Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(docker): update docker digests #190

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 17, 2024

This PR contains the following updates:

Package Type Update Change
docker.io/ubuntu final digest adbb901 -> 0e5e4a5
docker.io/ubuntu final digest fa17826 -> 8e5c4f0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot enabled auto-merge (squash) September 17, 2024 01:15
@renovate renovate bot changed the title chore(docker): update docker.io/ubuntu:22.04 docker digest to 1f3825f chore(docker): update docker.io/ubuntu:22.04 docker digest to 58b8789 Sep 17, 2024
@renovate renovate bot changed the title chore(docker): update docker.io/ubuntu:22.04 docker digest to 58b8789 chore(docker): update docker digests Oct 2, 2024
@renovate renovate bot force-pushed the renovate/docker-digests branch 2 times, most recently from 1c628b5 to a163b98 Compare October 3, 2024 04:48
@phil-davis
Copy link
Contributor

The current latest docker image at
https://hub.docker.com/layers/library/ubuntu/22.04/images/sha256-965fbcae990b0467ed5657caceaec165018ef44a4d2d46c7cdea80a9dff0d1ea?context=explore
is the one being used here by renovate-bot.

But it reports a vulnerability for CVE-2024-34156 - a newer stdlib is available that fixes the issue.

I suppose that we just have to wait until newer Ubuntu 20.04 and 22.04 dicker images are available, and then renovate-bot will find them...

@phil-davis phil-davis self-assigned this Oct 3, 2024
@phil-davis
Copy link
Contributor

Trivy is still reporting:

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐

│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │

├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤

│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.4            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │

│         │                │          │        │                   │                │ which contains deeply nested structures...                │

│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │

└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

See discussion aquasecurity/trivy#7472

And Trivy itself doing things like: aquasecurity/trivy#7478

Maybe me need to ignore this Trivy report.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant