Update indirect docker dependency for CVE-2023-28840 #50

andyasp · 2023-04-20T16:41:25Z

CVE-2023-28840 popped up again after merging #49
This is only relevant to the integration tests and appeasing scanners.

$ go mod why -m github.com/docker/docker
# github.com/docker/docker
github.com/grafana/rollout-operator/integration/k3t
github.com/k3d-io/k3d/v5/pkg/client
github.com/k3d-io/k3d/v5/pkg/runtimes/docker
github.com/docker/docker/api/types

I didn't include a changelog entry due to this and #49 says "including" to not list other indirect dependencies.

56quarters

Gotta make the scanners happy. LGTM, thanks!

Update indirect docker dependency for CVE-2023-28840

b07c2dc

andyasp added the chore label Apr 20, 2023

andyasp requested a review from a team as a code owner April 20, 2023 16:41

56quarters approved these changes Apr 20, 2023

View reviewed changes

andyasp merged commit cd69d8c into main Apr 20, 2023
4 checks passed

andyasp deleted the aasp/docker-cve branch April 20, 2023 17:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update indirect docker dependency for CVE-2023-28840 #50

Update indirect docker dependency for CVE-2023-28840 #50

andyasp commented Apr 20, 2023 •

edited

56quarters left a comment

Update indirect docker dependency for CVE-2023-28840 #50

Update indirect docker dependency for CVE-2023-28840 #50

Conversation

andyasp commented Apr 20, 2023 • edited

56quarters left a comment

Choose a reason for hiding this comment

andyasp commented Apr 20, 2023 •

edited