Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump up Trivy version to v0.59.1 #2406

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

chore: bump up Trivy version to v0.59.1 #2406

wants to merge 6 commits into from
+1,043 −331

Conversation

afdesk
Copy link
Contributor

@afdesk afdesk commented Jan 30, 2025
edited
Loading

Description

This PR bumps up Trivy version to v0.59.0.

Also this PR:

Before:

aquasecurity/trivy-operator:dev (alpine 3.20.3)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)


usr/local/bin/trivy-operator (gobinary)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │        Fixed Version        │                            Title                             │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-45336 │ MEDIUM   │ fixed  │ v1.23.4           │ 1.22.11, 1.23.5, 1.24.0-rc2 │ golang: net/http: net/http: sensitive headers incorrectly    │
│         │                │          │        │                   │                             │ sent after cross-domain redirect                             │
│         │                │          │        │                   │                             │ https://avd.aquasec.com/nvd/cve-2024-45336                   │
│         ├────────────────┤          │        │                   │                             ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2024-45341 │          │        │                   │                             │ golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can │
│         │                │          │        │                   │                             │ bypass URI name...                                           │
│         │                │          │        │                   │                             │ https://avd.aquasec.com/nvd/cve-2024-45341                   │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────┴──────────────────────────────────────────────────────────────┘

After:

aquasecurity/trivy-operator:dev (alpine 3.20.3)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Related issues

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@github-actions github-actions bot added the misc label Jan 30, 2025
@afdesk afdesk requested a review from simar7 January 30, 2025 11:27
@afdesk afdesk added deps and removed misc labels Jan 30, 2025
@github-actions github-actions bot added the misc label Jan 30, 2025
@afdesk afdesk marked this pull request as ready for review January 30, 2025 12:16
This was referenced Jan 30, 2025
Open
Open
@afdesk afdesk changed the title chore: bump up Trivy version to v0.59.0 chore: bump up Trivy version to v0.59.1 Feb 4, 2025
@afdesk afdesk marked this pull request as draft February 5, 2025 07:23
@afdesk afdesk marked this pull request as ready for review February 5, 2025 08:46
@afdesk
Copy link
Contributor Author

afdesk commented Feb 5, 2025

@simar7 this PR is ready for your review.
thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simar7 simar7 Awaiting requested review from simar7

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
deps misc
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Report vulns of image include trivy vulnerabilities
2 participants
@afdesk @simar7