guardrails[bot]
commented
1 year ago :warning: We detected 6 security issues in this pull request:
Mode: paranoid | Total findings: 6 | Considered vulnerability: 6
Vulnerable Libraries (6)
Severity | Details ----- | -------- N/A | [pkg:golang/github.com/evanphx/json-patch@v0.0.0-20190203023257-5858425f7550@v0.0.0-20190203023257-5858425f7550](https://github.com/turkdevops/play-with-docker/blob/780e141eda5e109e27e3905307bd0133a93fb98d/go.sum#L80) upgrade to: *0.5.2* High | [pkg:golang/github.com/gogo/protobuf@v0.0.0-20171007142547-342cbe0a0415@v0.0.0-20171007142547-342cbe0a0415](https://github.com/turkdevops/play-with-docker/blob/780e141eda5e109e27e3905307bd0133a93fb98d/go.sum#L94) upgrade to: *1.3.2* N/A | [pkg:golang/golang.org/x/text@v0.3.1-0.20181227161524-e6919f6577db@v0.3.1-0.20181227161524-e6919f6577db](https://github.com/turkdevops/play-with-docker/blob/780e141eda5e109e27e3905307bd0133a93fb98d/go.sum#L409) upgrade to: *0.3.8* High | [pkg:golang/golang.org/x/net@v0.0.0-20180906233101-161cd47e91fd@v0.0.0-20180906233101-161cd47e91fd](https://github.com/turkdevops/play-with-docker/blob/780e141eda5e109e27e3905307bd0133a93fb98d/go.sum#L324) upgrade to: *0.0.0-20190125002852-4b62a64f59f7,0.0.0-20190125002852-4b62a64f59f7* High | [pkg:golang/golang.org/x/net@v0.0.0-20190812203447-cdfb69ac37fc@v0.0.0-20190812203447-cdfb69ac37fc](https://github.com/turkdevops/play-with-docker/blob/780e141eda5e109e27e3905307bd0133a93fb98d/go.sum#L336) upgrade to: *0.0.0-20190813141303-74dc4d7220e7,0.0.0-20190813141303-74dc4d7220e7* N/A | [pkg:golang/golang.org/x/sys@v0.0.0-20180909124046-d0be0721c37e@v0.0.0-20180909124046-d0be0721c37e](https://github.com/turkdevops/play-with-docker/blob/780e141eda5e109e27e3905307bd0133a93fb98d/go.sum#L369) upgrade to: *1.17.10,1.18.2,0.0.0-20220412211240-33da011f77ad* More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
Bumps k8s.io/apimachinery from 0.0.0-20171027084411-18a564baac72 to 0.15.7.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/turkdevops/play-with-docker/network/alerts).