deps(deps): update alpine docker tag to v3.22 #153

renovate · 2025-05-30T22:05:24Z

This PR contains the following updates:

Package	Update	Change
alpine	minor	`3.21` -> `3.22`

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2025-05-30T22:06:11Z

Outdated

🔍 Vulnerabilities of `wayofdev/php-base:latest`

📦 Image Reference wayofdev/php-base:latest

digest	`sha256:5a6d241af3518a8ad1a93606491b0f5f441e3770bd25c9423105f43057a0826e`
vulnerabilities
platform	linux/amd64
size	73 MB
packages	119

📦 Base Image php:24ac050dcc4880667a2ccf9bde874bbf97b59a2011f169da105d9d2258a935dc

also known as	`8-fpm-alpine` `8-fpm-alpine3.21` `8.4-fpm-alpine` `8.4-fpm-alpine3.21` `8.4.7-fpm-alpine` `8.4.7-fpm-alpine3.21` `fpm-alpine` `fpm-alpine3.21`
digest	`sha256:21c60daae66ca8e05c2fd6bb080adc60fc33a1fa7e50ac9c7434c8faab11f9e0`
vulnerabilities

github-actions · 2025-05-30T22:06:14Z

Outdated

Recommended fixes for image `wayofdev/php-base:latest`

Base image is php:8-fpm-alpine

Name	fpm-alpine3.21
Digest	sha256:21c60daae66ca8e05c2fd6bb080adc60fc33a1fa7e50ac9c7434c8faab11f9e0
Vulnerabilities
Pushed	3 weeks ago
Size	36 MB
Packages	53
Flavor	alpine
OS	3.21

The base image is also available under the supported tag(s): 8-fpm-alpine3.21, 8.4-fpm-alpine, 8.4-fpm-alpine3.21, 8.4.7-fpm-alpine, 8.4.7-fpm-alpine3.21, fpm-alpine, fpm-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
`8.3-fpm-alpine` Minor runtime version update Also known as: 8.3.21-fpm-alpine 8.3.21-fpm-alpine3.21 8.3-fpm-alpine3.21	Benefits: Same OS detected Minor runtime version update Image is smaller by 3.3 MB Tag was pushed more recently Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 33 MB Flavor: alpine OS: 3.21 Runtime: 8.3.21	3 weeks ago

github-actions · 2025-05-30T22:06:17Z

Outdated

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

📦 Image Reference moby/buildkit:buildx-stable-1

digest	`sha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced`
vulnerabilities
platform	linux/amd64
size	104 MB
packages	248

📦 Base Image alpine:3

also known as	`3.21` `3.21.3` `latest`
digest	`sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474`
vulnerabilities

stdlib 1.22.4 (golang)

pkg:golang/[email protected]

Affected range	`<1.23.8`
Fixed version	`1.23.8`
EPSS Score	`0.018%`
EPSS Percentile	`3rd percentile`

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.054%`
EPSS Percentile	`17th percentile`

Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.122%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Affected range	`>=1.22.0-0 <1.22.5`
Fixed version	`1.22.5`
EPSS Score	`0.200%`
EPSS Percentile	`43rd percentile`

Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.123%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

github-actions · 2025-05-30T22:06:19Z

Outdated

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

Tag	Details	Pushed	Vulnerabilities
`3` Newer image for same tag Also known as: 3.22.0 3.22 latest	Benefits: Newer image for same tag Minor OS version update Tag was pushed more recently Image has similar size Tag is latest Image has same number of vulnerabilities Image contains similar number of packages 3 was pulled 251K times last month Image details: Size: 3.8 MB OS: 3.22.0	5 hours ago

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-30T22:06:19Z

Outdated

🔍 Vulnerabilities of `wayofdev/php-base:latest`

📦 Image Reference wayofdev/php-base:latest

digest	`sha256:91ffb76f994ceb15a249cd2ae310602f8646a842cc712d1d309ebc20f15132bb`
vulnerabilities
platform	linux/amd64
size	74 MB
packages	118

