Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Bump Trivy version #10924

Merged
merged 1 commit into from
Sep 30, 2024
Merged

Bump Trivy version #10924

merged 1 commit into from
Sep 30, 2024

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Sep 22, 2024
edited
Loading

Bump Trivy version

Update Trivy version in Dockerfile.dapper

1 file(s) updated with "TRIVY_VERSION=\"0.55.2\"": * Dockerfile.dapper

GitHub Action workflow link
Updatecli logo

Created automatically by Updatecli

Options:

Most of Updatecli configuration is done via its manifest(s).

  • If you close this pull request, Updatecli will automatically reopen it, the next time it runs.
  • If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made.

Feel free to report any issues at github.com/updatecli/updatecli.
If you find this tool useful, do not hesitate to star our GitHub repository as a sign of appreciation, and/or to tell us directly on our chat!

@github-actions github-actions bot requested a review from a team as a code owner September 22, 2024 18:10
@github-actions github-actions bot added the dependencies Pull requests that update a dependency file label Sep 22, 2024
@codecov Codecov
Copy link

codecov bot commented Sep 22, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 43.82%. Comparing base (cda31eb) to head (6bdd728).
Report is 3 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (cda31eb) and HEAD (6bdd728). Click for more details.

HEAD has 17 uploads less than BASE
Flag BASE (cda31eb) HEAD (6bdd728)
unittests 1 0
inttests 10 0
e2etests 7 1
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #10924      +/-   ##
==========================================
- Coverage   49.80%   43.82%   -5.98%     
==========================================
  Files         178      161      -17     
  Lines       14801    14310     -491     
==========================================
- Hits         7371     6271    -1100     
- Misses       6084     6771     +687     
+ Partials     1346     1268      -78
Flag Coverage Δ
e2etests 43.82% <ø> (-2.16%) ⬇️
inttests ?
unittests ?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@dereknola
Copy link
Member

/trivy

4 similar comments
@dereknola
Copy link
Member

/trivy

@dereknola
Copy link
Member

/trivy

@dereknola
Copy link
Member

/trivy

@dereknola
Copy link
Member

/trivy

@github-actions GitHub Actions
Copy link
Contributor Author 


bin/cni (gobinary)
==================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

bin/containerd-shim-runc-v2 (gobinary)
======================================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

bin/k3s (gobinary)
==================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

bin/runc (gobinary)
===================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

@github-actions
chore: Bump Trivy version
6bdd728 
Made with ❤️️ by updatecli
@github-actions github-actions bot force-pushed the updatecli_master_fbb41be22e842f318436eb5fa3f22190568b68669d97604cc07d49760c96c977 branch from a3e37f5 to 6bdd728 Compare September 29, 2024 18:11
@dereknola dereknola merged commit a809749 into master Sep 30, 2024
4 checks passed
ludost pushed a commit to asimovo-platform/k3s that referenced this pull request Oct 2, 2024
@github-actions @ludost
chore: Bump Trivy version (k3s-io#10924)
f83a80f 
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@github-actions github-actions bot deleted the updatecli_master_fbb41be22e842f318436eb5fa3f22190568b68669d97604cc07d49760c96c977 branch October 6, 2024 18:04
@cguertin14 cguertin14 mentioned this pull request Jan 11, 2025
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@brandond brandond brandond approved these changes

@dereknola dereknola dereknola approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dereknola @brandond