bombardier icon indicating copy to clipboard operation
bombardier copied to clipboard

Published 20 hours ago verified publisher icon codesenberg

can't pass trivy scan

Open ozbillwang opened this issue 1 year ago • 1 comments

What version of bombardier are you using?

current latest release, v1.2.6 , but can't use the command bombardier --version to show its version

in case you've built bombardier yourself or version obtained by

$ bombardier --version

bombardier version unspecified linux/arm64

in case you are using binaries.

What operating system and processor architecture are you using (if relevant)?

  • linux/amd64
  • linux/arm64

What did you do?

Describe steps that can be used to reproduce the error.

create a image alpine/bombardier, and use trivy to scan it, there is on high reported image

https://app.circleci.com/pipelines/github/alpine-docker/bombardier/2/workflows/96d743fc-d69b-4dde-9ad6-3e4a4a02f222/jobs/3

What you expected to happen?

should be fixed, upgrade library golang.org/x/net to fixed version 0.17.0

What actually happened?

ozbillwang avatar Jan 09 '24 00:01 ozbillwang

ok, seems the issue has been fixed by latest code,

https://github.com/codesenberg/bombardier/blob/master/go.mod#L24

	golang.org/x/net v0.17.0 // indirect

but not in the latest release v1.2.6

https://github.com/codesenberg/bombardier/blob/v1.2.6/go.mod#L12

	golang.org/x/net v0.9.0

So when can we have the latest code with new release tag?

ozbillwang avatar Jan 09 '24 00:01 ozbillwang