Skip to content

docker-machine-driver-harvester/1.0.2-r0: cve remediation #49099

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
octo-sts wants to merge 2 commits into from
Closed

docker-machine-driver-harvester/1.0.2-r0: cve remediation #49099

octo-sts wants to merge 2 commits into from

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Apr 4, 2025

docker-machine-driver-harvester/1.0.2-r0: fix GHSA-gh5c-3h97-2f3q

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/docker-machine-driver-harvester.advisories.yaml

"Breadcrumbs" for this automated service

@octo-sts
Copy link
Contributor Author

octo-sts bot commented Apr 4, 2025

🔄 Build Failed: Git Checkout Error

fatal: Remote branch v1.0.2 not found in upstream origin

Build Details

Category Details
Build System Go
Failure Point git checkout v1.0.2

Root Cause Analysis 🔍

The build is attempting to check out tag 'v1.0.2' from the repository, but it's treating it as a branch rather than a tag. The log shows the system is using 'git clone --branch=v1.0.2' which assumes v1.0.2 is a branch, not a tag. Although the log shows some tag-related commands later, the initial checkout appears to have failed. The build system needs to be configured to properly check out a tag instead of treating it as a branch.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Apr 4, 2025
@dnegreira dnegreira self-assigned this Apr 7, 2025
@dnegreira
Bump docker to 25.0.4
ed2f252 
Signed-off-by: David Negreira <david.negreira@chainguard.dev>
@octo-sts octo-sts bot added bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed labels Apr 7, 2025
@dnegreira
Copy link
Member

dnegreira commented Apr 8, 2025

Closing as advisory has been merged wolfi-dev/advisories#16778

@dnegreira dnegreira closed this Apr 8, 2025
@dnegreira dnegreira deleted the cve-docker-machine-driver-harvester-9b1e0011dd0c37b50b0e60316c268fcb branch April 8, 2025 14:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@dnegreira dnegreira

@Dentrax Dentrax

Labels

ai/skip-comment Stop AI from commenting on PR automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. GHSA-gh5c-3h97-2f3q go/bump manual/review-needed request-cve-remediation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dnegreira @Dentrax