Skip to content

chore: CR-32904 - update docker compose to v5.0.1 #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
masontikhonov merged 3 commits into from
Jan 16, 2026
Merged

chore: CR-32904 - update docker compose to v5.0.1 #22

masontikhonov merged 3 commits into from
Jan 16, 2026

Conversation

@vadim-kharin-codefresh
Copy link

@vadim-kharin-codefresh vadim-kharin-codefresh commented Jan 9, 2026
edited by masontikhonov
Loading

What

This upgrades compose to v5.

Fixes #CR-32167, #CR-32171

Labels

Assign the following labels to the PR:

security - to trigger image scanning in CI build

PR Comments

Add the following comments to the PR:

/e2e - to trigger E2E build

Security Report

Note

Compared security scans:

Current image:
quay.io/codefresh/dev/compose:chorecr-32904@sha256:75fb0bbd1d13b0fe2b9e4519bd979a3da56c526ca01ec26f2472f48b7af44311

Baseline:
quay.io/codefresh/compose:main@sha256:e3aa1dff9a679e3ddf4a1d0291914a1963ee74dedafd9ec5d159ddcae8460b09

Important

Current summary is in beta mode.
Please analyze the full scan report for comprehensive details.

Fixed CVEs: 7

🔴 High: 2

  • CVE-2025-61729 in crypto/x509@1.24.9 at /usr/local/bin/docker-compose
  • CVE-2024-25621 in github.com/containerd/containerd/v2@v2.1.4 at /usr/local/bin/docker-compose

🟠 Medium: 3

  • CVE-2025-61727 in crypto/x509@1.24.9 at /usr/local/bin/docker-compose
  • CVE-2025-64329 in github.com/containerd/containerd/v2@v2.1.4 at /usr/local/bin/docker-compose
  • CVE-2025-47914 in golang.org/x/crypto/ssh/agent@v0.38.0 at /usr/local/bin/docker-compose

⚪️ Unimportant: 1

⚫ Unassigned: 1

  • CVE-2025-47913 in golang.org/x/crypto/ssh/agent@v0.38.0 at /usr/local/bin/docker-compose

@vadim-kharin-codefresh
Copy link
Author

vadim-kharin-codefresh commented Jan 9, 2026

/e2e

@vadim-kharin-codefresh
Copy link
Author

vadim-kharin-codefresh commented Jan 16, 2026

/e2e

2 similar comments
@masontikhonov
Copy link

masontikhonov commented Jan 16, 2026

/e2e

@masontikhonov
Copy link

masontikhonov commented Jan 16, 2026

/e2e

@masontikhonov masontikhonov merged commit 4616aae into main Jan 16, 2026
4 checks passed
@masontikhonov masontikhonov deleted the chore/CR-32904 branch January 16, 2026 17:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@masontikhonov masontikhonov masontikhonov approved these changes

Assignees

@vadim-kharin-codefresh vadim-kharin-codefresh

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vadim-kharin-codefresh @masontikhonov