Skip to content

bump docker cli and grype rule for false positive#140

Merged
reyortiz3 merged 2 commits into
mainfrom
bump-docker-cli
Jun 23, 2026
Merged

bump docker cli and grype rule for false positive#140
reyortiz3 merged 2 commits into
mainfrom
bump-docker-cli

Conversation

@reyortiz3

@reyortiz3 reyortiz3 commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

fix CVE

NAME                         INSTALLED             FIXED IN             TYPE       VULNERABILITY        SEVERITY  EPSS         RISK  
github.com/docker/cli        v29.4.3+incompatible  29.2.0+incompatible  go-module  GO-2026-4610         High      0.4% (34th)  0.3

reyortiz3 and others added 2 commits June 23, 2026 15:15
Grype incorrectly flags github.com/docker/cli v29.6.0+incompatible for
GO-2026-4610 due to a semver comparison bug with the +incompatible suffix.
The OSV record marks this fixed in 29.2.0+incompatible; we run 29.6.0 which
is already past the fix. The vuln is also Windows-only.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@reyortiz3 reyortiz3 changed the title bump docker cli bump docker cli and grype rule for false positive Jun 23, 2026
@reyortiz3 reyortiz3 merged commit 357f447 into main Jun 23, 2026
5 checks passed
@reyortiz3 reyortiz3 deleted the bump-docker-cli branch June 23, 2026 19:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants