Skip to content

deps(deps): update googleapis/release-please-action action to v4.2.0 #98

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

deps(deps): update googleapis/release-please-action action to v4.2.0 #98

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 5, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
googleapis/release-please-action action minor v4.1.4 -> v4.2.0

Release Notes

googleapis/release-please-action (googleapis/release-please-action)

v4.2.0

Compare Source

Features
  • support for skip-labeling parameter for GitHub action (#​1066) (fb7f385)

v4.1.5

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from lotyp as a code owner March 5, 2025 22:18
@renovate renovate bot enabled auto-merge (squash) March 5, 2025 22:18
@github-actions github-actions bot added the type: maintenance For maintenance, refactor and testing (perf, chore, style, revert, refactor, test, build, ci) label Mar 5, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of tonistiigi/binfmt:latest

📦 Image Reference tonistiigi/binfmt:latest
digestsha256:69b92b14f1ebdc33c46dec2d21e4e306fde34da0f227cf3cf0564045c020f6ed
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size34 MB
packages14

11 similar comments
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of tonistiigi/binfmt:latest

📦 Image Reference tonistiigi/binfmt:latest
digestsha256:69b92b14f1ebdc33c46dec2d21e4e306fde34da0f227cf3cf0564045c020f6ed
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size34 MB
packages14

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of tonistiigi/binfmt:latest

📦 Image Reference tonistiigi/binfmt:latest
digestsha256:69b92b14f1ebdc33c46dec2d21e4e306fde34da0f227cf3cf0564045c020f6ed
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size34 MB
packages14

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of tonistiigi/binfmt:latest

📦 Image Reference tonistiigi/binfmt:latest
digestsha256:69b92b14f1ebdc33c46dec2d21e4e306fde34da0f227cf3cf0564045c020f6ed
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size34 MB
packages14

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of tonistiigi/binfmt:latest

📦 Image Reference tonistiigi/binfmt:latest
digestsha256:69b92b14f1ebdc33c46dec2d21e4e306fde34da0f227cf3cf0564045c020f6ed
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size34 MB
packages14

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of tonistiigi/binfmt:latest

📦 Image Reference tonistiigi/binfmt:latest
digestsha256:69b92b14f1ebdc33c46dec2d21e4e306fde34da0f227cf3cf0564045c020f6ed
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size34 MB
packages14

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of tonistiigi/binfmt:latest

📦 Image Reference tonistiigi/binfmt:latest
digestsha256:69b92b14f1ebdc33c46dec2d21e4e306fde34da0f227cf3cf0564045c020f6ed
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size34 MB
packages14

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of tonistiigi/binfmt:latest

📦 Image Reference tonistiigi/binfmt:latest
digestsha256:69b92b14f1ebdc33c46dec2d21e4e306fde34da0f227cf3cf0564045c020f6ed
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size34 MB
packages14

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of tonistiigi/binfmt:latest

📦 Image Reference tonistiigi/binfmt:latest
digestsha256:69b92b14f1ebdc33c46dec2d21e4e306fde34da0f227cf3cf0564045c020f6ed
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size34 MB
packages14

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of tonistiigi/binfmt:latest

📦 Image Reference tonistiigi/binfmt:latest
digestsha256:69b92b14f1ebdc33c46dec2d21e4e306fde34da0f227cf3cf0564045c020f6ed
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size34 MB
packages14

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of tonistiigi/binfmt:latest

📦 Image Reference tonistiigi/binfmt:latest
digestsha256:69b92b14f1ebdc33c46dec2d21e4e306fde34da0f227cf3cf0564045c020f6ed
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size34 MB
packages14

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 5, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of tonistiigi/binfmt:latest

📦 Image Reference tonistiigi/binfmt:latest
digestsha256:69b92b14f1ebdc33c46dec2d21e4e306fde34da0f227cf3cf0564045c020f6ed
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size34 MB
packages14

@renovate renovate bot changed the title deps(deps): update googleapis/release-please-action action to v4.1.5 deps(deps): update googleapis/release-please-action action to v4.2.0 Mar 7, 2025
@renovate renovate bot force-pushed the renovate/googleapis-release-please-action-4.x branch from 833b81f to 0208bae Compare March 7, 2025 19:33
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:9a7c554fb67ad49ab2e6a8ee8ed575140900e5380d146c13ad6812e3710e27d6
vulnerabilitiescritical: 0 high: 5 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages246
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.045%
EPSS Percentile18th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.215%
EPSS Percentile60th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

critical: 0 high: 1 medium: 0 low: 0 golang.org/x/crypto 0.31.0 (golang)

pkg:golang/golang.org/x/crypto@0.31.0

high : CVE--2025--22869

Affected range<0.35.0
Fixed version0.35.0
EPSS Score0.045%
EPSS Percentile18th percentile
Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

3 similar comments
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:9a7c554fb67ad49ab2e6a8ee8ed575140900e5380d146c13ad6812e3710e27d6
vulnerabilitiescritical: 0 high: 5 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages246
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.045%
EPSS Percentile18th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.215%
EPSS Percentile60th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

critical: 0 high: 1 medium: 0 low: 0 golang.org/x/crypto 0.31.0 (golang)

pkg:golang/golang.org/x/crypto@0.31.0

high : CVE--2025--22869

Affected range<0.35.0
Fixed version0.35.0
EPSS Score0.045%
EPSS Percentile18th percentile
Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:9a7c554fb67ad49ab2e6a8ee8ed575140900e5380d146c13ad6812e3710e27d6
vulnerabilitiescritical: 0 high: 5 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages246
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.045%
EPSS Percentile18th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.215%
EPSS Percentile60th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

critical: 0 high: 1 medium: 0 low: 0 golang.org/x/crypto 0.31.0 (golang)

pkg:golang/golang.org/x/crypto@0.31.0

high : CVE--2025--22869

Affected range<0.35.0
Fixed version0.35.0
EPSS Score0.045%
EPSS Percentile18th percentile
Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:9a7c554fb67ad49ab2e6a8ee8ed575140900e5380d146c13ad6812e3710e27d6
vulnerabilitiescritical: 0 high: 5 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages246
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.045%
EPSS Percentile18th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.215%
EPSS Percentile60th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

critical: 0 high: 1 medium: 0 low: 0 golang.org/x/crypto 0.31.0 (golang)

pkg:golang/golang.org/x/crypto@0.31.0

high : CVE--2025--22869

Affected range<0.35.0
Fixed version0.35.0
EPSS Score0.045%
EPSS Percentile18th percentile
Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 weeks ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

3 similar comments
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 weeks ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 weeks ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 weeks ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:9a7c554fb67ad49ab2e6a8ee8ed575140900e5380d146c13ad6812e3710e27d6
vulnerabilitiescritical: 0 high: 5 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages246
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.045%
EPSS Percentile18th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.215%
EPSS Percentile60th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

critical: 0 high: 1 medium: 0 low: 0 golang.org/x/crypto 0.31.0 (golang)

pkg:golang/golang.org/x/crypto@0.31.0

high : CVE--2025--22869

Affected range<0.35.0
Fixed version0.35.0
EPSS Score0.045%
EPSS Percentile18th percentile
Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

2 similar comments
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:9a7c554fb67ad49ab2e6a8ee8ed575140900e5380d146c13ad6812e3710e27d6
vulnerabilitiescritical: 0 high: 5 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages246
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.045%
EPSS Percentile18th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.215%
EPSS Percentile60th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

critical: 0 high: 1 medium: 0 low: 0 golang.org/x/crypto 0.31.0 (golang)

pkg:golang/golang.org/x/crypto@0.31.0

high : CVE--2025--22869

Affected range<0.35.0
Fixed version0.35.0
EPSS Score0.045%
EPSS Percentile18th percentile
Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:9a7c554fb67ad49ab2e6a8ee8ed575140900e5380d146c13ad6812e3710e27d6
vulnerabilitiescritical: 0 high: 5 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages246
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.045%
EPSS Percentile18th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.215%
EPSS Percentile60th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

critical: 0 high: 1 medium: 0 low: 0 golang.org/x/crypto 0.31.0 (golang)

pkg:golang/golang.org/x/crypto@0.31.0

high : CVE--2025--22869

Affected range<0.35.0
Fixed version0.35.0
EPSS Score0.045%
EPSS Percentile18th percentile
Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 weeks ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 weeks ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

