Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities because of older Alpine base image #734

Open
rajrohanyadav opened this issue Feb 3, 2025 · 6 comments
Open

Vulnerabilities because of older Alpine base image #734

rajrohanyadav opened this issue Feb 3, 2025 · 6 comments

Comments

@rajrohanyadav
Copy link

Hi maintainers,

Hope you are doing good.

Would you be able to take a look at #712 which has failed to auto-merge and causing a few (1 CRITICAL and 2 HIGH) vulnerabilities in the docker image? It'd be great if you could investigate and fix the build, so that the bump can be merged.

Thanks,
Rohan
@rajrohanyadav
Copy link
Author

Hi @MovieStoreGuy @tiedotguy

Sorry for the ping, but if you could take a look at this, it would be really helpful.

Thankyou

@davidgit
Copy link

Hi @akavatl or @hstan ,

Could you help us here?

Thanks in advance

@hstan
Copy link
Member

hstan commented Feb 25, 2025

@davidgit
Merged #735

@rahulreddy15
Copy link

Hey @hstan ,
There is also a critical security vulnerability in the bin/gostatsd binary ( CVE-2024-24790 ) which will be resolved by bumping the go version.
Attaching the trivy report for you to see.

altassian-gostatsd.txt

@rahulreddy15
Copy link

Hey @hstan
Linking the PR that upgrades golang and golang.org/x/net versions

#736

@rahulreddy15
Copy link

Hey @hstan
The workflow seems to have failed because I did not run go mod tidy after upgrading golang.org/x/net.
Ran this and updated the PR. The upgraded libraries also appear in go.sum now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@davidgit @hstan @rajrohanyadav @rahulreddy15