Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Trivy version #10924

Merged
merged 1 commit into from
Sep 30, 2024
Merged

Bump Trivy version #10924

merged 1 commit into from
Sep 30, 2024

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Sep 22, 2024
edited
Loading

Bump Trivy version

Update Trivy version in Dockerfile.dapper

1 file(s) updated with "TRIVY_VERSION=\"0.55.2\"": * Dockerfile.dapper

GitHub Action workflow link
Updatecli logo

Created automatically by Updatecli

Options:

Most of Updatecli configuration is done via its manifest(s).

  • If you close this pull request, Updatecli will automatically reopen it, the next time it runs.
  • If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made.

Feel free to report any issues at github.com/updatecli/updatecli.
If you find this tool useful, do not hesitate to star our GitHub repository as a sign of appreciation, and/or to tell us directly on our chat!

@github-actions github-actions bot requested a review from a team as a code owner September 22, 2024 18:10
@github-actions github-actions bot added the dependencies Pull requests that update a dependency file label Sep 22, 2024
@codecov Codecov
Copy link

codecov bot commented Sep 22, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 43.82%. Comparing base (cda31eb) to head (6bdd728).
Report is 3 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (cda31eb) and HEAD (6bdd728). Click for more details.

HEAD has 17 uploads less than BASE
Flag BASE (cda31eb) HEAD (6bdd728)
unittests 1 0
inttests 10 0
e2etests 7 1
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #10924      +/-   ##
==========================================
- Coverage   49.80%   43.82%   -5.98%     
==========================================
  Files         178      161      -17     
  Lines       14801    14310     -491     
==========================================
- Hits         7371     6271    -1100     
- Misses       6084     6771     +687     
+ Partials     1346     1268      -78
Flag Coverage Δ
e2etests 43.82% <ø> (-2.16%) ⬇️
inttests ?
unittests ?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@dereknola
Copy link
Member

/trivy

4 similar comments
@dereknola
Copy link
Member

/trivy

@dereknola
Copy link
Member

/trivy

@dereknola
Copy link
Member

/trivy

@dereknola
Copy link
Member

/trivy

@github-actions GitHub Actions
Copy link
Contributor Author 


bin/cni (gobinary)
==================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

bin/containerd-shim-runc-v2 (gobinary)
======================================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

bin/k3s (gobinary)
==================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

bin/runc (gobinary)
===================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

@github-actions
chore: Bump Trivy version
6bdd728 
Made with ❤️️ by updatecli
@github-actions github-actions bot force-pushed the updatecli_master_fbb41be22e842f318436eb5fa3f22190568b68669d97604cc07d49760c96c977 branch from a3e37f5 to 6bdd728 Compare September 29, 2024 18:11
@dereknola dereknola merged commit a809749 into master Sep 30, 2024
4 checks passed
ludost pushed a commit to asimovo-platform/k3s that referenced this pull request Oct 2, 2024
@github-actions @ludost
chore: Bump Trivy version (k3s-io#10924)
f83a80f 
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@github-actions github-actions bot deleted the updatecli_master_fbb41be22e842f318436eb5fa3f22190568b68669d97604cc07d49760c96c977 branch October 6, 2024 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dereknola dereknola dereknola approved these changes

@brandond brandond brandond approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dereknola @brandond