📦 Base Image php:8.3-alpine

also known as	`8.3-alpine3.21` `8.3-cli-alpine` `8.3-cli-alpine3.21` `8.3.21-alpine3.21` `8.3.21-cli-alpine` `b4a7dce0f636fdead2ad82c4cc1958885ce8f27156cc65986a5fafde3c39e039`
digest	`sha256:fdd2f8e22382a7477bee883a0a5669784e6bb67abdabbb15a1b22bc9d165b0fa`
vulnerabilities

github-actions · 2025-05-30T22:06:19Z

Outdated

🔍 Vulnerabilities of `wayofdev/php-base:latest`

📦 Image Reference wayofdev/php-base:latest

digest	`sha256:621d97b022a8fc947d7ed9d2862846e97d8be375514e1c4ae1ff96fe104193da`
vulnerabilities
platform	linux/amd64
size	97 MB
packages	139

📦 Base Image php:8-alpine

also known as	`8-alpine3.21` `8-cli-alpine` `8-cli-alpine3.21` `8.4-alpine` `8.4-alpine3.21` `8.4-cli-alpine` `8.4-cli-alpine3.21` `8.4.7-alpine` `8.4.7-alpine3.21` `8.4.7-cli-alpine` `8.4.7-cli-alpine3.21` `alpine` `alpine3.21` `cli-alpine` `cli-alpine3.21` `db7a59aab999a309b5961761860f6eb2904a8ccbb73598579073f0a0641c8c64`
digest	`sha256:eba240a13bd3e5cf77a99c1b4c9ed1373e9622b0a8ac18fe3e7727c35dc40ded`
vulnerabilities

setuptools 70.3.0 (pypi)

pkg:pypi/[email protected]

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected range	`<78.1.1`
Fixed version	`78.1.1`
CVSS Score	`7.7`
CVSS Vector	`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P`
EPSS Score	`0.435%`
EPSS Percentile	`62nd percentile`

Description

Summary

A path traversal vulnerability in PackageIndex was fixed in setuptools version 78.1.1

Details
    def _download_url(self, url, tmpdir):
        # Determine download filename
        #
        name, _fragment = egg_info_for_url(url)
        if name:
            while '..' in name:
                name = name.replace('..', '.').replace('\\', '_')
        else:
            name = "__downloaded__"  # default if URL has no path contents

        if name.endswith('.[egg.zip](http://egg.zip/)'):
            name = name[:-4]  # strip the extra .zip before download

 -->       filename = os.path.join(tmpdir, name)
Here: https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88

os.path.join() discards the first argument tmpdir if the second begins with a slash or drive letter.
name is derived from a URL without sufficient sanitization. While there is some attempt to sanitize by replacing instances of '..' with '.', it is insufficient.

Risk Assessment

As easy_install and package_index are deprecated, the exploitation surface is reduced.
However, it seems this could be exploited in a similar fashion like GHSA-r9hx-vwmv-q579, and as described by POC 4 in GHSA-cx63-2mw6-8hw5 report: via malicious URLs present on the pages of a package index.

Impact

An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.

References

https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5
pypa/setuptools#4946

github-actions · 2025-05-30T22:06:22Z

Outdated

Recommended fixes for image `wayofdev/php-base:latest`

Base image is php:8.3-alpine

Name	8.3.21-alpine3.21
Digest	sha256:fdd2f8e22382a7477bee883a0a5669784e6bb67abdabbb15a1b22bc9d165b0fa
Vulnerabilities
Pushed	3 weeks ago
Size	37 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.3.21

The base image is also available under the supported tag(s): 8.3-alpine3.21, 8.3-cli-alpine, 8.3-cli-alpine3.21, 8.3.21-alpine3.21, 8.3.21-cli-alpine

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
`8.4-alpine` Minor runtime version update Also known as: 8.4.7-cli-alpine 8.4.7-cli-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8-cli-alpine 8-cli-alpine3.21 cli-alpine cli-alpine3.21 alpine alpine3.21 8.4.7-alpine 8.4.7-alpine3.21 8.4-alpine3.21 8-alpine 8-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 42 MB Flavor: alpine OS: 3.21 Runtime: 8.4.7	3 weeks ago

github-actions · 2025-05-30T22:06:22Z

Outdated

🔍 Vulnerabilities of `wayofdev/php-base:latest`

📦 Image Reference wayofdev/php-base:latest

digest	`sha256:af2e2cb607dde68b8f43c160aa49baceae9dee38261363ded13c97489b15cf3a`
vulnerabilities
platform	linux/amd64
size	92 MB
packages	139

📦 Base Image php:8.3-alpine

also known as	`8.3-alpine3.21` `8.3-cli-alpine` `8.3-cli-alpine3.21` `8.3.21-alpine3.21` `8.3.21-cli-alpine` `b4a7dce0f636fdead2ad82c4cc1958885ce8f27156cc65986a5fafde3c39e039`
digest	`sha256:fdd2f8e22382a7477bee883a0a5669784e6bb67abdabbb15a1b22bc9d165b0fa`
vulnerabilities

setuptools 70.3.0 (pypi)

pkg:pypi/[email protected]

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected range	`<78.1.1`
Fixed version	`78.1.1`
CVSS Score	`7.7`
CVSS Vector	`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P`
EPSS Score	`0.435%`
EPSS Percentile	`62nd percentile`

Description

Summary

A path traversal vulnerability in PackageIndex was fixed in setuptools version 78.1.1

Details
    def _download_url(self, url, tmpdir):
        # Determine download filename
        #
        name, _fragment = egg_info_for_url(url)
        if name:
            while '..' in name:
                name = name.replace('..', '.').replace('\\', '_')
        else:
            name = "__downloaded__"  # default if URL has no path contents

        if name.endswith('.[egg.zip](http://egg.zip/)'):
            name = name[:-4]  # strip the extra .zip before download

 -->       filename = os.path.join(tmpdir, name)
Here: https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88

os.path.join() discards the first argument tmpdir if the second begins with a slash or drive letter.
name is derived from a URL without sufficient sanitization. While there is some attempt to sanitize by replacing instances of '..' with '.', it is insufficient.

Risk Assessment

As easy_install and package_index are deprecated, the exploitation surface is reduced.
However, it seems this could be exploited in a similar fashion like GHSA-r9hx-vwmv-q579, and as described by POC 4 in GHSA-cx63-2mw6-8hw5 report: via malicious URLs present on the pages of a package index.

Impact

An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.

References

https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5
pypa/setuptools#4946

github-actions · 2025-05-30T22:06:22Z

Outdated

Recommended fixes for image `wayofdev/php-base:latest`

Base image is php:8-alpine

Name	8.4.7-alpine3.21
Digest	sha256:eba240a13bd3e5cf77a99c1b4c9ed1373e9622b0a8ac18fe3e7727c35dc40ded
Vulnerabilities
Pushed	3 weeks ago
Size	42 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.4.7

The base image is also available under the supported tag(s): 8-alpine3.21, 8-cli-alpine, 8-cli-alpine3.21, 8.4-alpine, 8.4-alpine3.21, 8.4-cli-alpine, 8.4-cli-alpine3.21, 8.4.7-alpine, 8.4.7-alpine3.21, 8.4.7-cli-alpine, 8.4.7-cli-alpine3.21, alpine, alpine3.21, cli-alpine, cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-30T22:06:25Z

Outdated

Recommended fixes for image `wayofdev/php-base:latest`

Base image is php:8.3-alpine

Name	8.3.21-alpine3.21
Digest	sha256:fdd2f8e22382a7477bee883a0a5669784e6bb67abdabbb15a1b22bc9d165b0fa
Vulnerabilities
Pushed	3 weeks ago
Size	37 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.3.21

The base image is also available under the supported tag(s): 8.3-alpine3.21, 8.3-cli-alpine, 8.3-cli-alpine3.21, 8.3.21-alpine3.21, 8.3.21-cli-alpine

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
`8.4-alpine` Minor runtime version update Also known as: 8.4.7-cli-alpine 8.4.7-cli-alpine3.21 8.4-cli-alpine 8.4-cli-alpine3.21 8-cli-alpine 8-cli-alpine3.21 cli-alpine cli-alpine3.21 alpine alpine3.21 8.4.7-alpine 8.4.7-alpine3.21 8.4-alpine3.21 8-alpine 8-alpine3.21	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 42 MB Flavor: alpine OS: 3.21 Runtime: 8.4.7	3 weeks ago

github-actions · 2025-05-30T22:06:26Z

Outdated

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

📦 Image Reference moby/buildkit:buildx-stable-1

digest	`sha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced`
vulnerabilities
platform	linux/amd64
size	104 MB
packages	248

📦 Base Image alpine:3

also known as	`3.21` `3.21.3` `latest`
digest	`sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474`
vulnerabilities

stdlib 1.22.4 (golang)

pkg:golang/[email protected]

Affected range	`<1.23.8`
Fixed version	`1.23.8`
EPSS Score	`0.018%`
EPSS Percentile	`3rd percentile`

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.054%`
EPSS Percentile	`17th percentile`

Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.122%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Affected range	`>=1.22.0-0 <1.22.5`
Fixed version	`1.22.5`
EPSS Score	`0.200%`
EPSS Percentile	`43rd percentile`

Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.123%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

github-actions · 2025-05-30T22:06:28Z

Outdated

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

Tag	Details	Pushed	Vulnerabilities
`3` Newer image for same tag Also known as: 3.22.0 3.22 latest	Benefits: Newer image for same tag Minor OS version update Tag was pushed more recently Image has similar size Tag is latest Image has same number of vulnerabilities Image contains similar number of packages 3 was pulled 251K times last month Image details: Size: 3.8 MB OS: 3.22.0	5 hours ago

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-30T22:06:28Z

Outdated

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

📦 Image Reference moby/buildkit:buildx-stable-1

digest	`sha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced`
vulnerabilities
platform	linux/amd64
size	104 MB
packages	248

📦 Base Image alpine:3

also known as	`3.21` `3.21.3` `latest`
digest	`sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474`
vulnerabilities

stdlib 1.22.4 (golang)

pkg:golang/[email protected]

Affected range	`<1.23.8`
Fixed version	`1.23.8`
EPSS Score	`0.018%`
EPSS Percentile	`3rd percentile`

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.054%`
EPSS Percentile	`17th percentile`

Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.122%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Affected range	`>=1.22.0-0 <1.22.5`
Fixed version	`1.22.5`
EPSS Score	`0.200%`
EPSS Percentile	`43rd percentile`

Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.123%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

github-actions · 2025-05-30T22:06:31Z

Outdated

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

Tag	Details	Pushed	Vulnerabilities
`3` Newer image for same tag Also known as: 3.22.0 3.22 latest	Benefits: Newer image for same tag Minor OS version update Tag was pushed more recently Image has similar size Tag is latest Image has same number of vulnerabilities Image contains similar number of packages 3 was pulled 251K times last month Image details: Size: 3.8 MB OS: 3.22.0	5 hours ago

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-30T22:06:32Z

Outdated

🔍 Vulnerabilities of `wayofdev/php-base:latest`

📦 Image Reference wayofdev/php-base:latest

digest	`sha256:51e1317a46df910723253d9e835f9f987c302b26857c0b921e28cfbbc2be40da`
vulnerabilities
platform	linux/amd64
size	79 MB
packages	118

📦 Base Image php:8-alpine

also known as	`8-alpine3.21` `8-cli-alpine` `8-cli-alpine3.21` `8.4-alpine` `8.4-alpine3.21` `8.4-cli-alpine` `8.4-cli-alpine3.21` `8.4.7-alpine` `8.4.7-alpine3.21` `8.4.7-cli-alpine` `8.4.7-cli-alpine3.21` `alpine` `alpine3.21` `cli-alpine` `cli-alpine3.21` `db7a59aab999a309b5961761860f6eb2904a8ccbb73598579073f0a0641c8c64`
digest	`sha256:eba240a13bd3e5cf77a99c1b4c9ed1373e9622b0a8ac18fe3e7727c35dc40ded`
vulnerabilities

github-actions · 2025-05-30T22:06:32Z

Outdated

🔍 Vulnerabilities of `wayofdev/php-base:latest`

📦 Image Reference wayofdev/php-base:latest

digest	`sha256:108cb03ee63a7ca1553376ef9f9b0a81812ed6733a06efc7417659e9557991de`
vulnerabilities
platform	linux/amd64
size	69 MB
packages	119

📦 Base Image php:8.3-fpm-alpine

also known as	`8.3-fpm-alpine3.21` `8.3.21-fpm-alpine` `8.3.21-fpm-alpine3.21` `e6101f30b201bbb04ad5b0359f9127cb7732865bd4b64b41206416306bc5d2d3`
digest	`sha256:7850e3eed24f02f136de8adc3d3404902aaa779fc3b430165b85d9ed96e99dce`
vulnerabilities

github-actions · 2025-05-30T22:06:35Z

Outdated

Recommended fixes for image `wayofdev/php-base:latest`

Base image is php:8.3-fpm-alpine

Name	8.3.21-fpm-alpine3.21
Digest	sha256:7850e3eed24f02f136de8adc3d3404902aaa779fc3b430165b85d9ed96e99dce
Vulnerabilities
Pushed	3 weeks ago
Size	33 MB
Packages	53
Flavor	alpine
OS	3.21
Runtime	8.3.21

The base image is also available under the supported tag(s): 8.3-fpm-alpine3.21, 8.3.21-fpm-alpine, 8.3.21-fpm-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
`8.4-fpm-alpine` Image has same number of vulnerabilities Also known as: 8.4.7-fpm-alpine 8.4.7-fpm-alpine3.21 8.4-fpm-alpine3.21 8-fpm-alpine 8-fpm-alpine3.21 fpm-alpine fpm-alpine3.21	Benefits: Same OS detected Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.21	3 weeks ago

github-actions · 2025-05-30T22:06:35Z

Outdated

Recommended fixes for image `wayofdev/php-base:latest`

Base image is php:8-alpine

Name	8.4.7-alpine3.21
Digest	sha256:eba240a13bd3e5cf77a99c1b4c9ed1373e9622b0a8ac18fe3e7727c35dc40ded
Vulnerabilities
Pushed	3 weeks ago
Size	42 MB
Packages	52
Flavor	alpine
OS	3.21
Runtime	8.4.7

The base image is also available under the supported tag(s): 8-alpine3.21, 8-cli-alpine, 8-cli-alpine3.21, 8.4-alpine, 8.4-alpine3.21, 8.4-cli-alpine, 8.4-cli-alpine3.21, 8.4.7-alpine, 8.4.7-alpine3.21, 8.4.7-cli-alpine, 8.4.7-cli-alpine3.21, alpine, alpine3.21, cli-alpine, cli-alpine3.21

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-30T22:06:38Z

Outdated

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

📦 Image Reference moby/buildkit:buildx-stable-1

digest	`sha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced`
vulnerabilities
platform	linux/amd64
size	104 MB
packages	248

📦 Base Image alpine:3

also known as	`3.21` `3.21.3` `latest`
digest	`sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474`
vulnerabilities

stdlib 1.22.4 (golang)

pkg:golang/[email protected]

Affected range	`<1.23.8`
Fixed version	`1.23.8`
EPSS Score	`0.018%`
EPSS Percentile	`3rd percentile`

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.054%`
EPSS Percentile	`17th percentile`

Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.122%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Affected range	`>=1.22.0-0 <1.22.5`
Fixed version	`1.22.5`
EPSS Score	`0.200%`
EPSS Percentile	`43rd percentile`

Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.123%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

github-actions · 2025-05-30T22:06:40Z

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

📦 Image Reference moby/buildkit:buildx-stable-1

digest	`sha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced`
vulnerabilities
platform	linux/amd64
size	104 MB
packages	248

📦 Base Image alpine:3

also known as	`3.21` `3.21.3` `latest`
digest	`sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474`
vulnerabilities

stdlib 1.22.4 (golang)

pkg:golang/[email protected]

Affected range	`<1.23.8`
Fixed version	`1.23.8`
EPSS Score	`0.018%`
EPSS Percentile	`3rd percentile`

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.054%`
EPSS Percentile	`17th percentile`

Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.122%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Affected range	`>=1.22.0-0 <1.22.5`
Fixed version	`1.22.5`
EPSS Score	`0.200%`
EPSS Percentile	`43rd percentile`

Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.123%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

github-actions · 2025-05-30T22:06:40Z

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

📦 Image Reference moby/buildkit:buildx-stable-1

digest	`sha256:8124f5e2ddf9a4985ca653c7bd4bb0132eef4316aaf2975181a5f6a9d0f14ced`
vulnerabilities
platform	linux/amd64
size	104 MB
packages	248

📦 Base Image alpine:3

also known as	`3.21` `3.21.3` `latest`
digest	`sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474`
vulnerabilities

stdlib 1.22.4 (golang)

pkg:golang/[email protected]

Affected range	`<1.23.8`
Fixed version	`1.23.8`
EPSS Score	`0.018%`
EPSS Percentile	`3rd percentile`

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.054%`
EPSS Percentile	`17th percentile`

Description

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.122%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Affected range	`>=1.22.0-0 <1.22.5`
Fixed version	`1.22.5`
EPSS Score	`0.200%`
EPSS Percentile	`43rd percentile`

Description

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Affected range	`<1.22.7`
Fixed version	`1.22.7`
EPSS Score	`0.123%`
EPSS Percentile	`33rd percentile`

Description

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

github-actions · 2025-05-30T22:06:41Z

Outdated

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

Tag	Details	Pushed	Vulnerabilities
`3` Newer image for same tag Also known as: 3.22.0 3.22 latest	Benefits: Newer image for same tag Minor OS version update Tag was pushed more recently Image has similar size Tag is latest Image has same number of vulnerabilities Image contains similar number of packages 3 was pulled 251K times last month Image details: Size: 3.8 MB OS: 3.22.0	5 hours ago

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-30T22:06:43Z

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

Tag	Details	Pushed	Vulnerabilities
`3` Newer image for same tag Also known as: 3.22.0 3.22 latest	Benefits: Newer image for same tag Minor OS version update Tag was pushed more recently Image has similar size Tag is latest Image has same number of vulnerabilities Image contains similar number of packages 3 was pulled 251K times last month Image details: Size: 3.8 MB OS: 3.22.0	5 hours ago

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-05-30T22:06:43Z

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Base image is alpine:3

Name	3.21.3
Digest	sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Vulnerabilities
Pushed	3 months ago
Size	3.6 MB
Packages	19
OS	3.21.3

The base image is also available under the supported tag(s): 3.21, 3.21.3, latest

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

Tag	Details	Pushed	Vulnerabilities
`3` Newer image for same tag Also known as: 3.22.0 3.22 latest	Benefits: Newer image for same tag Minor OS version update Tag was pushed more recently Image has similar size Tag is latest Image has same number of vulnerabilities Image contains similar number of packages 3 was pulled 251K times last month Image details: Size: 3.8 MB OS: 3.22.0	5 hours ago

Change base image

✅ There are no tag recommendations at this time.

deps(deps): update alpine docker tag to v3.22

4c670b5

renovate bot enabled auto-merge (squash) May 30, 2025 22:05

renovate bot requested a review from lotyp as a code owner May 30, 2025 22:05

way-finder-bot self-requested a review May 30, 2025 22:07

way-finder-bot self-assigned this May 30, 2025

way-finder-bot approved these changes May 30, 2025

View reviewed changes

renovate bot merged commit 554c6fc into master May 30, 2025
19 of 20 checks passed

renovate bot deleted the renovate/alpine-3.x branch May 30, 2025 22:07

lotyp mentioned this pull request May 30, 2025

chore(master): release 2.8.21 #154

Merged

Uh oh!

deps(deps): update alpine docker tag to v3.22 #153

deps(deps): update alpine docker tag to v3.22 #153

Uh oh!

