 Test User
|
66ad941549
|
fix: resolve HIGH-severity CVEs in receiptwitness image
- Bump cryptography>=46.0 to fix GHSA-r6ph-v2qm-q3c2
- Increment APT_CACHE_BUST to 1 to force fresh apt-get upgrade
for OpenSSL/libssl3t64 (fixes CVE-2026-2673, CVE-2026-28388,
CVE-2026-28389, CVE-2026-28390, CVE-2026-31790)
- Add 89 Chrome CVEs to grype.yaml ignore (Playwright bundles
Chromium — CVEs can only be resolved by upgrading Playwright)
- Add node CVE-2026-21710 to grype.yaml ignore (Playwright
bundled tooling dependency)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
|
2026-04-19 00:48:02 +00:00 |
|