build: upgrade dependencies

[masontikhonov]

What

This upgrades dependencies with fixes to some CVE.

Labels

Assign the following labels to the PR:

security - to trigger image scanning in CI build

PR Comments

Add the following comments to the PR:

/e2e - to trigger E2E build

Security Report

Note

Compared security scans:

Current image:
quay.io/codefresh/dev/compose:cr-32167-security-c9756a6@sha256:0f444d0473b8066171833842fd75e4157a216932a3e711a283a92974cf0d7286

Baseline:
quay.io/codefresh/compose:main@sha256:5ee214a95bf7c9e34a9122240fe6fe529786b7eb85c430d11eb1419a170a3a76

Important

Results in this section may be outdated or incomplete.
Please analyze the full scan report for comprehensive details.

Fixed CVEs: 48

🟣 Critical: 1

• CVE-2023-45853 in zlib@1:1.2.13.dfsg-1 at unknown path

🔴 High: 1

• CVE-2024-25621 in github.com/containerd/containerd/[email protected] at /usr/local/bin/docker-compose

🟠 Medium: 5

• GO-2025-3900 in github.com/go-viper/mapstructure/[email protected] at /usr/local/bin/docker-compose
• GO-2025-3787 in github.com/go-viper/mapstructure/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-47914 in golang.org/x/crypto/ssh/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-54388 in github.com/docker/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-64329 in github.com/containerd/containerd/[email protected] at /usr/local/bin/docker-compose

🟡 Low: 10

• CVE-2025-6297 in [email protected] at unknown path
• CVE-2023-50495 in [email protected] at unknown path
• CVE-2016-2781 in [email protected] at unknown path
• CVE-2025-14104 in [email protected]+deb12u3 at unknown path
• CVE-2024-22365 in [email protected]+deb12u1 at unknown path
• CVE-2025-30258 in [email protected]+deb12u1 at unknown path
• CVE-2025-6141 in [email protected] at unknown path
• CVE-2025-9820 in [email protected]+deb12u5 at unknown path
• CVE-2025-6020 in [email protected]+deb12u1 at unknown path
• CVE-2024-10041 in [email protected]+deb12u1 at unknown path

⚪️ Unimportant: 16

• CVE-2023-31486 in [email protected]+deb12u3 at unknown path
• CVE-2018-6829 in [email protected] at unknown path
• CVE-2018-20796 in [email protected]+deb12u13 at unknown path
• CVE-2022-27943 in [email protected]+deb12u1 at unknown path
• CVE-2022-0563 in [email protected]+deb12u3 at unknown path
• CVE-2017-18018 in [email protected] at unknown path
• CVE-2011-3374 in [email protected] at unknown path
• CVE-2022-3219 in [email protected]+deb12u1 at unknown path
• CVE-2011-4116 in [email protected]+deb12u3 at unknown path
• CVE-2025-5278 in [email protected] at unknown path
• CVE-2024-2236 in [email protected] at unknown path
• CVE-2013-4392 in [email protected]~deb12u1 at unknown path
• CVE-2011-3389 in [email protected]+deb12u5 at unknown path
• CVE-2010-4756 in [email protected]+deb12u13 at unknown path
• CVE-2007-5686 in shadow@1:4.13+dfsg1-1+deb12u1 at unknown path
• CVE-2005-2541 in [email protected]+dfsg-1.2+deb12u1 at unknown path

⚫ Unassigned: 15

• CVE-2025-61729 in crypto/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-61725 in net/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-61723 in encoding/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-58188 in crypto/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-58187 in crypto/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-47913 in golang.org/x/crypto/ssh/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-4673 in net/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-61727 in crypto/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-47906 in os/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-61724 in net/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-58189 in crypto/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-58186 in net/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-58185 in encoding/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-47912 in net/[email protected] at /usr/local/bin/docker-compose
• CVE-2025-58183 in archive/[email protected] at /usr/local/bin/docker-compose

[masontikhonov]

/e2e

[masontikhonov]

/e2e

[masontikhonov]

/e2e

[masontikhonov]

/e2e

[masontikhonov]

/e2e