chore(master): release 2.8.16 #103

lotyp · 2025-05-18T15:15:33Z

🤖 I have created a release beep boop

2.8.16 (2025-05-18)

Dependencies

deps: update ansible/ansible-lint action to v25.4.0 (#99) (37ab637)
deps: update davidanson/markdownlint-cli2-action action to v20 (#100) (af82c8b)
deps: update googleapis/release-please-action action to v4.2.0 (#98) (54cab40)

This PR was generated with Release Please. See documentation.

github-actions · 2025-05-18T15:17:21Z

Outdated

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

📦 Image Reference moby/buildkit:buildx-stable-1

digest	`sha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced`
vulnerabilities
platform	linux/amd64
size	104 MB
packages	248

📦 Base Image alpine:3

also known as	`3.21` `3.21.3` `latest`
digest	`sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474`
vulnerabilities

stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

Affected range	`<1.23.8`
Fixed version	`1.23.8`
EPSS Score	`0.018%`
EPSS Percentile	`3rd percentile`

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.054%`
EPSS Percentile	`17th percentile`

Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.108%`
EPSS Percentile	`30th percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Affected range	`>=1.22.0-0 <1.22.5`
Fixed version	`1.22.5`
EPSS Score	`0.200%`
EPSS Percentile	`43rd percentile`

Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.127%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

github-actions · 2025-05-18T15:17:23Z

Outdated

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-18T15:17:42Z

Outdated

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

📦 Image Reference moby/buildkit:buildx-stable-1

digest	`sha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced`
vulnerabilities
platform	linux/amd64
size	104 MB
packages	248

📦 Base Image alpine:3

also known as	`3.21` `3.21.3` `latest`
digest	`sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474`
vulnerabilities

stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

Affected range	`<1.23.8`
Fixed version	`1.23.8`
EPSS Score	`0.018%`
EPSS Percentile	`3rd percentile`

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.054%`
EPSS Percentile	`17th percentile`

Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.108%`
EPSS Percentile	`30th percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Affected range	`>=1.22.0-0 <1.22.5`
Fixed version	`1.22.5`
EPSS Score	`0.200%`
EPSS Percentile	`43rd percentile`

Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.127%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

github-actions · 2025-05-18T15:17:44Z

Outdated

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-18T15:17:53Z

Outdated

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

📦 Image Reference moby/buildkit:buildx-stable-1

digest	`sha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced`
vulnerabilities
platform	linux/amd64
size	104 MB
packages	248

📦 Base Image alpine:3

also known as	`3.21` `3.21.3` `latest`
digest	`sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474`
vulnerabilities

stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

Affected range	`<1.23.8`
Fixed version	`1.23.8`
EPSS Score	`0.018%`
EPSS Percentile	`3rd percentile`

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.054%`
EPSS Percentile	`17th percentile`

Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.108%`
EPSS Percentile	`30th percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Affected range	`>=1.22.0-0 <1.22.5`
Fixed version	`1.22.5`
EPSS Score	`0.200%`
EPSS Percentile	`43rd percentile`

Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.127%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

github-actions · 2025-05-18T15:17:55Z

Outdated

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-18T15:17:57Z

Outdated

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

📦 Image Reference moby/buildkit:buildx-stable-1

digest	`sha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced`
vulnerabilities
platform	linux/amd64
size	104 MB
packages	248

📦 Base Image alpine:3

also known as	`3.21` `3.21.3` `latest`
digest	`sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474`
vulnerabilities

stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

Affected range	`<1.23.8`
Fixed version	`1.23.8`
EPSS Score	`0.018%`
EPSS Percentile	`3rd percentile`

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.054%`
EPSS Percentile	`17th percentile`

Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.108%`
EPSS Percentile	`30th percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Affected range	`>=1.22.0-0 <1.22.5`
Fixed version	`1.22.5`
EPSS Score	`0.200%`
EPSS Percentile	`43rd percentile`

Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.127%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

github-actions · 2025-05-18T15:17:58Z

Outdated

🔍 Vulnerabilities of `wayofdev/php-dev:latest`

📦 Image Reference wayofdev/php-dev:latest

digest	`sha256:5d2b3438464ac11353a0215e03aae8e39da24775afb766fd13b361c087d8ffb3`
vulnerabilities
platform	linux/amd64
size	105 MB
packages	231

📦 Base Image php:8.3-fpm-alpine

also known as	`8.3-fpm-alpine3.21` `8.3.21-fpm-alpine` `8.3.21-fpm-alpine3.21` `e6101f30b201bbb04ad5b0359f9127cb7732865bd4b64b41206416306bc5d2d3`
digest	`sha256:7850e3eed24f02f136de8adc3d3404902aaa779fc3b430165b85d9ed96e99dce`
vulnerabilities

golang.org/x/crypto 0.17.0 (golang)

pkg:golang/golang.org/x/crypto@0.17.0

Improper Authorization

Affected range	`<0.31.0`
Fixed version	`0.31.0`
CVSS Score	`9.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`
EPSS Score	`35.144%`
EPSS Percentile	`97th percentile`

Description

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.

The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions.

For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key.

Since this API is widely misused, as a partial mitigation golang.org/x/crypto@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth.

Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

Affected range	`<0.35.0`
Fixed version	`0.35.0`
EPSS Score	`0.051%`
EPSS Percentile	`16th percentile`

Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github-actions · 2025-05-18T15:17:59Z

Outdated

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-18T15:17:59Z

Outdated

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

📦 Image Reference moby/buildkit:buildx-stable-1

digest	`sha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced`
vulnerabilities
platform	linux/amd64
size	104 MB
packages	248

📦 Base Image alpine:3

also known as	`3.21` `3.21.3` `latest`
digest	`sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474`
vulnerabilities

stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

Affected range	`<1.23.8`
Fixed version	`1.23.8`
EPSS Score	`0.018%`
EPSS Percentile	`3rd percentile`

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.054%`
EPSS Percentile	`17th percentile`

Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.108%`
EPSS Percentile	`30th percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Affected range	`>=1.22.0-0 <1.22.5`
Fixed version	`1.22.5`
EPSS Score	`0.200%`
EPSS Percentile	`43rd percentile`

Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.127%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

github-actions · 2025-05-18T15:18:01Z

Outdated

Recommended fixes for image `wayofdev/php-dev:latest`

Base image is php:8.3-fpm-alpine

Name	8.3.21-fpm-alpine3.21
Digest	sha256:7850e3eed24f02f136de8adc3d3404902aaa779fc3b430165b85d9ed96e99dce
Vulnerabilities
Pushed	1 week ago
Size	33 MB
Packages	53
Flavor	alpine
OS	3.21
Runtime	8.3.21

The base image is also available under the supported tag(s): 8.3-fpm-alpine3.21, 8.3.21-fpm-alpine, 8.3.21-fpm-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
`8.4-fpm-alpine` Image has same number of vulnerabilities Also known as: 8.4.7-fpm-alpine 8.4.7-fpm-alpine3.21 8.4-fpm-alpine3.21 8-fpm-alpine 8-fpm-alpine3.21 fpm-alpine fpm-alpine3.21	Benefits: Same OS detected Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.21	1 week ago

github-actions · 2025-05-18T15:18:02Z

Outdated

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-18T15:18:05Z

Outdated

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

📦 Image Reference moby/buildkit:buildx-stable-1

digest	`sha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced`
vulnerabilities
platform	linux/amd64
size	104 MB
packages	248

📦 Base Image alpine:3

also known as	`3.21` `3.21.3` `latest`
digest	`sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474`
vulnerabilities

stdlib 1.22.4 (golang)

pkg:golang/stdlib@1.22.4

Affected range	`<1.23.8`
Fixed version	`1.23.8`
EPSS Score	`0.018%`
EPSS Percentile	`3rd percentile`

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.054%`
EPSS Percentile	`17th percentile`

Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.108%`
EPSS Percentile	`30th percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Affected range	`>=1.22.0-0 <1.22.5`
Fixed version	`1.22.5`
EPSS Score	`0.200%`
EPSS Percentile	`43rd percentile`

Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.127%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

github-actions · 2025-05-18T15:18:07Z

Outdated

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-18T15:18:14Z

Outdated

🔍 Vulnerabilities of `wayofdev/php-dev:latest`

📦 Image Reference wayofdev/php-dev:latest

digest	`sha256:1f9e5d7e596b67fe0b11f61858d7498203c3a5cef028e125995df9ae1860d6cc`
vulnerabilities
platform	linux/amd64
size	133 MB
packages	248

📦 Base Image php:8-alpine

also known as	`8-alpine3.21` `8-cli-alpine` `8-cli-alpine3.21` `8.4-alpine` `8.4-alpine3.21` `8.4-cli-alpine` `8.4-cli-alpine3.21` `8.4.7-alpine` `8.4.7-alpine3.21` `8.4.7-cli-alpine` `8.4.7-cli-alpine3.21` `alpine` `alpine3.21` `cli-alpine` `cli-alpine3.21` `db7a59aab999a309b5961761860f6eb2904a8ccbb73598579073f0a0641c8c64`
digest	`sha256:eba240a13bd3e5cf77a99c1b4c9ed1373e9622b0a8ac18fe3e7727c35dc40ded`
vulnerabilities

golang.org/x/crypto 0.17.0 (golang)

pkg:golang/golang.org/x/crypto@0.17.0

Improper Authorization

Affected range	`<0.31.0`
Fixed version	`0.31.0`
CVSS Score	`9.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`
EPSS Score	`35.144%`
EPSS Percentile	`97th percentile`

Description

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.

The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions.

For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key.

Since this API is widely misused, as a partial mitigation golang.org/x/crypto@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth.

Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

Affected range	`<0.35.0`
Fixed version	`0.35.0`
EPSS Score	`0.051%`
EPSS Percentile	`16th percentile`

Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github-actions · 2025-05-18T15:18:14Z

Outdated

🔍 Vulnerabilities of `wayofdev/php-dev:latest`

📦 Image Reference wayofdev/php-dev:latest

digest	`sha256:ee4f5bfeee73f9d8ce468741433c1371e55d0d633b2a3482f982267bac0420dc`
vulnerabilities
platform	linux/amd64
size	110 MB
packages	230

📦 Base Image php:8.3-alpine

also known as	`8.3-alpine3.21` `8.3-cli-alpine` `8.3-cli-alpine3.21` `8.3.21-alpine3.21` `8.3.21-cli-alpine` `b4a7dce0f636fdead2ad82c4cc1958885ce8f27156cc65986a5fafde3c39e039`
digest	`sha256:fdd2f8e22382a7477bee883a0a5669784e6bb67abdabbb15a1b22bc9d165b0fa`
vulnerabilities

golang.org/x/crypto 0.17.0 (golang)

pkg:golang/golang.org/x/crypto@0.17.0

Improper Authorization

Affected range	`<0.31.0`
Fixed version	`0.31.0`
CVSS Score	`9.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`
EPSS Score	`35.144%`
EPSS Percentile	`97th percentile`

Description

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.

The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions.

For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key.

Since this API is widely misused, as a partial mitigation golang.org/x/crypto@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth.

Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

Affected range	`<0.35.0`
Fixed version	`0.35.0`
EPSS Score	`0.051%`
EPSS Percentile	`16th percentile`

Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github-actions · 2025-05-18T15:18:16Z

Outdated

🔍 Vulnerabilities of `wayofdev/php-dev:latest`

📦 Image Reference wayofdev/php-dev:latest

digest	`sha256:ae2c924de6e2a5c0be520c108c677f87cbf3b479863c7370a0c31ab9b5f2aaef`
vulnerabilities
platform	linux/amd64
size	115 MB
packages	230

