Many CVE in docker image - need update of Go package to 1.21.11

[stefandevo]

What version of Bun is running?

1.3.4

What platform is your computer?

Docker

What steps can reproduce the bug?

The base image oven/bun:1.3.4-alpine contains 9 CVE

CVE-2024-24790 Critical 9.8 Yes Unspecified go Go stdlib
CVE-2023-39323 High 8.1 Yes Unspecified go Go stdlib
CVE-2023-45285 High 7.5 Yes Unspecified go Go stdlib
CVE-2023-39325 High 7.5 Yes Unspecified go Go stdlib
CVE-2023-44487 High 7.5 Yes Unspecified go Go stdlib
CVE-2023-39318 Medium 6.1 Yes Unspecified go Go stdlib
CVE-2024-24789 Medium 5.5 Yes Unspecified go Go stdlib
CVE-2023-39319 Medium 6.1 Yes Unspecified go Go stdlib
CVE-2023-39326 Medium 5.3 Yes Unspecified go Go stdlib

Of which 1 critical and 4 HIGH.

What is the expected behavior?

No vulnerabilities

What do you see instead?

No response

Additional information

No response

[coderabbitai]

📝 CodeRabbit Plan Mode

Generate an implementation plan and agent prompts for this issue.

• Create Plan

Examples

• Example 1
• Example 2

🔗 Similar & Duplicate Issues

Related Issues

• oven-sh/bun#22594

🔗 Related PRs

#24052 - ci: update alpine linux to 3.22 [merged]
#24053 - ci: update bun version to 1.3.1 [merged]
#24055 - all: update to debian 13 [merged]

👤 Suggested Assignees

• nektro
• JayPe69

---

🧪 Issue enrichment is currently in early access.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

[github-actions]

Found 2 possible duplicate issues:

1. Many CVE in docker image #3272
2. 3 HIGH Vulnerabilities - Docker oven/bun:slim - Debian #22594

This issue will be automatically closed as a duplicate in 3 days.

• If your issue is a duplicate, please close it and 👍 the existing issue instead
• To prevent auto-closure, add a comment or 👎 this comment

🤖 Generated with Claude Code

[stefandevo]

1.3.4 image still has the CVE issues. None of the related PRs are fixing these.