Patch CVE-2024-45338 for package rclone in image ffmpeg

Signed-off-by: Viet Nguyen Duc <[email protected]>
SeleniumHQ · Dec 23, 2024 · 822101e · 822101e
1 parent b75e36c
commit 822101e
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/.ffmpeg/Dockerfile b/.ffmpeg/Dockerfile
@@ -3,6 +3,7 @@ ARG VERSION_FFMPEG="7.1"
 ARG VERSION_RCLONE="v1.68.2"
 ARG VERSION_GO="latest"
 ARG GO_CRYPTO_VERSION="v0.31.0"
+ARG GO_NET_VERSION="v0.33.0"
 
 USER root
 
@@ -33,6 +34,7 @@ RUN cd /usr/local/src \
     && git checkout $VERSION_RCLONE \
     # Patch deps version in go.mod to fix CVEs
     && sed -i "s|golang.org/x/crypto v.*|golang.org/x/crypto ${GO_CRYPTO_VERSION}|g" go.mod \
+    && sed -i "s|golang.org/x/net v.*|golang.org/x/net ${GO_NET_VERSION}|g" go.mod \
     && go mod tidy \
     # Build rclone
     && make \