build(deps): bump the docker group across 6 directories with 5 updates#2334
Closed
dependabot[bot] wants to merge 1 commit intomainfrom
Closed
build(deps): bump the docker group across 6 directories with 5 updates#2334dependabot[bot] wants to merge 1 commit intomainfrom
dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
dependabot
Bot
added
dependencies
dependabot
Bot
force-pushed
the
dependabot/docker/postgresql/docker-3ee29b625f
branch
from
398d759 to
2e24c0c
Compare
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
🔍 Trivy Scan - PostgresSQL 🔍Target
|
| Package | ID | Severity | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|
zlib |
CVE-2026-22184 | HIGH | 1.3.1-r2 | 1.3.2-r0 | zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility |
zlib |
CVE-2026-27171 | MEDIUM | 1.3.1-r2 | 1.3.2-r0 | zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions |
Target usr/local/bin/gosu
Vulnerabilities (19)
| Package | ID | Severity | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|
stdlib |
CVE-2025-68121 | CRITICAL | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | crypto/tls: Unexpected session resumption in crypto/tls |
stdlib |
CVE-2025-58183 | HIGH | v1.24.6 | 1.24.8, 1.25.2 | golang: archive/tar: Unbounded allocation when parsing GNU sparse map |
stdlib |
CVE-2025-61726 | HIGH | v1.24.6 | 1.24.12, 1.25.6 | golang: net/url: Memory exhaustion in query parameter parsing in net/url |
stdlib |
CVE-2025-61728 | HIGH | v1.24.6 | 1.24.12, 1.25.6 | golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip |
stdlib |
CVE-2025-61729 | HIGH | v1.24.6 | 1.24.11, 1.25.5 | crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate |
stdlib |
CVE-2026-25679 | HIGH | v1.24.6 | 1.25.8, 1.26.1 | net/url: Incorrect parsing of IPv6 host literals in net/url |
stdlib |
CVE-2025-47912 | MEDIUM | v1.24.6 | 1.24.8, 1.25.2 | net/url: Insufficient validation of bracketed IPv6 hostnames in net/url |
stdlib |
CVE-2025-58185 | MEDIUM | v1.24.6 | 1.24.8, 1.25.2 | encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 |
stdlib |
CVE-2025-58186 | MEDIUM | v1.24.6 | 1.24.8, 1.25.2 | golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http |
stdlib |
CVE-2025-58187 | MEDIUM | v1.24.6 | 1.24.9, 1.25.3 | crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 |
stdlib |
CVE-2025-58188 | MEDIUM | v1.24.6 | 1.24.8, 1.25.2 | crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 |
stdlib |
CVE-2025-58189 | MEDIUM | v1.24.6 | 1.24.8, 1.25.2 | crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information |
stdlib |
CVE-2025-61723 | MEDIUM | v1.24.6 | 1.24.8, 1.25.2 | encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem |
stdlib |
CVE-2025-61724 | MEDIUM | v1.24.6 | 1.24.8, 1.25.2 | net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto |
stdlib |
CVE-2025-61725 | MEDIUM | v1.24.6 | 1.24.8, 1.25.2 | net/mail: Excessive CPU consumption in ParseAddress in net/mail |
stdlib |
CVE-2025-61727 | MEDIUM | v1.24.6 | 1.24.11, 1.25.5 | golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs |
stdlib |
CVE-2025-61730 | MEDIUM | v1.24.6 | 1.24.12, 1.25.6 | During the TLS 1.3 handshake if multiple messages are sent in records ... |
stdlib |
CVE-2026-27142 | MEDIUM | v1.24.6 | 1.25.8, 1.26.1 | html/template: URLs in meta content attribute actions are not escaped in html/template |
stdlib |
CVE-2026-27139 | LOW | v1.24.6 | 1.25.8, 1.26.1 | os: FileInfo can escape from a Root in golang os module |
dependabot
Bot
force-pushed
the
dependabot/docker/postgresql/docker-3ee29b625f
branch
from
2e24c0c to
0bd78f1
Compare
