chore(deps): Bump actions/attest-build-provenance from 1.4.2 to 1.4.3 in /.github/actions/build-docker-image

dependabot[bot] commented 1 month ago

Bumps actions/attest-build-provenance from 1.4.2 to 1.4.3.

Release notes

Sourced from actions/attest-build-provenance's releases.

v1.4.3

What's Changed

Bump predicate from 1.1.2 to 1.1.3 by @bdehamer in actions/attest-build-provenance#226

Bump @actions/attest from 1.3.1 to 1.4.1 by @dependabot in actions/attest-build-provenance#212

Bump @actions/attest from 1.4.1 to 1.4.2 by @bdehamer in actions/attest-build-provenance#225

Fix bug w/ customized OIDC issuer URL for enterprise accounts (#222)

Full Changelog: https://github.com/actions/attest-build-provenance/compare/v1.4.2...v1.4.3

Commits

1c608d1 bump predicate from 1.1.2 to 1.1.3 (#226)
f1185f1 bump @actions/attest from 1.4.1 to 1.4.2 (#225)
d438876 add sigstore prober (#224)
8f30a5c Bump the npm-development group with 3 updates (#218)
13f0f0d Bump @actions/attest from 1.3.1 to 1.4.1 (#212)
a950611 Bump the npm-development group with 2 updates (#211)
814a778 Bump the npm-development group with 3 updates (#206)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/photon:latest (alpine 3.20.3)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/skeleton:latest (alpine 3.20.3)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/alpine:3.20.2 (alpine 3.20.2)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
libcrypto3	CVE-2024-6119	MEDIUM	3.3.1-r3	3.3.2-r0	https://avd.aquasec.com/nvd/cve-2024-6119
libssl3	CVE-2024-6119	MEDIUM	3.3.1-r3	3.3.2-r0	https://avd.aquasec.com/nvd/cve-2024-6119

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/dev-tools:0.9 (alpine 3.20.3)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/nginx:1.27.0 (alpine 3.19.3)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
libcrypto3	CVE-2024-6119	MEDIUM	3.1.6-r2	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
libexpat	CVE-2024-45490	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45490
libexpat	CVE-2024-45491	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45491
libexpat	CVE-2024-45492	CRITICAL	2.6.2-r0	2.6.3-r0	https://avd.aquasec.com/nvd/cve-2024-45492
libssl3	CVE-2024-6119	MEDIUM	3.1.6-r2	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
openssl	CVE-2024-6119	MEDIUM	3.1.6-r2	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/traefik_openssl:2.11.2 (alpine 3.19.1)

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
libcrypto3	CVE-2024-6119	MEDIUM	3.1.6-r2	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
libssl3	CVE-2024-6119	MEDIUM	3.1.6-r2	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119
openssl	CVE-2024-6119	MEDIUM	3.1.6-r2	3.1.7-r0	https://avd.aquasec.com/nvd/cve-2024-6119

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.4 (alpine 3.20.3)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.1 (alpine 3.20.3)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.5 (alpine 3.20.3)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.0 (alpine 3.20.3)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.3 (alpine 3.20.3)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.6 (alpine 3.20.3)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/php-fpm:8.2 (ubuntu 22.04)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/php-fpm:8.3 (ubuntu 24.04)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/php-fpm:8.1 (ubuntu 22.04)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.2 (alpine 3.20.3)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/mu-plugins:0.1 (alpine 3.20.3)

No vulnerabilities found.

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:trunk (alpine 3.20.3)

No vulnerabilities found.

sjinks commented 1 month ago

@dependabot rebase

github-actions[bot] commented 1 month ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/alpine:3.20.3 (alpine 3.20.3)

No vulnerabilities found.

Automattic / vip-container-images