📦 Base Image php:8-alpine

also known as	`8-alpine3.21` `8-cli-alpine` `8-cli-alpine3.21` `8.4-alpine` `8.4-alpine3.21` `8.4-cli-alpine` `8.4-cli-alpine3.21` `8.4.7-alpine` `8.4.7-alpine3.21` `8.4.7-cli-alpine` `8.4.7-cli-alpine3.21` `alpine` `alpine3.21` `cli-alpine` `cli-alpine3.21` `db7a59aab999a309b5961761860f6eb2904a8ccbb73598579073f0a0641c8c64`
digest	`sha256:eba240a13bd3e5cf77a99c1b4c9ed1373e9622b0a8ac18fe3e7727c35dc40ded`
vulnerabilities

golang.org/x/crypto 0.17.0 (golang)

pkg:golang/golang.org/x/crypto@0.17.0

Improper Authorization

Affected range	`<0.31.0`
Fixed version	`0.31.0`
CVSS Score	`9.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`
EPSS Score	`35.144%`
EPSS Percentile	`97th percentile`

Description

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.

The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions.

For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key.

Since this API is widely misused, as a partial mitigation golang.org/x/crypto@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth.

Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

Affected range	`<0.35.0`
Fixed version	`0.35.0`
EPSS Score	`0.051%`
EPSS Percentile	`16th percentile`

Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github-actions · 2025-05-18T15:18:17Z

Outdated

Recommended fixes for image `wayofdev/php-dev:latest`

Base image is php:8.3-alpine

Name	8.3.21-alpine3.21
Digest	sha256:fdd2f8e22382a7477bee883a0a5669784e6bb67abdabbb15a1b22bc9d165b0fa
Vulnerabilities
Pushed	1 week ago
Size	37 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.3.21

The base image is also available under the supported tag(s): 8.3-alpine3.21, 8.3-cli-alpine, 8.3-cli-alpine3.21, 8.3.21-alpine3.21, 8.3.21-cli-alpine

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
`8.4-alpine` Minor runtime version update Also known as: 8.4.7-cli-alpine 8.4.7-cli-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8-cli-alpine 8-cli-alpine3.21 cli-alpine cli-alpine3.21 alpine alpine3.21 8.4.7-alpine 8.4.7-alpine3.21 8.4-alpine3.21 8-alpine 8-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 42 MB Flavor: alpine OS: 3.21 Runtime: 8.4.7	1 week ago

github-actions · 2025-05-18T15:18:17Z

Outdated

Recommended fixes for image `wayofdev/php-dev:latest`

Base image is php:8-alpine

Name	8.4.7-alpine3.21
Digest	sha256:eba240a13bd3e5cf77a99c1b4c9ed1373e9622b0a8ac18fe3e7727c35dc40ded
Vulnerabilities
Pushed	1 week ago
Size	42 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.4.7

The base image is also available under the supported tag(s): 8-alpine3.21, 8-cli-alpine, 8-cli-alpine3.21, 8.4-alpine, 8.4-alpine3.21, 8.4-cli-alpine, 8.4-cli-alpine3.21, 8.4.7-alpine, 8.4.7-alpine3.21, 8.4.7-cli-alpine, 8.4.7-cli-alpine3.21, alpine, alpine3.21, cli-alpine, cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-18T15:18:19Z

Outdated

Recommended fixes for image `wayofdev/php-dev:latest`

Base image is php:8-alpine

Name	8.4.7-alpine3.21
Digest	sha256:eba240a13bd3e5cf77a99c1b4c9ed1373e9622b0a8ac18fe3e7727c35dc40ded
Vulnerabilities
Pushed	1 week ago
Size	42 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.4.7

The base image is also available under the supported tag(s): 8-alpine3.21, 8-cli-alpine, 8-cli-alpine3.21, 8.4-alpine, 8.4-alpine3.21, 8.4-cli-alpine, 8.4-cli-alpine3.21, 8.4.7-alpine, 8.4.7-alpine3.21, 8.4.7-cli-alpine, 8.4.7-cli-alpine3.21, alpine, alpine3.21, cli-alpine, cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-18T15:18:21Z

Outdated

🔍 Vulnerabilities of `wayofdev/php-dev:latest`

📦 Image Reference wayofdev/php-dev:latest

digest	`sha256:76684408b4cebf69eb6db3b72c0ae16d41505988ee1ee83655bbf6952df2a351`
vulnerabilities
platform	linux/amd64
size	128 MB
packages	248

📦 Base Image php:8.3-alpine

also known as	`8.3-alpine3.21` `8.3-cli-alpine` `8.3-cli-alpine3.21` `8.3.21-alpine3.21` `8.3.21-cli-alpine` `b4a7dce0f636fdead2ad82c4cc1958885ce8f27156cc65986a5fafde3c39e039`
digest	`sha256:fdd2f8e22382a7477bee883a0a5669784e6bb67abdabbb15a1b22bc9d165b0fa`
vulnerabilities

golang.org/x/crypto 0.17.0 (golang)

pkg:golang/golang.org/x/crypto@0.17.0

Improper Authorization

Affected range	`<0.31.0`
Fixed version	`0.31.0`
CVSS Score	`9.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`
EPSS Score	`35.144%`
EPSS Percentile	`97th percentile`

Description

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.

The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions.

For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key.

Since this API is widely misused, as a partial mitigation golang.org/x/crypto@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth.

Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

Affected range	`<0.35.0`
Fixed version	`0.35.0`
EPSS Score	`0.051%`
EPSS Percentile	`16th percentile`

Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github-actions · 2025-05-18T15:18:24Z

Outdated

Recommended fixes for image `wayofdev/php-dev:latest`

Base image is php:8.3-alpine

Name	8.3.21-alpine3.21
Digest	sha256:fdd2f8e22382a7477bee883a0a5669784e6bb67abdabbb15a1b22bc9d165b0fa
Vulnerabilities
Pushed	1 week ago
Size	37 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.3.21

The base image is also available under the supported tag(s): 8.3-alpine3.21, 8.3-cli-alpine, 8.3-cli-alpine3.21, 8.3.21-alpine3.21, 8.3.21-cli-alpine

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
`8.4-alpine` Minor runtime version update Also known as: 8.4.7-cli-alpine 8.4.7-cli-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8-cli-alpine 8-cli-alpine3.21 cli-alpine cli-alpine3.21 alpine alpine3.21 8.4.7-alpine 8.4.7-alpine3.21 8.4-alpine3.21 8-alpine 8-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 42 MB Flavor: alpine OS: 3.21 Runtime: 8.4.7	1 week ago

github-actions · 2025-05-18T15:18:26Z

🔍 Vulnerabilities of `wayofdev/php-dev:latest`

📦 Image Reference wayofdev/php-dev:latest

digest	`sha256:a7c052f3035215b494107c5f707a0e62740f693377c0f8e0e2f09f221807fe5f`
vulnerabilities
platform	linux/amd64
size	109 MB
packages	231

📦 Base Image php:24ac050dcc4880667a2ccf9bde874bbf97b59a2011f169da105d9d2258a935dc

also known as	`8-fpm-alpine` `8-fpm-alpine3.21` `8.4-fpm-alpine` `8.4-fpm-alpine3.21` `8.4.7-fpm-alpine` `8.4.7-fpm-alpine3.21` `fpm-alpine` `fpm-alpine3.21`
digest	`sha256:21c60daae66ca8e05c2fd6bb080adc60fc33a1fa7e50ac9c7434c8faab11f9e0`
vulnerabilities

golang.org/x/crypto 0.17.0 (golang)

pkg:golang/golang.org/x/crypto@0.17.0

Improper Authorization

Affected range	`<0.31.0`
Fixed version	`0.31.0`
CVSS Score	`9.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`
EPSS Score	`35.144%`
EPSS Percentile	`97th percentile`

Description

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.

The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions.

For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key.

Since this API is widely misused, as a partial mitigation golang.org/x/crypto@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth.

Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

Affected range	`<0.35.0`
Fixed version	`0.35.0`
EPSS Score	`0.051%`
EPSS Percentile	`16th percentile`

Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

github-actions · 2025-05-18T15:18:29Z

Recommended fixes for image `wayofdev/php-dev:latest`

Base image is php:8-fpm-alpine

Name	fpm-alpine3.21
Digest	sha256:21c60daae66ca8e05c2fd6bb080adc60fc33a1fa7e50ac9c7434c8faab11f9e0
Vulnerabilities
Pushed	1 week ago
Size	36 MB
Packages	53
Flavor	alpine
OS	3.21

The base image is also available under the supported tag(s): 8-fpm-alpine3.21, 8.4-fpm-alpine, 8.4-fpm-alpine3.21, 8.4.7-fpm-alpine, 8.4.7-fpm-alpine3.21, fpm-alpine, fpm-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
`8.3-fpm-alpine` Minor runtime version update Also known as: 8.3.21-fpm-alpine 8.3.21-fpm-alpine3.21 8.3-fpm-alpine3.21	Benefits: Same OS detected Minor runtime version update Image is smaller by 3.3 MB Tag was pushed more recently Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 33 MB Flavor: alpine OS: 3.21 Runtime: 8.3.21	1 week ago

lotyp · 2025-05-18T15:19:01Z

🤖 Created releases:

v2.8.16

🌻

lotyp added the autorelease: pending label May 18, 2025

lotyp enabled auto-merge May 18, 2025 15:15

lotyp force-pushed the release-please--branches--master--components--docker-php-dev branch from dfa5f0b to 98a1faa Compare May 18, 2025 15:15

chore(master): release 2.8.16

5abdd41

lotyp force-pushed the release-please--branches--master--components--docker-php-dev branch from 98a1faa to 5abdd41 Compare May 18, 2025 15:16

way-finder-bot self-requested a review May 18, 2025 15:18

way-finder-bot self-assigned this May 18, 2025

way-finder-bot approved these changes May 18, 2025

View reviewed changes

lotyp merged commit fc56c9e into master May 18, 2025
18 of 19 checks passed

lotyp deleted the release-please--branches--master--components--docker-php-dev branch May 18, 2025 15:18

lotyp added autorelease: tagged and removed autorelease: pending labels May 18, 2025

chore(master): release 2.8.16 #103

chore(master): release 2.8.16 #103

Conversation

lotyp commented May 18, 2025 • edited Loading

🤖 I have created a release beep boop

2.8.16 (2025-05-18)

