[Image Vulnerability] Medium severity Vulnerabilities Found in "ghcr.io/kanisterio/kanister-tools" Image

kanisterio / kanister

An extensible framework for application-level data management on Kubernetes

https://kanister.io

Apache License 2.0

755 stars 154 forks source link

[Image Vulnerability] Medium severity Vulnerabilities Found in "ghcr.io/kanisterio/kanister-tools" Image #2954

Open hairyhum opened 3 months ago

hairyhum commented 3 months ago

Vulnerabilities found in restic package in https://github.com/kanisterio/kanister/actions/runs/9617677922/job/26529954933

Restic did not update upstream dependencies for a while and it looks like they work on next minor version 0.17 instead.

Things we can do:

Ask them to create a new patch version with updated dependencies https://github.com/restic/restic/issues/4873
Patch dependencies ourselves and build from a fork
Build from master (might contain incompatible changes)

github-actions[bot] commented 3 months ago

Thanks for opening this issue :+1:. The team will review it shortly.

If this is a bug report, make sure to include clear instructions how on to reproduce the problem with minimal reproducible examples, where possible. If this is a security report, please review our security policy as outlined in SECURITY.md.

If you haven't already, please take a moment to review our project's Code of Conduct document.