Skip to content

trivy/0.64.1-r2: cve remediation #61154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kbsteere merged 2 commits into from
Jul 30, 2025
Merged

trivy/0.64.1-r2: cve remediation #61154

kbsteere merged 2 commits into from
Jul 30, 2025

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Jul 30, 2025

trivy/0.64.1-r2: fix GHSA-x4rx-4gw3-53p4

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/trivy.advisories.yaml

"Breadcrumbs" for this automated service

@octo-sts octo-sts bot added P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. automated pr GHSA-x4rx-4gw3-53p4 go/bump request-cve-remediation trivy labels Jul 30, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Jul 30, 2025
edited
Loading

📦 Build Failed: Missing Dependency

package github.com/docker/docker was not found on the go.mod file. Please remove the package or add it to the list of 'replaces'

Build Details

Category Details
Build System melange/go
Failure Point go/bump step - gobump command failed when trying to update github.com/docker/docker@v28.3.3

Root Cause Analysis 🔍

The gobump tool attempted to update the github.com/docker/docker package to version v28.3.3, but this package is not present in the go.mod file. The package either needs to be added to the go.mod dependencies or added to the 'replaces' list in the gobump configuration.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Jul 30, 2025
@kbsteere kbsteere self-assigned this Jul 30, 2025
@kbsteere
fix: remove unrequired go/bump
dce1b09 
Signed-off-by: Kyle Steere <kyle.steere@chainguard.dev>
@kbsteere kbsteere enabled auto-merge (squash) July 30, 2025 20:30
@kbsteere kbsteere requested a review from a team July 30, 2025 20:30
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Jul 30, 2025
@kbsteere kbsteere merged commit 371e466 into main Jul 30, 2025
18 checks passed
@kbsteere kbsteere deleted the cve-trivy-0.64.1-r2-d89a3dc48070e80205f50b15821ca4cf branch July 30, 2025 20:46
This was referenced Aug 16, 2025
Closed
Closed
Closed
Merged
Merged
@octo-sts octo-sts bot mentioned this pull request Nov 7, 2025
Merged
@octo-sts octo-sts bot mentioned this pull request Dec 7, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AmberArcadia AmberArcadia AmberArcadia approved these changes

Assignees

@kbsteere kbsteere

Labels

ai/skip-comment Stop AI from commenting on PR automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. GHSA-x4rx-4gw3-53p4 go/bump P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. request-cve-remediation trivy

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AmberArcadia @kbsteere