1 similar comment
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 weeks ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:9a7c554fb67ad49ab2e6a8ee8ed575140900e5380d146c13ad6812e3710e27d6
vulnerabilitiescritical: 0 high: 5 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages246
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.045%
EPSS Percentile18th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.215%
EPSS Percentile60th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

critical: 0 high: 1 medium: 0 low: 0 golang.org/x/crypto 0.31.0 (golang)

pkg:golang/golang.org/x/crypto@0.31.0

high : CVE--2025--22869

Affected range<0.35.0
Fixed version0.35.0
EPSS Score0.045%
EPSS Percentile18th percentile
Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

2 similar comments
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:9a7c554fb67ad49ab2e6a8ee8ed575140900e5380d146c13ad6812e3710e27d6
vulnerabilitiescritical: 0 high: 5 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages246
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.045%
EPSS Percentile18th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.215%
EPSS Percentile60th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

critical: 0 high: 1 medium: 0 low: 0 golang.org/x/crypto 0.31.0 (golang)

pkg:golang/golang.org/x/crypto@0.31.0

high : CVE--2025--22869

Affected range<0.35.0
Fixed version0.35.0
EPSS Score0.045%
EPSS Percentile18th percentile
Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:9a7c554fb67ad49ab2e6a8ee8ed575140900e5380d146c13ad6812e3710e27d6
vulnerabilitiescritical: 0 high: 5 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages246
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.045%
EPSS Percentile18th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.215%
EPSS Percentile60th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

critical: 0 high: 1 medium: 0 low: 0 golang.org/x/crypto 0.31.0 (golang)

pkg:golang/golang.org/x/crypto@0.31.0

high : CVE--2025--22869

Affected range<0.35.0
Fixed version0.35.0
EPSS Score0.045%
EPSS Percentile18th percentile
Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:9a7c554fb67ad49ab2e6a8ee8ed575140900e5380d146c13ad6812e3710e27d6
vulnerabilitiescritical: 0 high: 5 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages246
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.045%
EPSS Percentile18th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.215%
EPSS Percentile60th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

critical: 0 high: 1 medium: 0 low: 0 golang.org/x/crypto 0.31.0 (golang)

pkg:golang/golang.org/x/crypto@0.31.0

high : CVE--2025--22869

Affected range<0.35.0
Fixed version0.35.0
EPSS Score0.045%
EPSS Percentile18th percentile
Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

1 similar comment
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:9a7c554fb67ad49ab2e6a8ee8ed575140900e5380d146c13ad6812e3710e27d6
vulnerabilitiescritical: 0 high: 5 medium: 0 low: 0
platformlinux/amd64
size104 MB
packages246
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.3
  • latest
digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.045%
EPSS Percentile18th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.215%
EPSS Percentile60th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

critical: 0 high: 1 medium: 0 low: 0 golang.org/x/crypto 0.31.0 (golang)

pkg:golang/golang.org/x/crypto@0.31.0

high : CVE--2025--22869

Affected range<0.35.0
Fixed version0.35.0
EPSS Score0.045%
EPSS Percentile18th percentile
Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 weeks ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

2 similar comments
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 weeks ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025
edited
Loading

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 weeks ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 weeks ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

1 similar comment
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.21.3
Digestsha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed3 weeks ago
Size3.6 MB
Packages19
OS3.21.3
The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@lotyp lotyp Awaiting requested review from lotyp lotyp is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
type: maintenance For maintenance, refactor and testing (perf, chore, style, revert, refactor, test, build, ci)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants