Bump docker+machine version to v0.16.2-gitlab.27 (!4859) · Merge requests · GitLab.org / gitlab-runner

Hannes Hörl requested to merge hhoerl/bump-docker-machine into main Jul 03, 2024

What does this MR do?

Bumps docker+machine to v0.16.2-gitlab.27.

Why was this MR needed?

This bump addresses some CVEs, most prominently CVE-2024-24790. See: gitlab-org/ci-cd/docker-machine!131 (merged) The ultimate goal here is to fix CVE-2024-24790 in our UBI container images; the docker-machine binary is one offender.

What's the best way to test this MR?

run grype / trivy against the resulting container image, and see that the binary docker-machine is flagged as vulberable for CVE-2024-24790.

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-runner/-/issues/37826
https://gitlab.com/gitlab-org/gitlab-runner/-/issues/37827

Bump docker+machine version to v0.16.2-gitlab.27

What does this MR do?

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

Merge request reports