ratelimit icon indicating copy to clipboard operation
ratelimit copied to clipboard
verified publisher icon envoyproxy

build(deps): bump alpine from 3.20.2 to 3.20.3

Open dependabot[bot] opened this issue 1 year ago • 5 comments

Bumps alpine from 3.20.2 to 3.20.3.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Sep 09 '24 06:09 dependabot[bot]

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

github-actions[bot] avatar Oct 09 '24 08:10 github-actions[bot]

@dependabot rebase

rayseaward avatar Oct 15 '24 13:10 rayseaward

Sorry, only users with push access can use that command.

dependabot[bot] avatar Oct 15 '24 13:10 dependabot[bot]

@mattklein123 I saw that you merged the last alpine upgrade. would you be able to have a look at this one too? this will resolve https://nvd.nist.gov/vuln/detail/CVE-2024-6119 in openssl as per https://github.com/grafana/loki/issues/14140

rayseaward avatar Oct 15 '24 15:10 rayseaward

hi @mattklein123 - do you see any issues merging this change?

rayseaward avatar Oct 22 '24 12:10 rayseaward

Hi, bumping this - would be great if we could get this merged as the vulnerability is affecting us downstream 🙏🏽

samwestmoreland avatar Nov 06 '24 11:11 samwestmoreland

Hi @zirain - I saw that you were a recent committer in this repo. Would you be able to have a look?

rayseaward avatar Nov 06 '24 20:11 rayseaward

@rayseaward I'm sorry, I didn't have auth to merged this.

zirain avatar Nov 06 '24 23:11 zirain

hi @mattklein123 @ysawa0 - wondering if either of you would be able to merge this change? there's a cve in the current alpine library (in openssl CVE-2024-6119) that this would resolve. thanks!

rayseaward avatar Nov 07 '24 13:11 rayseaward