Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade docker base images alpine:3.19.0 & golang:1.21 #256

Merged
3 commits merged into from
Dec 12, 2023
Merged

Upgrade docker base images alpine:3.19.0 & golang:1.21 #256

3 commits merged into from
Dec 12, 2023

Conversation

ghost
Copy link

@ghost ghost commented Dec 11, 2023
edited by ghost
Loading

Fixes CVE-2023-5363 by updating the base image in Dockerfile.

The other vulnerability (opentelemetry go dependency) results from the k8s.io/* dependencies which need a new release.

Checklist

References

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request

@ghost ghost requested a review from 89Q12 December 11, 2023 11:59
@ghost ghost self-assigned this Dec 11, 2023
@codeclimate CodeClimate
Copy link

codeclimate bot commented Dec 11, 2023
edited
Loading

Code Climate has analyzed commit 33c6903 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 55.8% (0.0% change).

View more on Code Climate.

@ghost ghost marked this pull request as ready for review December 11, 2023 12:09
@LittleFox94
Copy link
Collaborator

If we can't patch "the other vulnerability", please try to gauge how critical that is for us and add an override (and comment with your findings) in .trivyignore if we can safely ignore it for now - this way the CI is green

@ghost ghost requested review from LittleFox94 and removed request for 89Q12 December 12, 2023 12:19
@ghost ghost merged commit 24b0758 into main Dec 12, 2023
@ghost ghost deleted the upgrade-docker-base-images branch December 12, 2023 12:22
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@LittleFox94