Skip to content

Commit

Permalink
Merge pull request wolfi-dev#1197 from hectorj2f/skaffold_adv
Browse files Browse the repository at this point in the history 
skaffold fix: use pending-upstream-changes instead
  • Loading branch information
@pdeslaur
pdeslaur authored Feb 13, 2024
2 parents 75b28e9 + 4df3a05 commit 6593726
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions skaffold.advisories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,10 @@ advisories:
componentType: go-module
componentLocation: /usr/bin/skaffold
scanner: grype
- timestamp: 2024-02-13T00:18:51Z
type: pending-upstream-fix
data:
note: Upgrading buildkit to a non-vulnerable version requires to bump github.com/docker/docker to v25.0.3 (currently using v24.0.7) and as a consequence needs multiple code changes to adapt the source code to this new version.

- id: CVE-2024-23651
aliases:
Expand All @@ -139,6 +143,10 @@ advisories:
componentType: go-module
componentLocation: /usr/bin/skaffold
scanner: grype
- timestamp: 2024-02-13T00:17:52Z
type: pending-upstream-fix
data:
note: Upgrading buildkit to a non-vulnerable version requires to bump github.com/docker/docker to v25.0.3 (currently using v24.0.7) and as a consequence needs multiple code changes to adapt the source code to this new version.

- id: CVE-2024-23652
aliases:
Expand All @@ -156,6 +164,10 @@ advisories:
componentType: go-module
componentLocation: /usr/bin/skaffold
scanner: grype
- timestamp: 2024-02-13T00:16:41Z
type: pending-upstream-fix
data:
note: Upgrading buildkit to a non-vulnerable version requires to bump github.com/docker/docker to v25.0.3 (currently using v24.0.7) and as a consequence needs multiple code changes to adapt the source code to this new version.

- id: CVE-2024-23653
aliases:
Expand Down

0 comments on commit 6593726

Please sign in to comment.