deps(deps): update docker/bake-action action to v5.11.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
docker/bake-action	action	minor	v5.10.0 -> v5.11.0

---

Release Notes

docker/bake-action (docker/bake-action)

v5.11.0

Compare Source

• Allow filesystem entitlements by default by @​crazy-max in https://github.com/docker/bake-action/pull/270
• Throw error message instead of exit code when parsing definition by @​crazy-max in https://github.com/docker/bake-action/pull/271
• Bump @​actions/core from 1.10.1 to 1.11.1 in https://github.com/docker/bake-action/pull/256
• Bump @​docker/actions-toolkit from 0.39.0 to 0.47.0 in https://github.com/docker/bake-action/pull/275
• Bump cross-spawn from 7.0.3 to 7.0.6 in https://github.com/docker/bake-action/pull/267

list-targets subaction changes:

• Allow passing multi-line files by @​shink in https://github.com/docker/bake-action/pull/247 https://github.com/docker/bake-action/pull/257

Full Changelog: docker/bake-action@v5.10.0...v5.11.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-base:latest

📦 Image Reference wayofdev/php-base:latest

digest	sha256:3781b736b83face6bdaa73f7bd6e82846f34f4b9add83176037c55d5eccb199f
vulnerabilities
size	75 MB
packages	100

📦 Base Image php:8-fpm-alpine

also known as	8-fpm-alpine3.20 8.4-fpm-alpine 8.4-fpm-alpine3.20 8.4.1-fpm-alpine 8.4.1-fpm-alpine3.20 fpm-alpine fpm-alpine3.20
digest	sha256:fcc2fccfa511b898a78e97e8a978fa41d54242dd54b729f9f9b76ef1398a75ed
vulnerabilities

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-base:latest

Base image is php:8-fpm-alpine

Name	fpm-alpine3.20
Digest	sha256:fcc2fccfa511b898a78e97e8a978fa41d54242dd54b729f9f9b76ef1398a75ed
Vulnerabilities
Pushed	1 week ago
Size	38 MB
Packages	51
Flavor	alpine
OS	3.20

The base image is also available under the supported tag(s): 8-fpm-alpine3.20, 8.4-fpm-alpine, 8.4-fpm-alpine3.20, 8.4.1-fpm-alpine, 8.4.1-fpm-alpine3.20, fpm-alpine, fpm-alpine3.20

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3-fpm-alpine Minor runtime version update Also known as: 8.3.14-fpm-alpine 8.3.14-fpm-alpine3.20 8.3-fpm-alpine3.20	Benefits: Same OS detected Minor runtime version update Image is smaller by 3.3 MB Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 35 MB Flavor: alpine OS: 3.20 Runtime: 8.3.14	1 week ago
8.2-fpm-alpine Minor runtime version update Also known as: 8.2.26-fpm-alpine 8.2.26-fpm-alpine3.20 8.2-fpm-alpine3.20	Benefits: Same OS detected Minor runtime version update Image is smaller by 3.9 MB Image has same number of vulnerabilities Image contains equal number of packages 8.2-fpm-alpine was pulled 4.1K times last month Image details: Size: 34 MB Flavor: alpine OS: 3.20 Runtime: 8.2.26	1 week ago
8.1-fpm-alpine Minor runtime version update Also known as: 8.1.31-fpm-alpine 8.1.31-fpm-alpine3.20 8.1-fpm-alpine3.20	Benefits: Same OS detected Minor runtime version update Image is smaller by 4.3 MB Image has same number of vulnerabilities Image contains equal number of packages 8.1-fpm-alpine is the fourth most popular tag with 18K pulls per month Image details: Size: 34 MB Flavor: alpine OS: 3.20 Runtime: 8.1.31	1 week ago

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:latest

📦 Image Reference moby/buildkit:latest

digest	sha256:14bbc014b2ce1cb8cda80aa08570df9df4f2b5f2470c6060a8c6ecee51d21ed6
vulnerabilities
size	104 MB
packages	239

📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10

also known as	3 3.20 3.20.3 latest
digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/stdlib@1.22.4 Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.04% EPSS Percentile 17th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.19% EPSS Percentile 57th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

[github-actions]

Outdated

🔍 Vulnerabilities of wayofdev/php-base:latest

📦 Image Reference wayofdev/php-base:latest

digest	sha256:1afc9529cca3d8f2a0681368598ad440beab7844d33c224a88adac03c128dd09
vulnerabilities
size	99 MB
packages	120

