Rebuild image to update busybox to 1.37.0

[sdx-jkataja]

Please rebuild image to have busybox to 1.37.0 and receive new CA certificates in the image.

Busybox 1.36.1 has the CVE-2023-42363, nothing substantial but results in many Prometheus images showing up on the vulnerabilities scanner.

[marcnorthover]

Running a grype scan on quay.io/prometheus/busybox-linux-amd64:latest.

NAME     INSTALLED  TYPE    VULNERABILITY   SEVERITY  EPSS          RISK
busybox  1.36.1     binary  CVE-2022-48174  Critical  0.5% (63rd)   0.4
busybox  1.36.1     binary  CVE-2023-42364  Medium    < 0.1% (8th)  < 0.1
busybox  1.36.1     binary  CVE-2023-42365  Medium    < 0.1% (8th)  < 0.1
busybox  1.36.1     binary  CVE-2023-42363  Medium    < 0.1% (6th)  < 0.1
busybox  1.36.1     binary  CVE-2023-42366  Medium    < 0.1% (5th)  < 0.1
busybox  1.36.1     binary  CVE-2024-58251  Low       < 0.1% (4th)  < 0.1
busybox  1.36.1     binary  CVE-2025-46394  Low       < 0.1% (3rd)  < 0.1

It seems like the latest busybox:1.37.0 fixes the 1 critical, and 4 mediums:

NAME     INSTALLED  TYPE    VULNERABILITY   SEVERITY  EPSS          RISK
busybox  1.37.0     binary  CVE-2024-58251  Low       < 0.1% (4th)  < 0.1
busybox  1.37.0     binary  CVE-2025-46394  Low       < 0.1% (3rd)  < 0.1

[SuperQ]

We use the CA certificates from Debian.

We've fixed the build pipline so this is now up-to-date.