chore(deps): update dependency valyentdev/ravel to v0.7.0 #9685

uniget-bot · 2025-01-18T16:33:23Z

This PR contains the following updates:

Package	Update	Change
valyentdev/ravel	minor	`0.6.1` -> `0.7.0`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

valyentdev/ravel (valyentdev/ravel)

`v0.7.0`

Compare Source

Changelog

3436102 fix: wrong working dir in initd
2f8a243 feat: add persistent disks on raveld with ZFS
60e1d20 fix: chown recursively in mkdirAllAndChown
4a9efea fix: jailer binary path
204e68c chore: prepare runtime drivers
45ddf6b remove illustration

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

nicholasdille-bot

Auto-approved because label type/renovate is present.

github-actions · 2025-01-18T16:36:03Z

🔍 Vulnerabilities of `ghcr.io/uniget-org/tools/ravel:0.7.0`

📦 Image Reference ghcr.io/uniget-org/tools/ravel:0.7.0

digest	`sha256:6ae79c43465b1624921f60f91decd81695d9da8eca8a8a260b75dd72f0e8cce3`
vulnerabilities
platform	linux/amd64
size	21 MB
packages	110

github.com/u-root/u-root 0.14.0 (golang)

pkg:golang/github.com/u-root/u-root@0.14.0

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range	`<=v7.0.0`
Fixed version	Not Fixed
CVSS Score	`7.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N`

Description

This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range	`<=7.0.0`
Fixed version	Not Fixed
CVSS Score	`7.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N`

Description

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.

github-actions · 2025-01-18T16:36:25Z

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/12845691897.

github-actions · 2025-01-18T16:36:27Z

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/12845691897.

chore(deps): update dependency valyentdev/ravel to v0.7.0

51bceec

uniget-bot added bump/minor type/renovate labels Jan 18, 2025

nicholasdille-bot approved these changes Jan 18, 2025

View reviewed changes

github-actions bot merged commit e10c4e6 into main Jan 18, 2025
10 checks passed

github-actions bot deleted the renovate/valyentdev-ravel-0.x branch January 18, 2025 16:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency valyentdev/ravel to v0.7.0 #9685

chore(deps): update dependency valyentdev/ravel to v0.7.0 #9685

uniget-bot commented Jan 18, 2025

nicholasdille-bot left a comment

github-actions bot commented Jan 18, 2025

github-actions bot commented Jan 18, 2025

github-actions bot commented Jan 18, 2025

chore(deps): update dependency valyentdev/ravel to v0.7.0 #9685

chore(deps): update dependency valyentdev/ravel to v0.7.0 #9685

Conversation

uniget-bot commented Jan 18, 2025

Release Notes

v0.7.0

Changelog

Configuration

nicholasdille-bot left a comment

Choose a reason for hiding this comment

github-actions bot commented Jan 18, 2025

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/ravel:0.7.0

github-actions bot commented Jan 18, 2025

github-actions bot commented Jan 18, 2025

`v0.7.0`

🔍 Vulnerabilities of `ghcr.io/uniget-org/tools/ravel:0.7.0`