Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(docker): update docker digests #190

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(docker): update docker digests #190

wants to merge 1 commit into from
+2 −2

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 17, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
docker.io/ubuntu final digest adbb901 -> ed1544e
docker.io/ubuntu final digest fa17826 -> 8e5c4f0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot enabled auto-merge (squash) September 17, 2024 01:15
@renovate renovate bot changed the title chore(docker): update docker.io/ubuntu:22.04 docker digest to 1f3825f chore(docker): update docker.io/ubuntu:22.04 docker digest to 58b8789 Sep 17, 2024
@renovate renovate bot force-pushed the renovate/docker-digests branch from 8b669d2 to acbd555 Compare September 17, 2024 05:02
@renovate renovate bot changed the title chore(docker): update docker.io/ubuntu:22.04 docker digest to 58b8789 chore(docker): update docker digests Oct 2, 2024
@renovate renovate bot force-pushed the renovate/docker-digests branch 2 times, most recently from 1c628b5 to a163b98 Compare October 3, 2024 04:48
@phil-davis
Copy link
Contributor

The current latest docker image at
https://hub.docker.com/layers/library/ubuntu/22.04/images/sha256-965fbcae990b0467ed5657caceaec165018ef44a4d2d46c7cdea80a9dff0d1ea?context=explore
is the one being used here by renovate-bot.

But it reports a vulnerability for CVE-2024-34156 - a newer stdlib is available that fixes the issue.

I suppose that we just have to wait until newer Ubuntu 20.04 and 22.04 dicker images are available, and then renovate-bot will find them...

@phil-davis phil-davis self-assigned this Oct 3, 2024
@renovate renovate bot force-pushed the renovate/docker-digests branch 2 times, most recently from 5af4de1 to f974ef1 Compare October 19, 2024 08:09
@phil-davis
Copy link
Contributor

Trivy is still reporting:

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐

│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │

├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤

│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.4            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │

│         │                │          │        │                   │                │ which contains deeply nested structures...                │

│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │

└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

See discussion aquasecurity/trivy#7472

And Trivy itself doing things like: aquasecurity/trivy#7478

Maybe me need to ignore this Trivy report.

@renovate renovate bot force-pushed the renovate/docker-digests branch from f974ef1 to a0fc22a Compare December 18, 2024 01:46
@phil-davis phil-davis mentioned this pull request Dec 18, 2024
Open
1 task
@renovate renovate bot force-pushed the renovate/docker-digests branch from a0fc22a to 76a119c Compare December 18, 2024 04:40
@renovate renovate bot force-pushed the renovate/docker-digests branch from 76a119c to 5b26a03 Compare February 4, 2025 09:37
@renovate renovate bot force-pushed the renovate/docker-digests branch from 5b26a03 to d6ceb8b Compare February 24, 2025 04:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

Assignees

@phil-davis phil-davis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@phil-davis