diff --git a/oci/grafana/.trivyignore b/oci/grafana/.trivyignore index 1448aba4..c0d408b4 100644 --- a/oci/grafana/.trivyignore +++ b/oci/grafana/.trivyignore @@ -2,3 +2,11 @@ # goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors. CVE-2023-37788 +# go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc - DoS vulnerability in otelgrpc due to unbound cardinality metrics +CVE-2023-47108 +# go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace - opentelemetry: DoS vulnerability in otelhttp +CVE-2023-45142 +# golang.org/x/net - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) +CVE-2023-39325 +# google.golang.org/grpc - gRPC-Go HTTP/2 Rapid Reset vulnerability +GHSA-m425-mq94-257g diff --git a/oci/grafana/image.yaml b/oci/grafana/image.yaml index 067bccca..c8edabc3 100644 --- a/oci/grafana/image.yaml +++ b/oci/grafana/image.yaml @@ -1,19 +1,34 @@ version: 1 - upload: - source: canonical/grafana-rock - commit: 2debe0d755f985292dda793bdab5fbbe14f201e9 + commit: d0835afb61d9cfbb96e704959bd7cfbe99b4ee94 directory: 10.0.3 release: 10.0.3-22.04: - end-of-life: "2024-08-16T00:00:00Z" + end-of-life: "2024-12-08T00:00:00Z" risks: - stable 10.0-22.04: - end-of-life: "2024-08-16T00:00:00Z" + end-of-life: "2024-12-08T00:00:00Z" risks: - stable 10-22.04: - end-of-life: "2024-08-16T00:00:00Z" + end-of-life: "2024-12-08T00:00:00Z" + risks: + - stable + - source: canonical/grafana-rock + commit: d0835afb61d9cfbb96e704959bd7cfbe99b4ee94 + directory: 10.2.0 + release: + 10.2.0-22.04: + end-of-life: "2024-12-08T00:00:00Z" + risks: + - stable + 10.2-22.04: + end-of-life: "2024-12-08T00:00:00Z" + risks: + - stable + 10-22.04: + end-of-life: "2024-12-08T00:00:00Z" risks: - stable