Skip to content

chore: bump up inderect deps to fix vulns#2805

Merged
afdesk merged 1 commit intoaquasecurity:mainfrom
afdesk:chore/bump-vuln-deps
Nov 7, 2025
Merged

chore: bump up inderect deps to fix vulns#2805
afdesk merged 1 commit intoaquasecurity:mainfrom
afdesk:chore/bump-vuln-deps

Conversation

@afdesk
Copy link
Copy Markdown
Contributor

@afdesk afdesk commented Nov 7, 2025

Description

This PR bumps up some inderect dependencies to fix vulnerabilities:
https://github.com/aquasecurity/trivy-operator/actions/runs/19153600426/job/54749354506

Before:

$ trivy i --cache-backend memory afdesk/trivy-operator:main -q

Report Summary

┌────────────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                   Target                   │   Type   │ Vulnerabilities │ Secrets │
├────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ afdesk/trivy-operator:main (alpine 3.22.2) │  alpine  │        0        │    -    │
├────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ usr/local/bin/trivy-operator               │ gobinary │        5        │    -    │
└────────────────────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


usr/local/bin/trivy-operator (gobinary)

Total: 5 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 3, CRITICAL: 0)

┌─────────────────────────────────────┬────────────────┬──────────┬──────────┬───────────────────┬─────────────────────┬──────────────────────────────────────────────────────────────┐
│               Library               │ Vulnerability  │ Severity │  Status  │ Installed Version │    Fixed Version    │                            Title                             │
├─────────────────────────────────────┼────────────────┼──────────┼──────────┼───────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/containerd/containerd    │ CVE-2024-25621 │ HIGH     │ fixed    │ v1.7.28           │ 1.7.29              │ containerd is an open-source container runtime. Versions     │
│                                     │                │          │          │                   │                     │ 0.1.0 through ...                                            │
│                                     │                │          │          │                   │                     │ https://avd.aquasec.com/nvd/cve-2024-25621                   │
│                                     ├────────────────┼──────────┤          │                   │                     ├──────────────────────────────────────────────────────────────┤
│                                     │ CVE-2025-64329 │ MEDIUM   │          │                   │                     │ containerd CRI server: Host memory exhaustion through Attach │
│                                     │                │          │          │                   │                     │ goroutine leak                                               │
│                                     │                │          │          │                   │                     │ https://avd.aquasec.com/nvd/cve-2025-64329                   │
├─────────────────────────────────────┼────────────────┼──────────┤          ├───────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/containerd/containerd/v2 │ CVE-2024-25621 │ HIGH     │          │ v2.1.4            │ 2.0.7, 2.1.5, 2.2.0 │ containerd is an open-source container runtime. Versions     │
│                                     │                │          │          │                   │                     │ 0.1.0 through ...                                            │
│                                     │                │          │          │                   │                     │ https://avd.aquasec.com/nvd/cve-2024-25621                   │
│                                     ├────────────────┼──────────┤          │                   │                     ├──────────────────────────────────────────────────────────────┤
│                                     │ CVE-2025-64329 │ MEDIUM   │          │                   │                     │ containerd CRI server: Host memory exhaustion through Attach │
│                                     │                │          │          │                   │                     │ goroutine leak                                               │
│                                     │                │          │          │                   │                     │ https://avd.aquasec.com/nvd/cve-2025-64329                   │
├─────────────────────────────────────┼────────────────┼──────────┼──────────┼───────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/opencontainers/selinux   │ CVE-2025-52881 │ HIGH     │ affected │ v1.12.0           │                     │ runc: opencontainers/selinux: container escape and denial of │
│                                     │                │          │          │                   │                     │ service due to arbitrary write...                            │
│                                     │                │          │          │                   │                     │ https://avd.aquasec.com/nvd/cve-2025-52881                   │
└─────────────────────────────────────┴────────────────┴──────────┴──────────┴───────────────────┴─────────────────────┴──────────────────────────────────────────────────────────────┘

After:

$ trivy i -q --cache-backend memory afdesk/trivy-operator:main-new

Report Summary

┌────────────────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                     Target                     │   Type   │ Vulnerabilities │ Secrets │
├────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ afdesk/trivy-operator:main-new (alpine 3.22.2) │  alpine  │        0        │    -    │
├────────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ usr/local/bin/trivy-operator                   │ gobinary │        0        │    -    │
└────────────────────────────────────────────────┴──────────┴─────────────────┴─────────┘

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@github-actions github-actions bot added the misc label Nov 7, 2025
@afdesk afdesk marked this pull request as ready for review November 7, 2025 05:38
@afdesk afdesk requested a review from simar7 as a code owner November 7, 2025 05:38
@afdesk afdesk merged commit baa8f8e into aquasecurity:main Nov 7, 2025
8 checks passed
@afdesk afdesk deleted the chore/bump-vuln-deps branch November 7, 2025 06:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simar7 simar7 simar7 approved these changes

Assignees

No one assigned

Labels

misc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@afdesk @simar7