df314bb</code></a> backport actions m1 switch to 42.0.x (<a href="https://github.com/pyca/cryptography/issues/10415">#10415</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/c49a7a5271178c6e8ef36fa1c499f62c63ec19b9"><code>c49a7a5</code></a> changelog and version bump for 42.0.3 (<a href="https://github.com/pyca/cryptography/issues/10396">#10396</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/396bcf64c5be826ec00e7d7f45838c858c049cbc"><code>396bcf6</code></a> fix provider loading take two (<a href="https://github.com/pyca/cryptography/issues/10390">#10390</a>) (<a href="https://github.com/pyca/cryptography/issues/10395">#10395</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/0e0e46f5f73f477b8ee9682738c42129d5d60177"><code>0e0e46f</code></a> backport: initialize openssl's legacy provider in rust (<a href="https://github.com/pyca/cryptography/issues/10323">#10323</a>) (<a href="https://github.com/pyca/cryptography/issues/10333">#10333</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/2202123b50de1b8788f909a3e5afe350c56ad81e"><code>2202123</code></a> changelog and version bump 42.0.2 (<a href="https://github.com/pyca/cryptography/issues/10268">#10268</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/f7032bdd409838f67fc2b93343f897fb5f397d80"><code>f7032bd</code></a> bump openssl in CI (<a href="https://github.com/pyca/cryptography/issues/10298">#10298</a>) (<a href="https://github.com/pyca/cryptography/issues/10299">#10299</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/002e886f16d8857151c09b11dc86b35f2ac9aec3"><code>002e886</code></a> Fixes <a href="https://github.com/pyca/cryptography/issues/10294">#10294</a> -- correct accidental change to exchange kwarg (<a href="https://github.com/pyca/cryptography/issues/10295">#10295</a>) (<a href="https://github.com/pyca/cryptography/issues/10296">#10296</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pyca/cryptography/compare/41.0.7...42.0.4">compare view</a></li>
</ul>
</details>
<br />Huste, TobiasHuste, Tobiashttps://codebase.helmholtz.cloud/hifis-software-deployment/checkmk-role/-/merge_requests/141chore(deps-dev): bump yamllint from 1.33.0 to 1.35.12024-03-22T06:41:16+01:00HIFIS Botchore(deps-dev): bump yamllint from 1.33.0 to 1.35.1Bumps [yamllint](https://github.com/adrienverge/yamllint) from 1.33.0 to 1.35.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/adrienverge/yamllint/blob/master/CHANGELOG.rst">yamllint's changelog<...Bumps [yamllint](https://github.com/adrienverge/yamllint) from 1.33.0 to 1.35.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/adrienverge/yamllint/blob/master/CHANGELOG.rst">yamllint's changelog</a>.</em></p>
<blockquote>
<h2>1.35.1 (2024-02-16)</h2>
<ul>
<li>Restore ignoration of files passed as command-line arguments</li>
<li>Revert API change from version 1.35.0</li>
</ul>
<h2>1.35.0 (2024-02-15)</h2>
<ul>
<li>Fix failure on broken symlinks that should be ignored</li>
<li>API change: <code>linter.run(stream, config)</code> doesn't filter files anymore</li>
<li>Docs: Restore official Read the Docs theme</li>
</ul>
<h2>1.34.0 (2024-02-06)</h2>
<ul>
<li>Config: validate <code>ignore-from-file</code> inside rules</li>
<li>Rule <code>quoted-strings</code>: fix <code>only-when-needed</code> in flow maps and sequences</li>
<li>Rule <code>key-duplicates</code>: add <code>forbid-duplicated-merge-keys</code> option</li>
<li>Rule <code>quoted-strings</code>: add <code>check-keys</code> option</li>
<li>Docs: add GitLab CI example</li>
<li>Rule <code>truthy</code>: adapt forbidden values based on YAML version</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/adrienverge/yamllint/commit/81e9f98ffd059efe8aa9c1b1a42e5cce61b640c6"><code>81e9f98</code></a> yamllint version 1.35.1</li>
<li><a href="https://github.com/adrienverge/yamllint/commit/9235c684960c35db19dc67800d0998869e3ed229"><code>9235c68</code></a> cli: Restore ignoration of files passed as command-line arguments</li>
<li><a href="https://github.com/adrienverge/yamllint/commit/3a13803fb091b39c46ff9dfb46d0753b8a2bd77a"><code>3a13803</code></a> yamllint version 1.35.0</li>
<li><a href="https://github.com/adrienverge/yamllint/commit/23443803539bdfc6ca2b35101cc8beb04fb184c1"><code>2344380</code></a> cli: Cleanly skip broken symlinks that are ignored</li>
<li><a href="https://github.com/adrienverge/yamllint/commit/f66855bf2d73357047118de68ce8224297c3ef5a"><code>f66855b</code></a> build: Restore official Read the Docs theme</li>
<li><a href="https://github.com/adrienverge/yamllint/commit/dd99a1c965b56027e9773442f41d3c58cc53c690"><code>dd99a1c</code></a> yamllint version 1.34.0</li>
<li><a href="https://github.com/adrienverge/yamllint/commit/01df5bf038ed4df3170477aab5ec8949d9bc8260"><code>01df5bf</code></a> truthy: Adapt forbidden values based on YAML version</li>
<li><a href="https://github.com/adrienverge/yamllint/commit/9931ad699ce2be71286bca0b991c8b3427ef6d40"><code>9931ad6</code></a> Undo ruff changes that conflict with flake8</li>
<li><a href="https://github.com/adrienverge/yamllint/commit/57d26917136ae237b2e142e515b1ee06bfc92f91"><code>57d2691</code></a> Revert replacement of flake8 with ruff</li>
<li><a href="https://github.com/adrienverge/yamllint/commit/3cb3a2038569370a2e44bcda28a378dac96c6c10"><code>3cb3a20</code></a> build: enable pygrep-hooks in ruff</li>
<li>Additional commits viewable in <a href="https://github.com/adrienverge/yamllint/compare/v1.33.0...v1.35.1">compare view</a></li>
</ul>
</details>
<br />Huste, TobiasHuste, Tobiashttps://codebase.helmholtz.cloud/hifis-software-deployment/checkmk-role/-/merge_requests/108chore(deps): update python docker tag to v3.122023-10-03T04:55:29+02:00Renovate Botchore(deps): update python docker tag to v3.12This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| python | image | minor | `3.11` -> `3.12` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), A...This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| python | image | minor | `3.11` -> `3.12` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this MR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box
---
This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi45Ny4zIiwidXBkYXRlZEluVmVyIjoiMzYuOTcuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->