Conversation

renovate bot commented May 30, 2025

Configuration

Uh oh!

github-actions bot commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🔍 Vulnerabilities of wayofdev/php-base:latest

Uh oh!

github-actions bot commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Recommended fixes for image wayofdev/php-base:latest

Refresh base image

Change base image

Uh oh!

github-actions bot commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

Uh oh!

github-actions bot commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Recommended fixes for image moby/buildkit:buildx-stable-1

Refresh base image

Change base image

Uh oh!

github-actions bot commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🔍 Vulnerabilities of wayofdev/php-base:latest

Uh oh!

github-actions bot commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🔍 Vulnerabilities of wayofdev/php-base:latest

Summary

Details

Risk Assessment

Impact

References

Uh oh!

github-actions bot commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Recommended fixes for image wayofdev/php-base:latest

Refresh base image

Change base image

Uh oh!

github-actions bot commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🔍 Vulnerabilities of wayofdev/php-base:latest

Summary

Details

Risk Assessment

Impact

References

Uh oh!

github-actions bot commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Recommended fixes for image wayofdev/php-base:latest

Refresh base image

Change base image

Uh oh!

github-actions bot commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Recommended fixes for image wayofdev/php-base:latest

Refresh base image

Change base image

Uh oh!

github-actions bot commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🔍 Vulnerabilities of moby/buildkit:buildx-stable-1

Uh oh!

github-actions bot commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Recommended fixes for image moby/buildkit:buildx-stable-1

Refresh base image

Change base image

Uh oh!

github-actions bot commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

github-actions bot commented May 30, 2025 •

edited

Loading

🔍 Vulnerabilities of `wayofdev/php-base:latest`

github-actions bot commented May 30, 2025 •

edited

Loading

Recommended fixes for image `wayofdev/php-base:latest`

github-actions bot commented May 30, 2025 •

edited

Loading

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

github-actions bot commented May 30, 2025 •

edited

Loading

Recommended fixes for image `moby/buildkit:buildx-stable-1`

github-actions bot commented May 30, 2025 •

edited

Loading

🔍 Vulnerabilities of `wayofdev/php-base:latest`

github-actions bot commented May 30, 2025 •

edited

Loading

🔍 Vulnerabilities of `wayofdev/php-base:latest`

github-actions bot commented May 30, 2025 •

edited

Loading

Recommended fixes for image `wayofdev/php-base:latest`

github-actions bot commented May 30, 2025 •

edited

Loading

🔍 Vulnerabilities of `wayofdev/php-base:latest`

github-actions bot commented May 30, 2025 •

edited

Loading

Recommended fixes for image `wayofdev/php-base:latest`

github-actions bot commented May 30, 2025 •

edited

Loading

Recommended fixes for image `wayofdev/php-base:latest`

github-actions bot commented May 30, 2025 •

edited

Loading

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

github-actions bot commented May 30, 2025 •

edited

Loading

Recommended fixes for image `moby/buildkit:buildx-stable-1`

github-actions bot commented May 30, 2025 •

edited

Loading

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

github-actions bot commented May 30, 2025 •

edited

Loading

Recommended fixes for image `moby/buildkit:buildx-stable-1`

github-actions bot commented May 30, 2025 •

edited

Loading

🔍 Vulnerabilities of `wayofdev/php-base:latest`

github-actions bot commented May 30, 2025 •

edited

Loading

🔍 Vulnerabilities of `wayofdev/php-base:latest`

github-actions bot commented May 30, 2025 •

edited

Loading

Recommended fixes for image `wayofdev/php-base:latest`

github-actions bot commented May 30, 2025 •

edited

Loading

Recommended fixes for image `wayofdev/php-base:latest`

github-actions bot commented May 30, 2025 •

edited

Loading

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

🔍 Vulnerabilities of `moby/buildkit:buildx-stable-1`

github-actions bot commented May 30, 2025 •

edited

Loading

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Recommended fixes for image `moby/buildkit:buildx-stable-1`

Recommended fixes for image `moby/buildkit:buildx-stable-1`