8000 Update dependencies by matheusfm · Pull Request #329 · undistro/zora · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Update dependencies #329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Feb 24, 2025
Merged

Update dependencies #329

merged 7 commits into from
Feb 24, 2025

Conversation

matheusfm
Copy link
Contributor

Description

This PR bumps dependencies and updates the vulnerability report from this

trivy image --scanners vuln ghcr.io/undistro/zora/operator:v0.10.3
2025-02-19T17:27:03-03:00	INFO	[vuln] Vulnerability scanning is enabled
2025-02-19T17:27:04-03:00	INFO	Detected OS	family="debian" version="12.8"
2025-02-19T17:27:04-03:00	INFO	[debian] Detecting vulnerabilities...	os_version="12" pkg_num=3
2025-02-19T17:27:04-03:00	INFO	Number of language-specific files	num=1
2025-02-19T17:27:04-03:00	INFO	[gobinary] Detecting vulnerabilities...
2025-02-19T17:27:04-03:00	WARN	Using severities from other vendors for some vulnerabilities. Read https://aquasecurity.github.io/trivy/v0.58/docs/scanner/vulnerability#severity-selection for details.

ghcr.io/undistro/zora/operator:v0.10.3 (debian 12.8)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)


manager (gobinary)

Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 3, HIGH: 1, CRITICAL: 0)

┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────┬──────────────────────────────────────────────────────────────┐
│     Library      │ Vulnerability  │ Severity │ Status │ Installed Version │        Fixed Version         │                            Title                             │
├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2024-45338 │ HIGH     │ fixed  │ v0.29.0           │ 0.33.0                       │ golang.org/x/net/html: Non-linear parsing of                 │
│                  │                │          │        │                   │                              │ case-insensitive content in golang.org/x/net/html            │
│                  │                │          │        │                   │                              │ https://avd.aquasec.com/nvd/cve-2024-45338                   │
├──────────────────┼────────────────┼──────────┤        ├───────────────────┼──────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib           │ CVE-2024-45336 │ MEDIUM   │        │ v1.22.10          │ 1.22.11, 1.23.5, 1.24.0-rc.2 │ golang: net/http: net/http: sensitive headers incorrectly    │
│                  │                │          │        │                   │                              │ sent after cross-domain redirect                             │
│                  │                │          │        │                   │                              │ https://avd.aquasec.com/nvd/cve-2024-45336                   │
│                  ├────────────────┤          │        │                   │                              ├──────────────────────────────────────────────────────────────┤
│                  │ CVE-2024-45341 │          │        │                   │                              │ golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can │
│                  │                │          │        │                   │                              │ bypass URI name...                                           │
│                  │                │          │        │                   │                              │ https://avd.aquasec.com/nvd/cve-2024-45341                   │
│                  ├────────────────┤          │        │                   ├──────────────────────────────┼──────────────────────────────────────────────────────────────┤
│                  │ CVE-2025-22866 │          │        │                   │ 1.22.12, 1.23.6, 1.24.0-rc.3 │ crypto/internal/nistec: golang: Timing sidechannel for P-256 │
│                  │                │          │        │                   │                              │ on ppc64le in crypto/internal/nistec                         │
│                  │                │          │        │                   │                              │ https://avd.aquasec.com/nvd/cve-2025-22866                   │
└──────────────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────┴──────────────────────────────────────────────────────────────┘

to this

trivy image --scanners vuln operator:latest
2025-02-19T17:36:17-03:00	INFO	[vuln] Vulnerability scanning is enabled
2025-02-19T17:36:19-03:00	INFO	Detected OS	family="debian" version="12.9"
2025-02-19T17:36:19-03:00	INFO	[debian] Detecting vulnerabilities...	os_version="12" pkg_num=3
2025-02-19T17:36:19-03:00	INFO	Number of language-specific files	num=1
2025-02-19T17:36:19-03:00	INFO	[gobinary] Detecting vulnerabilities...

operator:latest (debian 12.9)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Linked Issues

How has this been tested?

  • make docker-build

Checklist

  • I have labeled this PR with the relevant Type labels
  • I have documented my code (if applicable)
  • My changes are covered by tests

@matheusfm matheusfm added the dependencies Pull requests that update a dependency file label Feb 19, 2025
@matheusfm matheusfm requested a review from knrc February 19, 2025 20:40
@matheusfm matheusfm self-assigned this Feb 19, 2025
@matheusfm matheusfm merged commit 6f63d4e into main Feb 24, 2025
4 checks passed
@matheusfm matheusfm deleted the update-deps branch February 24, 2025 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knrc knrc knrc approved these changes

Assignees

@matheusfm matheusfm

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matheusfm @knrc
0