search

Automattic / vip-container-images

Multipurpose VIP Docker container images (primarily meant for use with the VIP Local Development Environment)
https://docs.wpvip.com/technical-references/vip-local-development-environment/
16 stars 4 forks source link

chore(deps): Bump anchore/sbom-action from 0.17.2 to 0.17.5 in /.github/actions/build-docker-image #933

Closed dependabot[bot] closed 5 hours ago

dependabot[bot] commented 7 hours ago

Bumps anchore/sbom-action from 0.17.2 to 0.17.5.

Release notes

Sourced from anchore/sbom-action's releases.

v0.17.5

Changes in v0.17.5

v0.17.4

Changes in v0.17.4

v0.17.3

Changes in v0.17.3

Commits
  • 1ca97d9 chore(deps): update Syft to v1.14.2 (#503)
  • 8d0a650 chore(deps): update Syft to v1.14.1 (#502)
  • f5e124a chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 (#493)
  • eff08d0 chore: configure changelog-ignore label (#499)
  • 18f9bde chore: remove snapshot tests; fix deprecation errors for outdated packages (#...
  • 2e87236 add release docs (#500)
  • 4a914bc chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#497)
  • 8cb9966 chore(deps): update Syft to v1.14.0 (#498)
  • beb779b Update README to include bit about permissions near the top (#496)
  • 87b3137 chore(deps): update Syft to v1.13.0 (#488)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/dev-tools:0.9 (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/skeleton:latest (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/photon:latest (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.5 (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/alpine:3.20.3 (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.4 (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.1 (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.2 (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.6 (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/nginx:1.27.2 (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
openssl CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.0 (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.3 (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/traefik_openssl:2.11.2 (alpine 3.19.1)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.1.7-r0 3.1.7-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.1.7-r0 3.1.7-r1 https://avd.aquasec.com/nvd/cve-2024-9143
openssl CVE-2024-9143 LOW 3.1.7-r0 3.1.7-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/php-fpm:8.3 (ubuntu 24.04)

Package Vulnerability ID Severity Installed Version Fixed Version Links
nano CVE-2024-5742 LOW 7.2-2build1 7.2-2ubuntu0.1 https://avd.aquasec.com/nvd/cve-2024-5742
vim CVE-2024-43802 MEDIUM 2:9.1.0016-1ubuntu7.2 2:9.1.0016-1ubuntu7.3 https://avd.aquasec.com/nvd/cve-2024-43802
vim-common CVE-2024-43802 MEDIUM 2:9.1.0016-1ubuntu7.2 2:9.1.0016-1ubuntu7.3 https://avd.aquasec.com/nvd/cve-2024-43802
vim-runtime CVE-2024-43802 MEDIUM 2:9.1.0016-1ubuntu7.2 2:9.1.0016-1ubuntu7.3 https://avd.aquasec.com/nvd/cve-2024-43802
xxd CVE-2024-43802 MEDIUM 2:9.1.0016-1ubuntu7.2 2:9.1.0016-1ubuntu7.3 https://avd.aquasec.com/nvd/cve-2024-43802
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/php-fpm:8.1 (ubuntu 22.04)

Package Vulnerability ID Severity Installed Version Fixed Version Links
nano CVE-2024-5742 LOW 6.2-1 6.2-1ubuntu0.1 https://avd.aquasec.com/nvd/cve-2024-5742
vim CVE-2024-43802 MEDIUM 2:8.2.3995-1ubuntu2.18 2:8.2.3995-1ubuntu2.19 https://avd.aquasec.com/nvd/cve-2024-43802
vim-common CVE-2024-43802 MEDIUM 2:8.2.3995-1ubuntu2.18 2:8.2.3995-1ubuntu2.19 https://avd.aquasec.com/nvd/cve-2024-43802
vim-runtime CVE-2024-43802 MEDIUM 2:8.2.3995-1ubuntu2.18 2:8.2.3995-1ubuntu2.19 https://avd.aquasec.com/nvd/cve-2024-43802
xxd CVE-2024-43802 MEDIUM 2:8.2.3995-1ubuntu2.18 2:8.2.3995-1ubuntu2.19 https://avd.aquasec.com/nvd/cve-2024-43802
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:6.7 (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/php-fpm:8.2 (ubuntu 22.04)

Package Vulnerability ID Severity Installed Version Fixed Version Links
nano CVE-2024-5742 LOW 6.2-1 6.2-1ubuntu0.1 https://avd.aquasec.com/nvd/cve-2024-5742
vim CVE-2024-43802 MEDIUM 2:8.2.3995-1ubuntu2.18 2:8.2.3995-1ubuntu2.19 https://avd.aquasec.com/nvd/cve-2024-43802
vim-common CVE-2024-43802 MEDIUM 2:8.2.3995-1ubuntu2.18 2:8.2.3995-1ubuntu2.19 https://avd.aquasec.com/nvd/cve-2024-43802
vim-runtime CVE-2024-43802 MEDIUM 2:8.2.3995-1ubuntu2.18 2:8.2.3995-1ubuntu2.19 https://avd.aquasec.com/nvd/cve-2024-43802
xxd CVE-2024-43802 MEDIUM 2:8.2.3995-1ubuntu2.18 2:8.2.3995-1ubuntu2.19 https://avd.aquasec.com/nvd/cve-2024-43802
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/wordpress:trunk (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
github-actions[bot] commented 7 hours ago

Trivy Scan Report

ghcr.io/automattic/vip-container-images/mu-plugins:0.1 (alpine 3.20.3)

Package Vulnerability ID Severity Installed Version Fixed Version Links
libcrypto3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143
libssl3 CVE-2024-9143 LOW 3.3.2-r0 3.3.2-r1 https://avd.aquasec.com/nvd/cve-2024-9143