Bumps the docker group with 1 update in the /postgresql directory: postgres. Bumps the docker group with 1 update in the /rabbitmq directory: rabbitmq. Bumps the docker group with 2 updates in the /sda-doa directory: maven and eclipse-temurin. Bumps the docker group with 1 update in the /sda-download directory: golang. Bumps the docker group with 2 updates in the /sda-sftp-inbox directory: maven and eclipse-temurin. Bumps the docker group with 1 update in the /sda-validator/orchestrator directory: golang. Updates `postgres` from 15.16-alpine3.23 to 18.3-alpine3.23 Updates `rabbitmq` from 3.12.13-management-alpine to 4.2.5-management-alpine Updates `maven` from 3-eclipse-temurin-21-alpine to 3-eclipse-temurin-25-alpine Updates `eclipse-temurin` from 21-jre-alpine to 25-jre-alpine Updates `golang` from 1.25-alpine to 1.26-alpine Updates `maven` from 3-eclipse-temurin-22-alpine to 3-eclipse-temurin-25-alpine Updates `eclipse-temurin` from 21-alpine to 25-alpine Updates `golang` from 1.25-alpine to 1.26-alpine --- updated-dependencies: - dependency-name: postgres dependency-version: 18.3-alpine3.23 dependency-type: direct:production dependency-group: docker - dependency-name: rabbitmq dependency-version: 4.2.5-management-alpine dependency-type: direct:production update-type: version-update:semver-major dependency-group: docker - dependency-name: maven dependency-version: 3-eclipse-temurin-25-alpine dependency-type: direct:production dependency-group: docker - dependency-name: eclipse-temurin dependency-version: 25-jre-alpine dependency-type: direct:production dependency-group: docker - dependency-name: golang dependency-version: 1.26-alpine dependency-type: direct:production dependency-group: docker - dependency-name: maven dependency-version: 3-eclipse-temurin-25-alpine dependency-type: direct:production dependency-group: docker - dependency-name: eclipse-temurin dependency-version: 25-alpine dependency-type: direct:production dependency-group: docker - dependency-name: golang dependency-version: 1.26-alpine dependency-type: direct:production dependency-group: docker ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/docker/postgresql/docker-3ee29b625f
branch
from
0bd78f1 to
91f1836
Compare
Contributor
Author
|
Superseded by #2408. |
dependabot
Bot
deleted the
dependabot/docker/postgresql/docker-3ee29b625f
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the docker group with 1 update in the /postgresql directory: postgres.
Bumps the docker group with 1 update in the /rabbitmq directory: rabbitmq.
Bumps the docker group with 2 updates in the /sda-doa directory: maven and eclipse-temurin.
Bumps the docker group with 1 update in the /sda-download directory: golang.
Bumps the docker group with 2 updates in the /sda-sftp-inbox directory: maven and eclipse-temurin.
Bumps the docker group with 1 update in the /sda-validator/orchestrator directory: golang.
Updates
postgresfrom 15.16-alpine3.23 to 18.3-alpine3.23Updates
rabbitmqfrom 3.12.13-management-alpine to 4.2.5-management-alpineUpdates
mavenfrom 3-eclipse-temurin-21-alpine to 3-eclipse-temurin-25-alpineUpdates
eclipse-temurinfrom 21-jre-alpine to 25-jre-alpineUpdates
mavenfrom 3-eclipse-temurin-21-alpine to 3-eclipse-temurin-25-alpineUpdates
eclipse-temurinfrom 21-jre-alpine to 25-jre-alpineUpdates
golangfrom 1.25-alpine to 1.26-alpineUpdates
golangfrom 1.25-alpine to 1.26-alpineUpdates
mavenfrom 3-eclipse-temurin-22-alpine to 3-eclipse-temurin-25-alpineUpdates
eclipse-temurinfrom 21-alpine to 25-alpineUpdates
mavenfrom 3-eclipse-temurin-22-alpine to 3-eclipse-temurin-25-alpineUpdates
eclipse-temurinfrom 21-alpine to 25-alpineUpdates
golangfrom 1.25-alpine to 1.26-alpineUpdates
golangfrom 1.25-alpine to 1.26-alpine