From e0e04d3d11d9d7e57649f24a6ae59c36d1f141a3 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Sat, 14 Dec 2024 06:51:58 +0000 Subject: [PATCH 1/3] prometheus-podman-exporter/1.14.0 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- prometheus-podman-exporter.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/prometheus-podman-exporter.yaml b/prometheus-podman-exporter.yaml index 41d9652c05a..c1b7111db13 100644 --- a/prometheus-podman-exporter.yaml +++ b/prometheus-podman-exporter.yaml @@ -1,7 +1,7 @@ package: name: prometheus-podman-exporter - version: 1.13.3 - epoch: 2 + version: 1.14.0 + epoch: 0 description: Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information. copyright: - license: Apache-2.0 @@ -19,11 +19,7 @@ pipeline: with: repository: https://github.com/containers/prometheus-podman-exporter tag: v${{package.version}} - expected-commit: fb5d46579cced8ea862611305e66f37fe5695326 - - - uses: go/bump - with: - deps: github.com/opencontainers/runc@v1.1.14 golang.org/x/crypto@v0.31.0 github.com/containers/buildah@v1.38.0 + expected-commit: 931c57834fc6216c886a0ecda3f37ecd142d4a7e - uses: go/build with: From ff071a1d453ed45174dddc6abc54c08138e608f2 Mon Sep 17 00:00:00 2001 From: Dentrax Date: Sat, 14 Dec 2024 14:03:29 +0300 Subject: [PATCH 2/3] mitigate runc vulns Signed-off-by: Dentrax --- prometheus-podman-exporter.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/prometheus-podman-exporter.yaml b/prometheus-podman-exporter.yaml index c1b7111db13..1bd542ca6de 100644 --- a/prometheus-podman-exporter.yaml +++ b/prometheus-podman-exporter.yaml @@ -21,6 +21,10 @@ pipeline: tag: v${{package.version}} expected-commit: 931c57834fc6216c886a0ecda3f37ecd142d4a7e + - uses: go/bump + with: + deps: github.com/opencontainers/runc@v1.1.14 + - uses: go/build with: packages: . From bb80833caeeea4471ed9ddb8c6880733bc13c5ad Mon Sep 17 00:00:00 2001 From: Dentrax Date: Sat, 14 Dec 2024 14:24:55 +0300 Subject: [PATCH 3/3] fix build issue Signed-off-by: Dentrax --- prometheus-podman-exporter.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/prometheus-podman-exporter.yaml b/prometheus-podman-exporter.yaml index 1bd542ca6de..8769ebdafc2 100644 --- a/prometheus-podman-exporter.yaml +++ b/prometheus-podman-exporter.yaml @@ -23,7 +23,8 @@ pipeline: - uses: go/bump with: - deps: github.com/opencontainers/runc@v1.1.14 + deps: github.com/opencontainers/runc@v1.2.1 + replaces: github.com/opencontainers/runc=github.com/opencontainers/runc@v1.2.1 - uses: go/build with: