shipwright-io / build

Shipwright - a framework for building container images on Kubernetes

https://shipwright.io

Apache License 2.0

654 stars 111 forks source link

Bump `github.com/docker/docker` dependencies #1590

Closed HeavyWombat closed 5 months ago

HeavyWombat commented 5 months ago

Changes

Ref: https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9

Update to address vulnerability finding.

Submitter Checklist

[ ] Includes tests if functionality changed/was added
[ ] Includes docs if changes are user-facing
[X] Set a kind label on this PR
[X] Release notes block has been filled in, or marked NONE

See the contributor guide for details on coding conventions, github and prow interactions, and the code review process.

Release Notes

NONE

qu1queee commented 5 months ago

thanks. What about https://github.com/shipwright-io/build/pull/1589 ? seems it tries to address the same.

HeavyWombat commented 5 months ago

thanks. What about #1589 ? seems it tries to address the same.

This was only addressing the github.com/docker/cli dependency, but there seems to be another finding. At least this what the vulnerability scanner told me, so I figured it makes sense to bump all github.com/docker repositories, including the one that is only an indirect dependency.

openshift-ci[bot] commented 5 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: qu1queee

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/shipwright-io/build/blob/main/OWNERS)~~ [qu1queee] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment