Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update alpine to 3.16.1 #627

Merged
merged 1 commit into from
Jul 28, 2022
Merged

Update alpine to 3.16.1 #627

merged 1 commit into from
Jul 28, 2022

Conversation

EppO
Copy link
Contributor

@EppO EppO commented Jul 28, 2022

Description of your changes

This change upgrade the alpine base image used by terraform-docs from 3.16.0 to 3.16.1

Vulnerabilities flagged for alpine 3.16.0

terraform-docs:master (alpine 3.16.0)

Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 4, CRITICAL: 0)

┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
│   Library    │ Vulnerability  │ Severity │ Installed Version │ Fixed Version │                           Title                            │
├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ busybox      │ CVE-2022-30065 │ HIGH     │ 1.35.0-r13        │ 1.35.0-r15    │ busybox: A use-after-free in Busybox's awk applet leads to │
│              │                │          │                   │               │ denial of service...                                       │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-30065                 │
├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ libcrypto1.1 │ CVE-2022-2097  │ HIGH     │ 1.1.1o-r0         │ 1.1.1q-r0     │ openssl: AES OCB fails to encrypt some bytes               │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-2097                  │
├──────────────┤                │          │                   │               │                                                            │
│ libssl1.1    │                │          │                   │               │                                                            │
│              │                │          │                   │               │                                                            │
├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ ssl_client   │ CVE-2022-30065 │ HIGH     │ 1.35.0-r13        │ 1.35.0-r15    │ busybox: A use-after-free in Busybox's awk applet leads to │
│              │                │          │                   │               │ denial of service...                                       │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-30065                 │
└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘

I have:

How has this code been tested

terraform-docs:latestalpine (alpine 3.16.1)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

@EppO EppO force-pushed the patch-1 branch 2 times, most recently from 4d1cbcc to 0ece7f8 Compare July 28, 2022 16:08
@khos2ow
Copy link
Member

khos2ow commented Jul 28, 2022

Thanks @EppO, lgtm, can you also update scripts/release/Dockerfile?

@EppO
Update Alpine base image to 3.16.1
5638b29 
3.16.1 fixes 4 high vulnerabilities present in Alpine 3.16.0

Signed-off-by: Florent Monbillard <f.monbillard@gmail.com>
@khos2ow khos2ow added the docker label Jul 28, 2022
@khos2ow khos2ow merged commit 69dbe98 into terraform-docs:master Jul 28, 2022
@EppO EppO deleted the patch-1 branch July 28, 2022 18:25
@khos2ow khos2ow added this to In progress in v0.17 via automation Dec 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khos2ow khos2ow khos2ow approved these changes

Assignees
No one assigned
Labels
docker size/XS
Projects
No open projects
v0.17
In progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@EppO @khos2ow