Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(master): release 2.0.12 #62

Merged

Conversation

lotyp
Copy link
Member

@lotyp lotyp commented Dec 16, 2024

🤖 I have created a release beep boop

2.0.12 (2024-12-16)

Dependencies

  • deps: update wagoid/commitlint-github-action action to v6.2.0 (#61) (d20b2e9)

This PR was generated with Release Please. See documentation.

Copy link
Contributor

github-actions bot commented Dec 16, 2024

Outdated

🔍 Vulnerabilities of node:20-alpine

📦 Image Reference node:20-alpine
digestsha256:2215267afb33d93392d8d16b41c461a569bf52a442e5af4c4add1371b73f26e3
vulnerabilitiescritical: 0 high: 1 medium: 0 low: 0
platformlinux/amd64
size54 MB
packages216
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.0
  • latest
digestsha256:2c43f33bd1502ec7818bce9eea60e062d04eeadc4aa31cad9dabecb1e48b647b
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 1 medium: 0 low: 0 cross-spawn 7.0.3 (npm)

pkg:npm/[email protected]

high 7.5: CVE--2024--21538 Inefficient Regular Expression Complexity

Affected range>=7.0.0
<7.0.5
Fixed version7.0.5
CVSS Score7.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

Copy link
Contributor

github-actions bot commented Dec 16, 2024

Outdated

Recommended fixes for image node:20-alpine

Base image is alpine:3

Name3.21.0
Digestsha256:2c43f33bd1502ec7818bce9eea60e062d04eeadc4aa31cad9dabecb1e48b647b
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed1 week ago
Size3.6 MB
Packages19
OS3.21.0
The base image is also available under the supported tag(s): 3.21, 3.21.0, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

Copy link
Contributor

🔍 Vulnerabilities of node:22-alpine

📦 Image Reference node:22-alpine
digestsha256:10d483552d27d21c83fbc549472f2c06ed266892bc9354a828e1a5e5d102e27c
vulnerabilitiescritical: 0 high: 1 medium: 0 low: 0
platformlinux/amd64
size63 MB
packages235
📦 Base Image alpine:3
also known as
  • 3.21
  • 3.21.0
  • latest
digestsha256:2c43f33bd1502ec7818bce9eea60e062d04eeadc4aa31cad9dabecb1e48b647b
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
critical: 0 high: 1 medium: 0 low: 0 cross-spawn 7.0.3 (npm)

pkg:npm/[email protected]

high 7.5: CVE--2024--21538 Inefficient Regular Expression Complexity

Affected range>=7.0.0
<7.0.5
Fixed version7.0.5
CVSS Score7.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score0.045%
EPSS Percentile18th percentile
Description

Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

Copy link
Contributor

Recommended fixes for image node:18-alpine

Base image is alpine:3

Name3.21.0
Digestsha256:2c43f33bd1502ec7818bce9eea60e062d04eeadc4aa31cad9dabecb1e48b647b
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed1 week ago
Size3.6 MB
Packages19
OS3.21.0
The base image is also available under the supported tag(s): 3.21, 3.21.0, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@way-finder-bot way-finder-bot self-requested a review December 16, 2024 12:21
@way-finder-bot way-finder-bot self-assigned this Dec 16, 2024
@lotyp lotyp merged commit cebbcb0 into master Dec 16, 2024
10 checks passed
@lotyp lotyp deleted the release-please--branches--master--components--docker-nginx branch December 16, 2024 12:21
@lotyp
Copy link
Member Author

lotyp commented Dec 16, 2024

🤖 Created releases:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants