diff --git a/rancher-machine.advisories.yaml b/rancher-machine.advisories.yaml index 1bd36b0ba2..81a940f883 100644 --- a/rancher-machine.advisories.yaml +++ b/rancher-machine.advisories.yaml @@ -21,6 +21,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/rancher-machine scanner: grype + - timestamp: 2025-04-04T08:49:29Z + type: pending-upstream-fix + data: + note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. " - id: CGA-9m42-hjqr-hcrh aliases: @@ -39,6 +43,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/rancher-machine scanner: grype + - timestamp: 2025-04-04T08:48:37Z + type: pending-upstream-fix + data: + note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. " - id: CGA-c845-7c7f-27p3 aliases: @@ -57,6 +65,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/rancher-machine scanner: grype + - timestamp: 2025-04-04T08:50:31Z + type: pending-upstream-fix + data: + note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. " - id: CGA-cm6m-j33h-vwfx aliases: @@ -75,6 +87,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/rancher-machine scanner: grype + - timestamp: 2025-04-04T08:49:44Z + type: pending-upstream-fix + data: + note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. " - id: CGA-fw7g-fqpm-9f8p aliases: @@ -92,6 +108,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/rancher-machine scanner: grype + - timestamp: 2025-04-04T08:50:17Z + type: pending-upstream-fix + data: + note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. " - id: CGA-g4c5-rm96-2333 aliases: @@ -110,6 +130,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/rancher-machine scanner: grype + - timestamp: 2025-04-04T08:49:12Z + type: pending-upstream-fix + data: + note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. " - id: CGA-qrpj-mpf2-373m aliases: @@ -128,6 +152,11 @@ advisories: componentType: go-module componentLocation: /usr/bin/rancher-machine scanner: grype + - timestamp: 2025-04-04T08:50:00Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: v1.4.2 version of moby/moby dependency does not contain WriteProgress() func in the streamformatter.go file. - id: CGA-vx4c-qq47-4r28 aliases: @@ -146,6 +175,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/rancher-machine scanner: grype + - timestamp: 2025-04-04T08:41:44Z + type: pending-upstream-fix + data: + note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. " - id: CGA-wfj9-9xp6-q448 aliases: @@ -164,3 +197,7 @@ advisories: componentType: go-module componentLocation: /usr/bin/rancher-machine scanner: grype + - timestamp: 2025-04-04T08:48:55Z + type: pending-upstream-fix + data: + note: "rancher-machine is fork of docker/machine and uses quite old 1.4.2 version of moby/moby dependency that released at 2017. Bumping the moby/moby package to newer versions resulting build failure and we can't mitigate this. "