Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add php 8.4 support #108

Merged
merged 1 commit into from
Nov 22, 2024
Merged

feat: add php 8.4 support #108

merged 1 commit into from
Nov 22, 2024

Conversation

lotyp
Copy link
Member

@lotyp lotyp commented Nov 22, 2024

No description provided.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilitiescritical: 0 high: 4 medium: 0 low: 0
size102 MB
packages247
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as
  • 3
  • 3.20
  • 3.20.3
  • latest
digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/[email protected]

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.04%
EPSS Percentile17th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.19%
EPSS Percentile57th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.20.3
Digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
Pushed2 months ago
Size3.6 MB
Packages17
OS3.20.3
The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilitiescritical: 0 high: 4 medium: 0 low: 0
size102 MB
packages247
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as
  • 3
  • 3.20
  • 3.20.3
  • latest
digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/[email protected]

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.04%
EPSS Percentile17th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.19%
EPSS Percentile57th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.20.3
Digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
Pushed2 months ago
Size3.6 MB
Packages17
OS3.20.3
The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilitiescritical: 0 high: 4 medium: 0 low: 0
size102 MB
packages247
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as
  • 3
  • 3.20
  • 3.20.3
  • latest
digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/[email protected]

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.04%
EPSS Percentile17th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.19%
EPSS Percentile57th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.20.3
Digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
Pushed2 months ago
Size3.6 MB
Packages17
OS3.20.3
The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@github-actions github-actions bot added type: enhancement For features and enhancements (feat) type: maintenance For maintenance, refactor and testing (perf, chore, style, revert, refactor, test, build, ci) labels Nov 22, 2024
Copy link

github-actions bot commented Nov 22, 2024

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilitiescritical: 0 high: 4 medium: 0 low: 0
size102 MB
packages247
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as
  • 3
  • 3.20
  • 3.20.3
  • latest
digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/[email protected]

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.04%
EPSS Percentile17th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.19%
EPSS Percentile57th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.20.3
Digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
Pushed2 months ago
Size3.6 MB
Packages17
OS3.20.3
The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilitiescritical: 0 high: 4 medium: 0 low: 0
size102 MB
packages247
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as
  • 3
  • 3.20
  • 3.20.3
  • latest
digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/[email protected]

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.04%
EPSS Percentile17th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.19%
EPSS Percentile57th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

1 similar comment
Copy link

github-actions bot commented Nov 22, 2024

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilitiescritical: 0 high: 4 medium: 0 low: 0
size102 MB
packages247
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as
  • 3
  • 3.20
  • 3.20.3
  • latest
digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/[email protected]

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.04%
EPSS Percentile17th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.19%
EPSS Percentile57th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.20.3
Digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
Pushed2 months ago
Size3.6 MB
Packages17
OS3.20.3
The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

1 similar comment
Copy link

github-actions bot commented Nov 22, 2024

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.20.3
Digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
Pushed2 months ago
Size3.6 MB
Packages17
OS3.20.3
The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilitiescritical: 0 high: 4 medium: 0 low: 0
size102 MB
packages247
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as
  • 3
  • 3.20
  • 3.20.3
  • latest
digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/[email protected]

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.04%
EPSS Percentile17th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.19%
EPSS Percentile57th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

1 similar comment
Copy link

github-actions bot commented Nov 22, 2024

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilitiescritical: 0 high: 4 medium: 0 low: 0
size102 MB
packages247
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as
  • 3
  • 3.20
  • 3.20.3
  • latest
digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/[email protected]

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.04%
EPSS Percentile17th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.19%
EPSS Percentile57th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.20.3
Digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
Pushed2 months ago
Size3.6 MB
Packages17
OS3.20.3
The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

1 similar comment
Copy link

github-actions bot commented Nov 22, 2024

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.20.3
Digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
Pushed2 months ago
Size3.6 MB
Packages17
OS3.20.3
The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