Dependencies

github-actions bot commented May 18, 2025 • edited Loading

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

github-actions bot commented May 18, 2025 • edited Loading

Recommended fixes for image moby/buildkit:buildx-stable-1

Refresh base image

Change base image

github-actions bot commented May 18, 2025 • edited Loading

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

github-actions bot commented May 18, 2025 • edited Loading

Recommended fixes for image moby/buildkit:buildx-stable-1

Refresh base image

Change base image

github-actions bot commented May 18, 2025 • edited Loading

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

github-actions bot commented May 18, 2025 • edited Loading

Recommended fixes for image moby/buildkit:buildx-stable-1

Refresh base image

Change base image

github-actions bot commented May 18, 2025 • edited Loading

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

github-actions bot commented May 18, 2025 • edited Loading

🔍 Vulnerabilities of wayofdev/php-dev:latest

github-actions bot commented May 18, 2025 • edited Loading

Recommended fixes for image moby/buildkit:buildx-stable-1

Refresh base image

Change base image

github-actions bot commented May 18, 2025 • edited Loading

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

github-actions bot commented May 18, 2025 • edited Loading

Recommended fixes for image wayofdev/php-dev:latest

Refresh base image

Change base image

github-actions bot commented May 18, 2025 • edited Loading

Recommended fixes for image moby/buildkit:buildx-stable-1

Refresh base image

Change base image

github-actions bot commented May 18, 2025 • edited Loading

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

github-actions bot commented May 18, 2025 • edited Loading

Recommended fixes for image moby/buildkit:buildx-stable-1

Refresh base image

Change base image

github-actions bot commented May 18, 2025 • edited Loading

🔍 Vulnerabilities of wayofdev/php-dev:latest

github-actions bot commented May 18, 2025 • edited Loading

🔍 Vulnerabilities of wayofdev/php-dev:latest

github-actions bot commented May 18, 2025 • edited Loading

🔍 Vulnerabilities of wayofdev/php-dev:latest

github-actions bot commented May 18, 2025 • edited Loading

Recommended fixes for image wayofdev/php-dev:latest

Refresh base image

Change base image

github-actions bot commented May 18, 2025 • edited Loading

Recommended fixes for image wayofdev/php-dev:latest

Refresh base image

Change base image

github-actions bot commented May 18, 2025 • edited Loading

Recommended fixes for image wayofdev/php-dev:latest

Refresh base image

Change base image

github-actions bot commented May 18, 2025 • edited Loading

🔍 Vulnerabilities of wayofdev/php-dev:latest

github-actions bot commented May 18, 2025 • edited Loading

Recommended fixes for image wayofdev/php-dev:latest

Refresh base image

Change base image

github-actions bot commented May 18, 2025

🔍 Vulnerabilities of wayofdev/php-dev:latest

github-actions bot commented May 18, 2025

Recommended fixes for image wayofdev/php-dev:latest

Refresh base image

Change base image

lotyp commented May 18, 2025

lotyp commented May 18, 2025 •

edited

Loading

github-actions bot commented May 18, 2025 •

edited

Loading

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

github-actions bot commented May 18, 2025 •

edited

Loading

Recommended fixes for image `moby/buildkit:buildx-stable-1`

github-actions bot commented May 18, 2025 •

edited

Loading

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

github-actions bot commented May 18, 2025 •

edited

Loading

Recommended fixes for image `moby/buildkit:buildx-stable-1`

github-actions bot commented May 18, 2025 •

edited

Loading

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

github-actions bot commented May 18, 2025 •

edited

Loading

Recommended fixes for image `moby/buildkit:buildx-stable-1`

github-actions bot commented May 18, 2025 •

edited

Loading

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

github-actions bot commented May 18, 2025 •

edited

Loading

🔍 Vulnerabilities of `wayofdev/php-dev:latest`

github-actions bot commented May 18, 2025 •

edited

Loading

Recommended fixes for image `moby/buildkit:buildx-stable-1`

github-actions bot commented May 18, 2025 •

edited

Loading

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

github-actions bot commented May 18, 2025 •

edited

Loading

Recommended fixes for image `wayofdev/php-dev:latest`

github-actions bot commented May 18, 2025 •

edited

Loading

Recommended fixes for image `moby/buildkit:buildx-stable-1`

github-actions bot commented May 18, 2025 •

edited

Loading

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

github-actions bot commented May 18, 2025 •

edited

Loading

Recommended fixes for image `moby/buildkit:buildx-stable-1`

github-actions bot commented May 18, 2025 •

edited

Loading

🔍 Vulnerabilities of `wayofdev/php-dev:latest`

github-actions bot commented May 18, 2025 •

edited

Loading

🔍 Vulnerabilities of `wayofdev/php-dev:latest`

github-actions bot commented May 18, 2025 •

edited

Loading

🔍 Vulnerabilities of `wayofdev/php-dev:latest`

github-actions bot commented May 18, 2025 •

edited

Loading

Recommended fixes for image `wayofdev/php-dev:latest`

github-actions bot commented May 18, 2025 •

edited

Loading

Recommended fixes for image `wayofdev/php-dev:latest`

github-actions bot commented May 18, 2025 •

edited

Loading

Recommended fixes for image `wayofdev/php-dev:latest`

github-actions bot commented May 18, 2025 •

edited

Loading

🔍 Vulnerabilities of `wayofdev/php-dev:latest`

github-actions bot commented May 18, 2025 •

edited

Loading

Recommended fixes for image `wayofdev/php-dev:latest`

🔍 Vulnerabilities of `wayofdev/php-dev:latest`

Recommended fixes for image `wayofdev/php-dev:latest`