chore(deps): update gcr.io/distroless/java17-debian11 docker digest to 2bb5811 - autoclosed #27
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
🦙 MegaLinter status: ✅ SUCCESS
See detailed report in MegaLinter reports You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:
MegaLinter is graciously provided by |
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/gcr.io-distroless-java17-debian11
branch
from
b5d24ef to
e1f3c70
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/gcr.io-distroless-java17-debian11
branch
from
e1f3c70 to
1eb23d4
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/gcr.io-distroless-java17-debian11
branch
from
1eb23d4 to
490de25
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/gcr.io-distroless-java17-debian11
branch
from
490de25 to
c018e7d
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/gcr.io-distroless-java17-debian11
branch
from
c018e7d to
bcd6961
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/gcr.io-distroless-java17-debian11
branch
from
bcd6961 to
6ba1d3c
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/gcr.io-distroless-java17-debian11
branch
from
6ba1d3c to
6d2918b
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/gcr.io-distroless-java17-debian11
branch
from
6d2918b to
3ea53f6
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/gcr.io-distroless-java17-debian11
branch
from
3ea53f6 to
d089023
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/gcr.io-distroless-java17-debian11
branch
from
d089023 to
cc65c86
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/gcr.io-distroless-java17-debian11
branch
from
cc65c86 to
0971b88
Compare
Trivy image scan report
|
| Package | ID | Severity | Installed Version | Fixed Version |
|---|---|---|---|---|
libc6 |
CVE-2023-4806 | MEDIUM | 2.31-13+deb11u10 | |
libc6 |
CVE-2023-4813 | MEDIUM | 2.31-13+deb11u10 | |
libc6 |
CVE-2010-4756 | LOW | 2.31-13+deb11u10 | |
libc6 |
CVE-2018-20796 | LOW | 2.31-13+deb11u10 | |
libc6 |
CVE-2019-1010022 | LOW | 2.31-13+deb11u10 | |
libc6 |
CVE-2019-1010023 | LOW | 2.31-13+deb11u10 | |
libc6 |
CVE-2019-1010024 | LOW | 2.31-13+deb11u10 | |
libc6 |
CVE-2019-1010025 | LOW | 2.31-13+deb11u10 | |
libc6 |
CVE-2019-9192 | LOW | 2.31-13+deb11u10 | |
libexpat1 |
CVE-2023-52425 | HIGH | 2.2.10-2+deb11u5 | |
libexpat1 |
CVE-2013-0340 | LOW | 2.2.10-2+deb11u5 | |
libexpat1 |
CVE-2023-52426 | LOW | 2.2.10-2+deb11u5 | |
libexpat1 |
CVE-2024-28757 | LOW | 2.2.10-2+deb11u5 | |
libfreetype6 |
CVE-2022-31782 | LOW | 2.10.4+dfsg-1+deb11u1 | |
libgcc-s1 |
CVE-2023-4039 | MEDIUM | 10.2.1-6 | |
libglib2.0-0 |
CVE-2012-0039 | LOW | 2.66.8-1+deb11u4 | |
libharfbuzz0b |
CVE-2023-25193 | HIGH | 2.7.4-1 | |
libharfbuzz0b |
CVE-2022-33068 | MEDIUM | 2.7.4-1 | |
libjpeg62-turbo |
CVE-2021-46822 | MEDIUM | 1:2.0.6-4 | |
libpcre3 |
CVE-2017-11164 | LOW | 2:8.39-13 | |
libpcre3 |
CVE-2017-16231 | LOW | 2:8.39-13 | |
libpcre3 |
CVE-2017-7245 | LOW | 2:8.39-13 | |
libpcre3 |
CVE-2017-7246 | LOW | 2:8.39-13 | |
libpcre3 |
CVE-2019-20838 | LOW | 2:8.39-13 | |
libpng16-16 |
CVE-2019-6129 | LOW | 1.6.37-3 | |
libpng16-16 |
CVE-2021-4214 | LOW | 1.6.37-3 | |
libstdc++6 |
CVE-2023-4039 | MEDIUM | 10.2.1-6 | |
libuuid1 |
CVE-2022-0563 | LOW | 2.36.1-8+deb11u2 | |
zlib1g |
CVE-2023-45853 | CRITICAL | 1:1.2.11.dfsg-2+deb11u2 |
No Misconfigurations found
Java
5 known vulnerabilities found (LOW: 0 CRITICAL: 0 HIGH: 3 MEDIUM: 2)
Show detailed table of vulnerabilities
| Package | ID | Severity | Installed Version | Fixed Version |
|---|---|---|---|---|
org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-24549 | MEDIUM | 10.1.18 | 8.5.99, 9.0.86, 10.1.19, 11.0.0-M17 |
org.apache.tomcat.embed:tomcat-embed-websocket |
CVE-2024-23672 | MEDIUM | 10.1.18 | 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 |
org.springframework:spring-web |
CVE-2024-22243 | HIGH | 6.1.3 | 6.1.4, 6.0.17, 5.3.32 |
org.springframework:spring-web |
CVE-2024-22259 | HIGH | 6.1.3 | 6.1.5, 6.0.18, 5.3.33 |
org.springframework:spring-web |
CVE-2024-22262 | HIGH | 6.1.3 | 5.3.34, 6.0.19, 6.1.6 |
No Misconfigurations found
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
66dcffe->2bb5811Configuration
📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.