Skip to content

chore: update docker images#2091

Merged
samrose merged 3 commits intodevelopfrom
chore/bump-docker-images
Mar 22, 2026
Merged

chore: update docker images#2091
samrose merged 3 commits intodevelopfrom
chore/bump-docker-images

Conversation

@staaldraad
Copy link
Copy Markdown
Member

@staaldraad staaldraad commented Mar 19, 2026

Updates builder alpine versions. Updates gosu to latest version and builds using latest golang

Trivy scan report 

Report Summary

┌──────────────────────────────────────────────────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                                      Target                                      │   Type   │ Vulnerabilities │ Secrets │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ sbpg (alpine 3.23.3)                                                             │  alpine  │        2        │    -    │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ nix/store/7qs87q8vs0il1gcp50d370wxj6h4bjx2-supabase-groonga-14.0.5/share/groong- │ node-pkg │        4        │    -    │
│ a/html/admin/assets/jquery-ui-1.12.1/package.json                                │          │                 │         │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ nix/store/ah8dsz4x71czpqiwnkysqfbb0x3xqvrm-source/Cargo.lock                     │  cargo   │        2        │    -    │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ usr/local/bin/gosu                                                               │ gobinary │        0        │    -    │
├──────────────────────────────────────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ /nix/store/2ryvqnw8g2lcrvij4hqlm1ihflw2x3hd-ipa-priv-key.pem                     │   text   │        -        │    1    │
└──────────────────────────────────────────────────────────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


sbpg (alpine 3.23.3)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                            │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ zlib    │ CVE-2026-22184 │ HIGH     │ fixed  │ 1.3.1-r2          │ 1.3.2-r0      │ zlib: zlib: Arbitrary code execution via buffer overflow in │
│         │                │          │        │                   │               │ untgz utility                                               │
│         │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-22184                  │
│         ├────────────────┼──────────┤        │                   │               ├─────────────────────────────────────────────────────────────┤
│         │ CVE-2026-27171 │ MEDIUM   │        │                   │               │ zlib: zlib: Denial of Service via infinite loop in CRC32    │
│         │                │          │        │                   │               │ combine functions...                                        │
│         │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-27171                  │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

Node.js (node-pkg)

Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 0, CRITICAL: 0)

┌──────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
│         Library          │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                           Title                           │
├──────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤
│ jquery-ui (package.json) │ CVE-2021-41182 │ MEDIUM   │ fixed  │ 1.12.1            │ 1.13.0        │ jquery-ui: XSS in the altField option of the datepicker   │
│                          │                │          │        │                   │               │ widget                                                    │
│                          │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2021-41182                │
│                          ├────────────────┤          │        │                   │               ├───────────────────────────────────────────────────────────┤
│                          │ CVE-2021-41183 │          │        │                   │               │ jquery-ui: XSS in *Text options of the datepicker widget  │
│                          │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2021-41183                │
│                          ├────────────────┤          │        │                   │               ├───────────────────────────────────────────────────────────┤
│                          │ CVE-2021-41184 │          │        │                   │               │ jquery-ui: XSS in the 'of' option of the .position() util │
│                          │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2021-41184                │
│                          ├────────────────┤          │        │                   ├───────────────┼───────────────────────────────────────────────────────────┤
│                          │ CVE-2022-31160 │          │        │                   │ 1.13.2        │ jqueryui: XSS when refreshing a checkboxradio with an     │
│                          │                │          │        │                   │               │ HTML-like initial text label...                           │
│                          │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2022-31160                │
└──────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘

nix/store/ah8dsz4x71czpqiwnkysqfbb0x3xqvrm-source/Cargo.lock (cargo)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                           Title                            │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ bytes   │ CVE-2026-25541 │ MEDIUM   │ fixed  │ 1.6.0             │ 1.11.1        │ Bytes is a utility library for working with bytes. From    │
│         │                │          │        │                   │               │ version 1.2.1...                                           │
│         │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2026-25541                 │
├─────────┼────────────────┤          │        ├───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ idna    │ CVE-2024-12224 │          │        │ 0.5.0             │ 1.0.0         │ idna: idna accepts Punycode labels that do not produce any │
│         │                │          │        │                   │               │ non-ASCII when...                                          │
│         │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-12224                 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘

@staaldraad staaldraad requested review from a team as code owners March 19, 2026 16:43
samrose
samrose approved these changes Mar 20, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@samrose samrose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I advanced the vars so that it will release images to registries

@samrose samrose enabled auto-merge March 22, 2026 15:20
@samrose samrose added this pull request to the merge queue Mar 22, 2026
Merged via the queue into develop with commit 76cd0d8 Mar 22, 2026
48 checks passed
@samrose samrose deleted the chore/bump-docker-images branch March 22, 2026 16:52
@ImreSamu ImreSamu mentioned this pull request Mar 30, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samrose samrose samrose approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@staaldraad @samrose