Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
job-builder: address docker image vulnerabilities (#1523)
Why? Fix docker image vulnerabilities uncovered by `docker scan job-builder-secure` ``` +------------------+----------+--------+----------+---------------+---------+---------+ | VULN ID | PACKAGE | TYPE | SEVERITY | FIX AVAILABLE | CVSS V2 | CVSS V3 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-42915 | libcurl | apk | CRITICAL | 7.83.1-r4 | 0.0 | 9.8 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2021-3177 | python3 | apk | CRITICAL | 3.8.7-r2 | 7.5 | 9.8 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2021-29921 | python3 | apk | CRITICAL | 3.9.5-r0 | 7.5 | 9.8 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-32221 | libcurl | apk | CRITICAL | 7.83.1-r4 | 0.0 | 9.8 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-43680 | expat | apk | HIGH | 2.5.0-r0 | 0.0 | 7.5 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-39260 | git | apk | HIGH | 2.36.3-r0 | 0.0 | 8.8 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2019-20907 | python3 | apk | HIGH | 3.8.5-r0 | 5.0 | 7.5 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-42916 | libcurl | apk | HIGH | 7.83.1-r4 | 0.0 | 7.5 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-30947 | git | apk | HIGH | | 5.0 | 7.5 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-36882 | git | apk | HIGH | | 0.0 | 8.8 | +------------------+----------+--------+----------+---------------+---------+--------- | CVE-2022-31012 | git | apk | HIGH | | 4.4 | 7.3 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-36883 | git | apk | HIGH | | 0.0 | 7.5 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2018-20225 | pip | python | HIGH | | 6.8 | 7.8 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-30948 | git | apk | HIGH | | 5.0 | 7.5 | +------------------+----------+--------+----------+---------------+---------+---------+ | CVE-2022-23602 | docutils | python | HIGH | | 5.5 | 8.1 | +------------------+----------+--------+----------+---------------+---------+---------+ ``` What? Updated alpine, python, and git versions. What type of change are you making? Bug fix Signed-off-by: Miroslav Ivanov [email protected] Signed-off-by: Miroslav Ivanov [email protected]
- Loading branch information
1 parent
9c33753
commit 55e5a64