📦 Image Reference moby/buildkit:buildx-stable-1
digestsha256:fe9e882c6ca03172babd2d89a69a225771ffe56ee1c28a7fbd58c57bf4a59034
vulnerabilitiescritical: 0 high: 4 medium: 0 low: 0
size102 MB
packages247
📦 Base Image alpine:05a56cc5acbd9c9c5b7ba5ec88d866a0ddc76b586828f8288d29c57ccaa15a10
also known as
  • 3
  • 3.20
  • 3.20.3
  • latest
digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
critical: 0 high: 4 medium: 0 low: 0 stdlib 1.22.4 (golang)

pkg:golang/[email protected]

high : CVE--2024--34158

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

high : CVE--2024--34156

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.04%
EPSS Percentile17th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

high : CVE--2024--24791

Affected range>=1.22.0-0
<1.22.5
Fixed version1.22.5
EPSS Score0.04%
EPSS Percentile17th percentile
Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

high : CVE--2022--30635

Affected range<1.22.7
Fixed version1.22.7
EPSS Score0.19%
EPSS Percentile57th percentile
Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

Recommended fixes for image moby/buildkit:buildx-stable-1

Base image is alpine:3

Name3.20.3
Digestsha256:029a752048e32e843bd6defe3841186fb8d19a28dae8ec287f433bb9d6d1ad85
Vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0
Pushed2 months ago
Size3.6 MB
Packages17
OS3.20.3
The base image is also available under the supported tag(s): 3.20, 3.20.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

Copy link

github-actions bot commented Nov 22, 2024

Outdated

🔍 Vulnerabilities of wayofdev/php-base:latest

📦 Image Reference wayofdev/php-base:latest
digestsha256:6e11d50c878ee40a8f0f03a6df864d30743eb3fdff083b82da3e7a3c97188bbc
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
size75 MB
packages100
📦 Base Image php:8-fpm-alpine
also known as
  • 8-fpm-alpine3.20
  • 8.4-fpm-alpine
  • 8.4-fpm-alpine3.20
  • 8.4.1-fpm-alpine
  • 8.4.1-fpm-alpine3.20
  • fpm-alpine
  • fpm-alpine3.20
digestsha256:fcc2fccfa511b898a78e97e8a978fa41d54242dd54b729f9f9b76ef1398a75ed
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0

Copy link

github-actions bot commented Nov 22, 2024

Outdated

Recommended fixes for image wayofdev/php-base:latest

Base image is php:8-fpm-alpine

Namefpm-alpine3.20
Digestsha256:fcc2fccfa511b898a78e97e8a978fa41d54242dd54b729f9f9b76ef1398a75ed
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed1 day ago
Size38 MB
Packages51
Flavoralpine
OS3.20
The base image is also available under the supported tag(s): 8-fpm-alpine3.20, 8.4-fpm-alpine, 8.4-fpm-alpine3.20, 8.4.1-fpm-alpine, 8.4.1-fpm-alpine3.20, fpm-alpine, fpm-alpine3.20

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

TagDetailsPushedVulnerabilities
8.3-fpm-alpine
Minor runtime version update
Also known as:
  • 8.3.14-fpm-alpine
  • 8.3.14-fpm-alpine3.20
  • 8.3-fpm-alpine3.20
Benefits:
  • Same OS detected
  • Minor runtime version update
  • Image is smaller by 3.3 MB
  • Image has same number of vulnerabilities
  • Image contains equal number of packages
Image details:
  • Size: 35 MB
  • Flavor: alpine
  • OS: 3.20
  • Runtime: 8.3.14
1 day ago



8.2-fpm-alpine
Minor runtime version update
Also known as:
  • 8.2.26-fpm-alpine
  • 8.2.26-fpm-alpine3.20
  • 8.2-fpm-alpine3.20
Benefits:
  • Same OS detected
  • Minor runtime version update
  • Image is smaller by 3.9 MB
  • Image has same number of vulnerabilities
  • Image contains equal number of packages
  • 8.2-fpm-alpine was pulled 4.1K times last month
Image details:
  • Size: 34 MB
  • Flavor: alpine
  • OS: 3.20
  • Runtime: 8.2.26
1 day ago



8.1-fpm-alpine
Minor runtime version update
Also known as:
  • 8.1.31-fpm-alpine
  • 8.1.31-fpm-alpine3.20
  • 8.1-fpm-alpine3.20
Benefits:
  • Same OS detected
  • Minor runtime version update
  • Image is smaller by 4.3 MB
  • Image has same number of vulnerabilities
  • Image contains equal number of packages
  • 8.1-fpm-alpine is the fourth most popular tag with 18K pulls per month
Image details:
  • Size: 34 MB
  • Flavor: alpine
  • OS: 3.20
  • Runtime: 8.1.31
1 day ago



Copy link

github-actions bot commented Nov 22, 2024

Outdated

🔍 Vulnerabilities of wayofdev/php-base:latest

📦 Image Reference wayofdev/php-base:latest
digestsha256:07ea2f3fb753a866c2dcddc8ef80a48d625b59bacb78a81e01c744fb9477c237
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
size81 MB
packages99
📦 Base Image php:8-alpine
also known as
  • 8-alpine3.20
  • 8-cli-alpine
  • 8-cli-alpine3.20
  • 8.4-alpine
  • 8.4-alpine3.20
  • 8.4-cli-alpine
  • 8.4-cli-alpine3.20
  • 8.4.1-alpine
  • 8.4.1-alpine3.20
  • 8.4.1-cli-alpine
  • 8.4.1-cli-alpine3.20
  • alpine
  • alpine3.20
  • cli-alpine
  • cli-alpine3.20
  • db33346c0570ac13b47213e8a043fece5c6adf3ee623fd9510c2240e2dcd6e41
digestsha256:5a28a9586b767a3babf285b1bfe3dd7eda5b3ff64a5f79ce3fa93d076c022f60
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0

Copy link

github-actions bot commented Nov 22, 2024

Outdated

Recommended fixes for image wayofdev/php-base:latest

Base image is php:8-alpine

Name8.4.1-alpine3.20
Digestsha256:5a28a9586b767a3babf285b1bfe3dd7eda5b3ff64a5f79ce3fa93d076c022f60
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed1 day ago
Size44 MB
Packages50
Flavoralpine
OS3.20
Runtime8.4.1
The base image is also available under the supported tag(s): 8-alpine3.20, 8-cli-alpine, 8-cli-alpine3.20, 8.4-alpine, 8.4-alpine3.20, 8.4-cli-alpine, 8.4-cli-alpine3.20, 8.4.1-alpine, 8.4.1-alpine3.20, 8.4.1-cli-alpine, 8.4.1-cli-alpine3.20, alpine, alpine3.20, cli-alpine, cli-alpine3.20

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

Copy link

🔍 Vulnerabilities of wayofdev/php-base:latest

📦 Image Reference wayofdev/php-base:latest
digestsha256:2ef94a95250929c19421e3d1fc8e2afc1108371a840850ca6636865ffbc6c30c
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
size99 MB
packages120
📦 Base Image php:8-alpine
also known as
  • 8-alpine3.20
  • 8-cli-alpine
  • 8-cli-alpine3.20
  • 8.4-alpine
  • 8.4-alpine3.20
  • 8.4-cli-alpine
  • 8.4-cli-alpine3.20
  • 8.4.1-alpine
  • 8.4.1-alpine3.20
  • 8.4.1-cli-alpine
  • 8.4.1-cli-alpine3.20
  • alpine
  • alpine3.20
  • cli-alpine
  • cli-alpine3.20
  • db33346c0570ac13b47213e8a043fece5c6adf3ee623fd9510c2240e2dcd6e41
digestsha256:5a28a9586b767a3babf285b1bfe3dd7eda5b3ff64a5f79ce3fa93d076c022f60
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0

Copy link

Recommended fixes for image wayofdev/php-base:latest

Base image is php:8-alpine

Name8.4.1-alpine3.20
Digestsha256:5a28a9586b767a3babf285b1bfe3dd7eda5b3ff64a5f79ce3fa93d076c022f60
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed1 day ago
Size44 MB
Packages50
Flavoralpine
OS3.20
Runtime8.4.1
The base image is also available under the supported tag(s): 8-alpine3.20, 8-cli-alpine, 8-cli-alpine3.20, 8.4-alpine, 8.4-alpine3.20, 8.4-cli-alpine, 8.4-cli-alpine3.20, 8.4.1-alpine, 8.4.1-alpine3.20, 8.4.1-cli-alpine, 8.4.1-cli-alpine3.20, alpine, alpine3.20, cli-alpine, cli-alpine3.20

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

@lotyp lotyp merged commit 094140b into master Nov 22, 2024
20 checks passed
@lotyp lotyp deleted the feat/php-8.4-support branch November 22, 2024 21:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type: enhancement For features and enhancements (feat) type: maintenance For maintenance, refactor and testing (perf, chore, style, revert, refactor, test, build, ci)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant