Check logs Sprint 25.1 Week 2

[cnlucas]

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: #5820

• Check booting workers
• Check memory usage
• Make new tickets for sprint 25.2 weeks 1 and 2
  (Note: Copy above links in a browser to view the metrics)

[pkfec]

Following vulnerabilities are flagged using snyk cli and not from synk dashboard. More on snyk dashboard discrepancies on slack thread here :

FEC-CMS: 5
package.json: 2
[Snyk Medium dompurify Template Injection] (fecgov/fec-cms#6206)

requirements.txt: 4
[Snyk Medium - django@4.2.10 Regular Expression Denial of Service (ReDoS)] (fecgov/fec-cms#6268)
[Snyk Medium - requests@requests@2.31.0 Always-Incorrect Control Flow Implementation] (fecgov/fec-cms#6285)
[Snyk Medium - jinja2@3.1.3 Cross-site Scripting (XSS)] (fecgov/fec-cms#6250)
[Snyk Medium - setuptools@65.5.0 Regular Expression Denial of Service (ReDoS)] (fecgov/fec-cms#6269)

openFEC: 2
flyway: 0
package.json: 0
requirements.txt: 2
[Snyk Low] - Log Injection in flask-cors@3.0.10
[Snyk Medium] - requests Always-Incorrect Control Flow Implementation](#5845)

FEC-EREGS: This git repo is archived on May 22, 2024 and is this project is deleted from snyk dashboard as well.

FEC-PATTERN-LIBRARY: None
package.json: 0

Search logs:
In Kibana: No "User changes" found in the past week.
Deployer accounts from cloud.gov dashboard: 10