CVE-2024-3651

Advisory

Docker-tidy version 2.1.7 has upgraded its idna dependency to version 3.7 in response to CVE-2024-3651.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Bug Fixes

- **deps:** update dependency idna to v3.7 [security] (697) (2e78717)
- **deps:** update dependency zipp to v3.18.1 (683) (1b33fc3)
- **deps:** update dependency zipp to v3.18.0 (682) (83a32d1)

Others

- **deps:** lock file maintenance (686) (da587cd)
- **docker:** update python:3.12-alpine docker digest to ef09762 (7e2c68c)
- **deps:** update dependency thegeeklab/hugo-geekdoc to v0.45.0 (5a98f71)
- **deps:** update dependency ruff to v0.3.5 (9701519)
- **deps:** update dependency thegeeklab/hugo-geekdoc to v0.44.3 (01293f3)
- **deps:** update quay.io/thegeeklab/wp-docker-buildx docker tag to v4 (691) (cbddced)
- **docker:** update python:3.12-alpine docker digest to c7eb5c9 (4be97eb)
- **deps:** update dependency pytest-cov to v5 (688) (3e644aa)
- **deps:** update devdeps non-major (a86f86e)
- **deps:** update quay.io/thegeeklab/hugo docker tag to v0.124.1 (687) (95e7ee4)
- **deps:** update dependency ruff to v0.3.3 (73d7398)
- **docker:** update python:3.12-alpine docker digest to 25a82f6 (4459911)
- **deps:** lock file maintenance (681) (1e557bd)
- **deps:** update devdeps non-major (680) (32da9eb)
- **deps:** update dependency thegeeklab/hugo-geekdoc to v0.44.2 (1d19939)

CI Pipeline

- fix deprecated ruff command (63ca6e6)

Resources

• https://pypi.org/project/docker-tidy
• https://data.safetycli.com/changelogs/docker-tidy/
• https://github.com/thegeeklab/docker-tidy/pull/697
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3651