Updates 23092022 (#83)

* Package updates 23-09-2022

* Bump version: 1.1.11 → 1.1.12

* Update the python image

A vulnerability has been detected in the current image, therefore updating the image to the latest one in hope that it would fix this.

* Update the vulnerabilities exceptions list

The image update did not fix the issue, the vulnerability applies to XML so does not affect us, adding it to the exception list.

* Update dependencies 28/09/2022

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.1.11
+current_version = 1.1.12
 commit = True
 tag = False
 message = Bump version: {current_version} → {new_version}

.github/containerscan/allowedlist.yaml

@@ -1,4 +1,3 @@
 general:
   vulnerabilities:
-  - CVE-2022-37434
-  - CVE-2021-46828
+  - CVE-2022-40674

.github/workflows/release.yml

@@ -6,7 +6,7 @@ on:
   workflow_dispatch:
 
 env:
-  VERSION: 1.1.11
+  VERSION: 1.1.12
 
 jobs:
   release:

Dockerfile

@@ -1,12 +1,12 @@
-FROM python:3.10.6-alpine3.16 as builder
+FROM python:3.10.7-alpine3.16 as builder
 
 COPY . /build
 
 WORKDIR /build
 
 RUN python -m venv /venv && /venv/bin/pip --no-cache-dir install .
 
-FROM python:3.10.5-alpine3.16
+FROM python:3.10.7-alpine3.16
 
 RUN addgroup exporter && adduser --system --no-create-home --shell /bin/false --ingroup exporter exporter
 USER exporter

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "vault-assessment-prometheus-exporter"
-version = "1.1.11"
+version = "1.1.12"
 description = "Prometheus exporter to monitor custom metadata for KV2 secrets for (self-imposed) expiration."
 authors = ["Eugene Davis <eugene.davis@tomtom.com>"]
 readme = "README.md"