-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gosu is bringing many cves that won't be taken care of #1292
Comments
Duplicate of #1271 See especially #1271 (comment), https://github.com/tianon/gosu/blob/4233b796eeb3ba76c8597a46d89eab1f116188e2/SECURITY.md, and https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves To be explicitly clear, there are no "vulnerabilities" in |
Well your project shouldn't be included in that image of postgres. Even if there is only one real CVE you should fix it. |
To the contrary, I'm not pushing back on "maintaining" anything -- I'm pushing back on the idea that naive tools should "rule" all our workflows, especially when there's trivially available information that they could be consuming to fix their reports. The way I'm maintaining my builds of |
The last release of Gosu is one year old and the owner of the codebase is not planning on updating the go version.
postgres/17/bullseye/Dockerfile
Line 31 in 0b87a9b
redis/docker-library-redis#424
tianon/gosu#136
The text was updated successfully, but these errors were encountered: