v0.0.6
What's Changed
- Migrate off probot-CLA to new GitHub Action by @cursedcoder in #26
- Bump github.com/urfave/cli/v2 from 2.11.0 to 2.11.1 by @dependabot in #28
- Bump github.com/goreleaser/nfpm/v2 from 2.16.0 to 2.17.0 by @dependabot in #29
- Bump golang from 1.18.4 to 1.18.5 by @dependabot in #30
- Bump library/golang from 1.18.5-alpine to 1.19.0-alpine by @dependabot in #32
- Bump golang from 1.18.5 to 1.19.0 by @dependabot in #31
- Bump alpine from 3.16.1 to 3.16.2 by @dependabot in #33
- Bump github.com/urfave/cli/v2 from 2.11.1 to 2.11.2 by @dependabot in #34
- Bump github.com/goreleaser/nfpm/v2 from 2.17.0 to 2.18.0 by @dependabot in #35
- Bump github.com/goreleaser/nfpm/v2 from 2.18.0 to 2.18.1 by @dependabot in #36
- Bump github.com/rs/zerolog from 1.27.0 to 1.28.0 by @dependabot in #37
New Contributors
- @cursedcoder made their first contribution in #26
Full Changelog: v0.0.5...v0.0.6
The v0.0.5 image is getting noisy:
Pre: v0.0.5
ghcr.io/shopify/hansel:0.0.5 (alpine 3.16.1)
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)
┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤
│ zlib │ CVE-2022-37434 │ CRITICAL │ 1.2.12-r1 │ 1.2.12-r2 │ zlib: a heap-based buffer over-read or buffer overflow in │
│ │ │ │ │ │ inflate in inflate.c... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │
└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘
usr/bin/hansel (gobinary)
Total: 4 (UNKNOWN: 1, LOW: 0, MEDIUM: 1, HIGH: 2, CRITICAL: 0)
┌─────────────────────┬─────────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/crypto │ CVE-2022-27191 │ HIGH │ v0.0.0-20211215165025-cf75a172585e │ 0.0.0-20220314234659-1baeb1ce4c0b │ golang: crash in a golang.org/x/crypto/ssh server │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │
│ ├─────────────────────┼──────────┤ │ ├────────────────────────────────────────────────────────────┤
│ │ GHSA-8c26-wmh5-6g9v │ UNKNOWN │ │ │ Attackers can cause a crash in SSH servers when the server │
│ │ │ │ │ │ has... │
│ │ │ │ │ │ https://github.com/advisories/GHSA-8c26-wmh5-6g9v │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2021-44716 │ HIGH │ v0.0.0-20211007125505-59d4e928ea9d │ 0.0.0-20211209124913-491a49abca63 │ golang: net/http: limit growth of header canonicalization │
│ │ │ │ │ │ cache │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-44716 │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/sys │ CVE-2022-29526 │ MEDIUM │ v0.0.0-20211205182925-97ca703d548d │ 0.0.0-20220412211240-33da011f77ad │ golang: syscall: faccessat checks wrong group │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29526 │
└─────────────────────┴─────────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴────────────────────────────────────────────────────────────┘
Post: v0.0.6-rc
ghcr.io/shopify/hansel:0.0.5-SNAPSHOT-30c48cb-amd64 (alpine 3.16.2)
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
Contributors
cursedcoder and dependabot