Skip to content

Upgrade Container-Resolver to 1.0.8 (AST-91283) #1099

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Upgrade Container-Resolver to 1.0.8 (AST-91283) #1099

wants to merge 5 commits into from

Conversation

cx-alex-cohen
Copy link
Member

By submitting this pull request, you agree to the terms within the Checkmarx Code of Conduct. Please review the contributing guidelines for guidance on creating high-quality pull requests.

Description

Please provide a summary of the changes and the related issue. Include relevant motivation and context.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

Related Issues

Link any related issues or tickets.

Checklist

  • I have performed a self-review of my code
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)
  • Any dependent changes have been merged and published in downstream modules
  • I have updated the CLI help for new/changed functionality in this PR (if applicable)
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used

Screenshots (if applicable)

Add screenshots to help explain your changes.

Additional Notes

Add any other relevant information.

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 4, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsec29137e-f580-4a08-82c9-34e6e16da53f

New Issues (1)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CVE-2025-24976 Go-github.1485827954.workers.dev/distribution/distribution/v3-v3.0.0-beta.1
detailsRecommended version: v3.0.1-0.20250403190400-dbca4995c83c
Description: Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry with token authentication enabled may be vu...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: KbkCZpY9DhWIHaCxSqYtcrstLLBqE3%2B4XjJWjeN0g%2FM%3D
Vulnerable Package
Fixed Issues (2)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
HIGH CVE-2024-45339 Go-github.1485827954.workers.dev/golang/glog-v1.2.2
MEDIUM CVE-2024-40635 Go-github.1485827954.workers.dev/containerd/containerd-v1.7.24

@cx-shaked-karta cx-shaked-karta changed the title Upgrade Container-Resolver to 1.0.8 (AST-00000) Upgrade Container-Resolver to 1.0.8 (AST-91283) Apr 7, 2025
@cx-elchanan-arbiv
Copy link
Contributor

In this PR, in addition to upgrading Container-Resolver to 1.0.8, there's also a version upgrade of Go from go 1.23.6 to go 1.24.1.
This requires some updates in our code.
We need to first open a PR for this upgrade, and after that, another one to upgrade the container version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cx-ben-alvo cx-ben-alvo Awaiting requested review from cx-ben-alvo

@cx-daniel-greenspan cx-daniel-greenspan Awaiting requested review from cx-daniel-greenspan

@cx-miryam-foifer cx-miryam-foifer Awaiting requested review from cx-miryam-foifer

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cx-alex-cohen @cx-elchanan-arbiv @cx-dmitri-rivin