Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prepare v0.13.14 #459

Merged
merged 2 commits into from
May 2, 2024
Merged

Prepare v0.13.14 #459

merged 2 commits into from
May 2, 2024

Conversation

molepigeon
Copy link
Member

Bump golang.org/x/net for CVE-2023-45288
Bump github.com/docker/docker for CVE-2024-29018

molepigeon added 2 commits May 1, 2024 17:48
Bump golang.org/x/net for CVE-2023-45288
Bump github.com/docker/docker for CVE-2024-29018

Signed-off-by: Michael Hough <[email protected]>
The old nginx image caused test failures because it's a v1 manifest and Docker Hub refuses to let you download them now.

I set the image version to the latest as of today. We only need the container to start once it is approved. This is testing for an unsigned image - I'm betting that if nginx ever do decide to sign their images using simple signing in future, they won't go back and sign old images.

Signed-off-by: Michael Hough <[email protected]>
Copy link
Member

@cathyyoung cathyyoung left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@molepigeon molepigeon enabled auto-merge May 2, 2024 11:29
@molepigeon molepigeon disabled auto-merge May 2, 2024 11:34
@molepigeon molepigeon added this pull request to the merge queue May 2, 2024
Merged via the queue into main with commit c779657 May 2, 2024
4 checks passed
@molepigeon molepigeon deleted the cve-2023-45288 branch May 2, 2024 11:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants