chore(master): release 2.5.1

[lotyp]

🤖 I have created a release beep boop

2.5.1 (2024-04-10)

Bug Fixes

• add gnupg support for phive (#38) (b7b4218)

---

This PR was generated with Release Please. See documentation.

[github-actions]

🔍 Vulnerabilities of wayofdev/php-dev:latest

📦 Image Reference wayofdev/php-dev:latest

digest	sha256:fb078e10cb88e49a128b4f02a23c5f1b055fb78f5f1e7bdf58950f08be797912
vulnerabilities
size	116 MB
packages	214

📦 Base Image php:8.1-alpine

also known as	8.1-alpine3.19 8.1-cli-alpine 8.1-cli-alpine3.19 8.1.27-alpine 8.1.27-alpine3.19 8.1.27-cli-alpine 8.1.27-cli-alpine3.19
digest	sha256:f9a59a4f072f5f357ad46bf9b44c222649d919765e56f6d01691ee11c1e3cb29
vulnerabilities

golang.org/x/net 0.8.0 (golang) pkg:golang/golang.org/x/[email protected] Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50705 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

google.golang.org/grpc 1.54.0 (golang) pkg:golang/google.golang.org/[email protected] Affected range <1.56.3 Fixed version 1.56.3 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. Patches This vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0. Along with applying the patch, users should also ensure they are using the grpc.MaxConcurrentStreams server option to apply a limit to the server's resources used for any single connection. Workarounds None. References #6703

[github-actions]

Recommended fixes for image wayofdev/php-dev:latest

Base image is php:8.1-alpine

Name	8.1.27-alpine3.19
Digest	sha256:f9a59a4f072f5f357ad46bf9b44c222649d919765e56f6d01691ee11c1e3cb29
Vulnerabilities
Pushed	3 weeks ago
Size	35 MB
Packages	49
Flavor	alpine
OS	3.19
Runtime	8.1.27

The base image is also available under the supported tag(s): 8.1-alpine3.19, 8.1-cli-alpine, 8.1-cli-alpine3.19, 8.1.27-alpine, 8.1.27-alpine3.19, 8.1.27-cli-alpine, 8.1.27-cli-alpine3.19

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
8.3-alpine Minor runtime version update Also known as: 8.3-cli-alpine 8.3-cli-alpine3.19 8-cli-alpine 8-cli-alpine3.19 cli-alpine cli-alpine3.19 alpine alpine3.19 8.3-alpine3.19 8-alpine 8-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3	3 weeks ago
8.2-alpine Minor runtime version update Also known as: 8.2-cli-alpine 8.2-cli-alpine3.19 8.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image has same number of vulnerabilities Image contains equal number of packages 8.2-alpine was pulled 1.8K times last month Image details: Size: 35 MB Flavor: alpine OS: 3.19 Runtime: 8.2	3 weeks ago
8.3.2-alpine Minor runtime version update Also known as: 8.3.2-cli-alpine 8.3.2-cli-alpine3.19 8.3.2-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 36 MB Flavor: alpine OS: 3.19 Runtime: 8.3.2	2 months ago
8.2.15-alpine Minor runtime version update Also known as: 8.2.15-cli-alpine 8.2.15-cli-alpine3.19 8.2.15-alpine3.19	Benefits: Same OS detected Minor runtime version update Image has similar size Image contains equal number of packages Image details: Size: 35 MB Flavor: alpine OS: 3.19 Runtime: 8.2.15	2 months ago

[lotyp]

🤖 Release is at https://github.com/wayofdev/docker-php-dev/releases/tag/v2.5.1 🌻