📦 Base Image php:8-alpine

also known as	8-alpine3.20 8-cli-alpine 8-cli-alpine3.20 8.4-alpine 8.4-alpine3.20 8.4-cli-alpine 8.4-cli-alpine3.20 8.4.1-alpine 8.4.1-alpine3.20 8.4.1-cli-alpine 8.4.1-cli-alpine3.20 alpine alpine3.20 cli-alpine cli-alpine3.20 db33346c0570ac13b47213e8a043fece5c6adf3ee623fd9510c2240e2dcd6e41
digest	sha256:5a28a9586b767a3babf285b1bfe3dd7eda5b3ff64a5f79ce3fa93d076c022f60
vulnerabilities

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:latest

Base image is alpine:3

Name	3.20.3
Digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	17
OS	3.20.3

The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image wayofdev/php-base:latest

Base image is php:8-alpine

Name	8.4.1-alpine3.20
Digest	sha256:5a28a9586b767a3babf285b1bfe3dd7eda5b3ff64a5f79ce3fa93d076c022f60
Vulnerabilities
Pushed	1 week ago
Size	44 MB
Packages	50
Flavor	alpine
OS	3.20
Runtime	8.4.1

The base image is also available under the supported tag(s): 8-alpine3.20, 8-cli-alpine, 8-cli-alpine3.20, 8.4-alpine, 8.4-alpine3.20, 8.4-cli-alpine, 8.4-cli-alpine3.20, 8.4.1-alpine, 8.4.1-alpine3.20, 8.4.1-cli-alpine, 8.4.1-cli-alpine3.20, alpine, alpine3.20, cli-alpine, cli-alpine3.20

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilities
size	102 MB
packages	247

📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10

also known as	3 3.20 3.20.3 latest
digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/stdlib@1.22.4 Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.04% EPSS Percentile 17th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.19% EPSS Percentile 57th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilities
size	102 MB
packages	247

📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10

also known as	3 3.20 3.20.3 latest
digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/stdlib@1.22.4 Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.04% EPSS Percentile 17th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.19% EPSS Percentile 57th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.20.3
Digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	17
OS	3.20.3

The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilities
size	102 MB
packages	247

📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10

also known as	3 3.20 3.20.3 latest
digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/stdlib@1.22.4 Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.04% EPSS Percentile 17th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.19% EPSS Percentile 57th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.20.3
Digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	17
OS	3.20.3

The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:latest

📦 Image Reference moby/buildkit:latest

digest	sha256:14bbc014b2ce1cb8cda80aa08570df9df4f2b5f2470c6060a8c6ecee51d21ed6
vulnerabilities
size	104 MB
packages	239

📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10

also known as	3 3.20 3.20.3 latest
digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/stdlib@1.22.4 Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.04% EPSS Percentile 17th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.19% EPSS Percentile 57th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.20.3
Digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	17
OS	3.20.3

The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:latest

Base image is alpine:3

Name	3.20.3
Digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	17
OS	3.20.3

The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilities
size	102 MB
packages	247

📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10

also known as	3 3.20 3.20.3 latest
digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/stdlib@1.22.4 Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.04% EPSS Percentile 17th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.19% EPSS Percentile 57th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilities
size	102 MB
packages	247

📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10

also known as	3 3.20 3.20.3 latest
digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/stdlib@1.22.4 Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.04% EPSS Percentile 17th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.19% EPSS Percentile 57th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:latest

📦 Image Reference moby/buildkit:latest

digest	sha256:14bbc014b2ce1cb8cda80aa08570df9df4f2b5f2470c6060a8c6ecee51d21ed6
vulnerabilities
size	104 MB
packages	239

📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10

also known as	3 3.20 3.20.3 latest
digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/stdlib@1.22.4 Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.04% EPSS Percentile 17th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.19% EPSS Percentile 57th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.20.3
Digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	17
OS	3.20.3

The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.20.3
Digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	17
OS	3.20.3

The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilities
size	102 MB
packages	247

📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10

also known as	3 3.20 3.20.3 latest
digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/stdlib@1.22.4 Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.04% EPSS Percentile 17th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.19% EPSS Percentile 57th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:latest

Base image is alpine:3

Name	3.20.3
Digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	17
OS	3.20.3

The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.20.3
Digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	17
OS	3.20.3

The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1

digest	sha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilities
size	102 MB
packages	247

📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10

also known as	3 3.20 3.20.3 latest
digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilities

stdlib 1.22.4 (golang) pkg:golang/stdlib@1.22.4 Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.04% EPSS Percentile 17th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.19% EPSS Percentile 57th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

[github-actions]

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name	3.20.3
Digest	sha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilities
Pushed	2 months ago
Size	3.6 MB
Packages	17
OS	3.20.3

The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.