Closed phil-davis closed 2 months ago
Lock file operations: 0 installs, 7 updates, 0 removals - Upgrading guzzlehttp/guzzle (7.7.0 => 7.8.1) - Upgrading guzzlehttp/promises (2.0.0 => 2.0.2) - Upgrading guzzlehttp/psr7 (2.5.0 => 2.6.2) - Upgrading league/mime-type-detection (1.11.0 => 1.12.0) - Upgrading psr/http-client (1.0.2 => 1.0.3) - Upgrading psr/http-factory (1.0.2 => 1.1.0) - Upgrading symfony/deprecation-contracts (v2.5.2 => v2.5.3) Writing lock file
This should help with the Trivy messages: https://drone.owncloud.com/owncloud-docker/server/1772/2/6
var/www/owncloud/apps/files_external_dropbox/vendor/composer/installed.json (composer-vendor) ============================================================================================= Total: 1 (HIGH: 1, CRITICAL: 0) ┌─────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────┤ │ guzzlehttp/psr7 │ CVE-2023-29197 │ HIGH │ fixed │ 2.4.0 │ 2.4.5, 1.9.1 │ guzzlehttp/psr7 is a PSR-7 HTTP message library │ │ │ │ │ │ │ │ implementation in PHP. ... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-29197 │ └─────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────┘
Actually this bump is not strictly necessary, but a release is necessary to get a high-enough version of guzzlehttp/psr7 in the 10.15.0 bundle.
guzzlehttp/psr7
But we may as well have these latest PHP dependencies.
This should help with the Trivy messages: https://drone.owncloud.com/owncloud-docker/server/1772/2/6