Skip to content

update docker dependency version to address CVE#294

Merged
nabuskey merged 3 commits intocnoe-io:mainfrom
omrishiv:update-deps
Jun 12, 2024
Merged

update docker dependency version to address CVE#294
nabuskey merged 3 commits intocnoe-io:mainfrom
omrishiv:update-deps

Conversation

@omrishiv
Copy link
Copy Markdown
Contributor

@omrishiv omrishiv commented Jun 12, 2024
edited
Loading 

~/code/idpbuilder-omri │ update-deps *1 !3  grype dir:. --exclude './bin/**' -o json                                                                                                                    
 ✔ Vulnerability DB                [no update available]  
 ✔ Indexed file system                                                                                                                                                                                                          .
 ✔ Cataloged contents                                                                                                                                            cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
   ├── ✔ Packages                        [124 packages]  
   └── ✔ Executables                     [0 executables]  
 ✔ Scanned for vulnerabilities     [1 vulnerability matches]  
   ├── by severity: 0 critical, 0 high, 1 medium, 0 low, 0 negligible
   └── by status:   1 fixed, 0 not-fixed, 0 ignored 
NAME                              INSTALLED             FIXED-IN  TYPE       VULNERABILITY        SEVERITY
github.com/docker/docker          v24.0.7+incompatible  24.0.9    go-module  GHSA-xw73-rw38-6vjc  Medium

I'm going to add automated scanning to Github action in another commit and we're also going to want to update the ./bins due to more CVEs if we can

omrishiv added 2 commits June 12, 2024 14:31
@omrishiv
update docker dependency version to address CVE
03d8a93 
Signed-off-by: omrishiv <327609+omrishiv@users.noreply.github.com>
@omrishiv
add go.sum
a642ffb 
Signed-off-by: omrishiv <327609+omrishiv@users.noreply.github.com>
nabuskey
nabuskey requested changes Jun 12, 2024
View reviewed changes
@omrishiv
go mod tidy
537cad7 
Signed-off-by: omrishiv <327609+omrishiv@users.noreply.github.com>
nabuskey
nabuskey approved these changes Jun 12, 2024
View reviewed changes
Copy link
Copy Markdown
Collaborator

@nabuskey nabuskey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nabuskey nabuskey merged commit cb0bd30 into cnoe-io:main Jun 12, 2024
@omrishiv omrishiv deleted the update-deps branch June 12, 2024 23:16
@omrishiv omrishiv mentioned this pull request Jun 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nabuskey nabuskey nabuskey approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@omrishiv @nabuskey