You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Re-building mongo:latest every day/week should fix most of CVE's. In gitlab you can define scheduled pipelines, may you can use something like that also in github.
PS: If possible, please update also the go-packages, especially golang.org/x/crypto 0.25.0 (has also a critical cve). Tried to update with poetry & bazel for a MR to main repo, but seems not so easy (some dependency conflict)...
The text was updated successfully, but these errors were encountered:
Current
mongo:latest(1 months old) has some critical CVE's which should be fixed upstream:https://hub.docker.com/layers/library/mongo/latest/images/sha256-3f04076470ff9110ce77473afe54c549feaca994a29bc5ff01a549bf340acf8c
Re-building mongo:latest every day/week should fix most of CVE's. In gitlab you can define scheduled pipelines, may you can use something like that also in github.
PS: If possible, please update also the go-packages, especially
golang.org/x/crypto 0.25.0(has also a critical cve). Tried to update with poetry & bazel for a MR to main repo, but seems not so easy (some dependency conflict)...The text was updated successfully, but these errors were encountered: