From ce8e96290cd4b4c4f33414239e1dd81a7c0884a4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 Jul 2024 09:06:26 +0200 Subject: [PATCH 1/2] build(deps): bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 (#953) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.23.0 to 0.24.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/7c2007bcb556501da015201bcba5aa14069b74e2...6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/on-pr.yaml | 2 +- .github/workflows/on-tag.yaml | 2 +- .github/workflows/periodics-daily.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/on-pr.yaml b/.github/workflows/on-pr.yaml index 38e41f2..46ed0be 100644 --- a/.github/workflows/on-pr.yaml +++ b/.github/workflows/on-pr.yaml @@ -88,7 +88,7 @@ jobs: - name: Build image run: VERSION="${{ steps.tags.outputs.sha_short }}" make image - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 with: image-ref: 'ghcr.io/${{ github.repository }}:${{ steps.tags.outputs.sha_short }}' format: 'table' diff --git a/.github/workflows/on-tag.yaml b/.github/workflows/on-tag.yaml index 8878bfe..4a03ad5 100644 --- a/.github/workflows/on-tag.yaml +++ b/.github/workflows/on-tag.yaml @@ -51,7 +51,7 @@ jobs: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tags.outputs.version }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 with: image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tags.outputs.version }}' format: 'table' diff --git a/.github/workflows/periodics-daily.yaml b/.github/workflows/periodics-daily.yaml index c4817d1..40ba746 100644 --- a/.github/workflows/periodics-daily.yaml +++ b/.github/workflows/periodics-daily.yaml @@ -70,7 +70,7 @@ jobs: - name: Build artifacts run: VERSION="${{ steps.tags.outputs.sha_short }}" make image - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 with: image-ref: 'ghcr.io/${{ github.repository }}:${{ steps.tags.outputs.sha_short }}' format: 'table' From 66cfca4a603307e0c1c917184cb84368e8ba6b44 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Jul 2024 17:47:56 +0000 Subject: [PATCH 2/2] build(deps): bump alpine from 3.20.1 to 3.20.2 Bumps alpine from 3.20.1 to 3.20.2. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index eb3864c..3fdd387 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM alpine:3.20.1 as bin +FROM --platform=$TARGETPLATFORM alpine:3.20.2 as bin ARG TARGETOS ARG TARGETARCH @@ -19,7 +19,7 @@ RUN set -ex \ esac \ && cp /dist/kured_${TARGETOS}_${TARGETARCH}${SUFFIX}/kured /dist/kured; -FROM --platform=$TARGETPLATFORM alpine:3.20.1 +FROM --platform=$TARGETPLATFORM alpine:3.20.2 RUN apk update --no-cache && apk upgrade --no-cache && apk add --no-cache ca-certificates tzdata COPY --from=bin /dist/kured /usr/bin/kured ENTRYPOINT ["/usr/bin/kured"]