fix: add architecture input to zarf pull in upgrade by JeffResc · Pull Request #596 · defenseunicorns/uds-common

JeffResc · 2025-12-19T05:00:12Z

Description

add architecture input to zarf pull in upgrade

Checklist before merging

ADR proposed if making an architectural change to the repo
Tests run, docs added or updated as needed

github-actions · 2025-12-19T05:01:40Z

nginx `1.29.4` -> `1.29.4`

New vulnerabilities: 0
Fixed vulnerabilities: 0
Existing vulnerabilities: 101

New vulnerabilities

ID	SEVERITY	URL

Fixed vulnerabilities

ID	SEVERITY	URL

Existing vulnerabilities

ID	SEVERITY	URL
CVE-2025-7425	high	https://security-tracker.debian.org/tracker/CVE-2025-7425
CVE-2025-65018	high	https://security-tracker.debian.org/tracker/CVE-2025-65018
CVE-2025-66293	high	https://security-tracker.debian.org/tracker/CVE-2025-66293
CVE-2025-59375	high	https://security-tracker.debian.org/tracker/CVE-2025-59375
CVE-2025-64720	high	https://security-tracker.debian.org/tracker/CVE-2025-64720
CVE-2025-64505	medium	https://security-tracker.debian.org/tracker/CVE-2025-64505
CVE-2024-38950	medium	https://security-tracker.debian.org/tracker/CVE-2024-38950
CVE-2025-14104	medium	https://security-tracker.debian.org/tracker/CVE-2025-14104
CVE-2025-64506	medium	https://security-tracker.debian.org/tracker/CVE-2025-64506
CVE-2025-14104	medium	https://security-tracker.debian.org/tracker/CVE-2025-14104
CVE-2025-14104	medium	https://security-tracker.debian.org/tracker/CVE-2025-14104
CVE-2025-14104	medium	https://security-tracker.debian.org/tracker/CVE-2025-14104
CVE-2025-14104	medium	https://security-tracker.debian.org/tracker/CVE-2025-14104
CVE-2025-7709	medium	https://security-tracker.debian.org/tracker/CVE-2025-7709
CVE-2025-14104	medium	https://security-tracker.debian.org/tracker/CVE-2025-14104
CVE-2025-14104	medium	https://security-tracker.debian.org/tracker/CVE-2025-14104
CVE-2025-10911	medium	https://security-tracker.debian.org/tracker/CVE-2025-10911
CVE-2024-38949	medium	https://security-tracker.debian.org/tracker/CVE-2024-38949
CVE-2025-14104	medium	https://security-tracker.debian.org/tracker/CVE-2025-14104
CVE-2025-14104	medium	https://security-tracker.debian.org/tracker/CVE-2025-14104
CVE-2013-0337	low	https://security-tracker.debian.org/tracker/CVE-2013-0337
CVE-2024-56433	low	https://security-tracker.debian.org/tracker/CVE-2024-56433
CVE-2025-11731	low	https://security-tracker.debian.org/tracker/CVE-2025-11731
CVE-2025-6141	low	https://security-tracker.debian.org/tracker/CVE-2025-6141
CVE-2025-6141	low	https://security-tracker.debian.org/tracker/CVE-2025-6141
CVE-2025-66382	low	https://security-tracker.debian.org/tracker/CVE-2025-66382
CVE-2024-56433	low	https://security-tracker.debian.org/tracker/CVE-2024-56433
CVE-2025-6141	low	https://security-tracker.debian.org/tracker/CVE-2025-6141
CVE-2024-2236	none	https://security-tracker.debian.org/tracker/CVE-2024-2236
CVE-2019-1010024	none	https://security-tracker.debian.org/tracker/CVE-2019-1010024
CVE-2023-31438	none	https://security-tracker.debian.org/tracker/CVE-2023-31438
CVE-2024-26461	none	https://security-tracker.debian.org/tracker/CVE-2024-26461
CVE-2025-10966	none	https://security-tracker.debian.org/tracker/CVE-2025-10966
CVE-2018-20796	none	https://security-tracker.debian.org/tracker/CVE-2018-20796
CVE-2024-26461	none	https://security-tracker.debian.org/tracker/CVE-2024-26461
CVE-2024-26461	none	https://security-tracker.debian.org/tracker/CVE-2024-26461
CVE-2022-0563	none	https://security-tracker.debian.org/tracker/CVE-2022-0563
CVE-2022-0563	none	https://security-tracker.debian.org/tracker/CVE-2022-0563
CVE-2025-8732	none	https://security-tracker.debian.org/tracker/CVE-2025-8732
CVE-2019-1010025	none	https://security-tracker.debian.org/tracker/CVE-2019-1010025
CVE-2024-26458	none	https://security-tracker.debian.org/tracker/CVE-2024-26458
CVE-2007-5686	none	https://security-tracker.debian.org/tracker/CVE-2007-5686
CVE-2018-6829	none	https://security-tracker.debian.org/tracker/CVE-2018-6829
CVE-2017-9937	none	https://security-tracker.debian.org/tracker/CVE-2017-9937
CVE-2023-31437	none	https://security-tracker.debian.org/tracker/CVE-2023-31437
CVE-2022-0563	none	https://security-tracker.debian.org/tracker/CVE-2022-0563
CVE-2011-3389	none	https://security-tracker.debian.org/tracker/CVE-2011-3389
CVE-2018-20796	none	https://security-tracker.debian.org/tracker/CVE-2018-20796
CVE-2013-4392	none	https://security-tracker.debian.org/tracker/CVE-2013-4392
CVE-2022-0563	none	https://security-tracker.debian.org/tracker/CVE-2022-0563
CVE-2010-4756	none	https://security-tracker.debian.org/tracker/CVE-2010-4756
CVE-2025-5278	none	https://security-tracker.debian.org/tracker/CVE-2025-5278
CVE-2019-1010025	none	https://security-tracker.debian.org/tracker/CVE-2019-1010025
CVE-2009-4487	none	https://security-tracker.debian.org/tracker/CVE-2009-4487
CVE-2011-3374	none	https://security-tracker.debian.org/tracker/CVE-2011-3374
CVE-2019-1010023	none	https://security-tracker.debian.org/tracker/CVE-2019-1010023
CVE-2021-45346	none	https://security-tracker.debian.org/tracker/CVE-2021-45346
CVE-2023-31439	none	https://security-tracker.debian.org/tracker/CVE-2023-31439
CVE-2013-4392	none	https://security-tracker.debian.org/tracker/CVE-2013-4392
CVE-2018-5709	none	https://security-tracker.debian.org/tracker/CVE-2018-5709
CVE-2023-31439	none	https://security-tracker.debian.org/tracker/CVE-2023-31439
CVE-2022-1210	none	https://security-tracker.debian.org/tracker/CVE-2022-1210
CVE-2022-0563	none	https://security-tracker.debian.org/tracker/CVE-2022-0563
CVE-2022-0563	none	https://security-tracker.debian.org/tracker/CVE-2022-0563
CVE-2015-3276	none	https://security-tracker.debian.org/tracker/CVE-2015-3276
CVE-2019-1010023	none	https://security-tracker.debian.org/tracker/CVE-2019-1010023
CVE-2005-2541	none	https://security-tracker.debian.org/tracker/CVE-2005-2541
CVE-2018-5709	none	https://security-tracker.debian.org/tracker/CVE-2018-5709
CVE-2018-5709	none	https://security-tracker.debian.org/tracker/CVE-2018-5709
CVE-2018-5709	none	https://security-tracker.debian.org/tracker/CVE-2018-5709
CVE-2024-26458	none	https://security-tracker.debian.org/tracker/CVE-2024-26458
CVE-2023-31438	none	https://security-tracker.debian.org/tracker/CVE-2023-31438
CVE-2017-16232	none	https://security-tracker.debian.org/tracker/CVE-2017-16232
CVE-2019-9192	none	https://security-tracker.debian.org/tracker/CVE-2019-9192
CVE-2019-1010024	none	https://security-tracker.debian.org/tracker/CVE-2019-1010024
CVE-2024-26458	none	https://security-tracker.debian.org/tracker/CVE-2024-26458
CVE-2019-1010022	none	https://security-tracker.debian.org/tracker/CVE-2019-1010022
CVE-2023-31437	none	https://security-tracker.debian.org/tracker/CVE-2023-31437
CVE-2025-10966	none	https://security-tracker.debian.org/tracker/CVE-2025-10966
CVE-2025-8534	none	https://security-tracker.debian.org/tracker/CVE-2025-8534
CVE-2019-9192	none	https://security-tracker.debian.org/tracker/CVE-2019-9192
CVE-2018-10126	none	https://security-tracker.debian.org/tracker/CVE-2018-10126
CVE-2021-4214	none	https://security-tracker.debian.org/tracker/CVE-2021-4214
CVE-2020-15719	none	https://security-tracker.debian.org/tracker/CVE-2020-15719
CVE-2017-14159	none	https://security-tracker.debian.org/tracker/CVE-2017-14159
CVE-2024-26461	none	https://security-tracker.debian.org/tracker/CVE-2024-26461
CVE-2022-0563	none	https://security-tracker.debian.org/tracker/CVE-2022-0563
CVE-2017-17740	none	https://security-tracker.debian.org/tracker/CVE-2017-17740
CVE-2007-5686	none	https://security-tracker.debian.org/tracker/CVE-2007-5686
CVE-2011-4116	none	https://security-tracker.debian.org/tracker/CVE-2011-4116
CVE-2019-1010022	none	https://security-tracker.debian.org/tracker/CVE-2019-1010022
CVE-2015-9019	none	https://security-tracker.debian.org/tracker/CVE-2015-9019
CVE-2017-18018	none	https://security-tracker.debian.org/tracker/CVE-2017-18018
CVE-2025-8176	none	https://security-tracker.debian.org/tracker/CVE-2025-8176
CVE-2025-8177	none	https://security-tracker.debian.org/tracker/CVE-2025-8177
CVE-2010-4756	none	https://security-tracker.debian.org/tracker/CVE-2010-4756
CVE-2024-26458	none	https://security-tracker.debian.org/tracker/CVE-2024-26458
CVE-2011-3374	none	https://security-tracker.debian.org/tracker/CVE-2011-3374
CVE-2022-0563	none	https://security-tracker.debian.org/tracker/CVE-2022-0563
CVE-2022-0563	none	https://security-tracker.debian.org/tracker/CVE-2022-0563
CVE-2025-9820	unknown	https://security-tracker.debian.org/tracker/CVE-2025-9820

quay.io/rfcurated/nginx `1.29.4-slim-jammy-rfcurated-rfhardened` -> `1.29.4-slim-jammy-rfcurated-rfhardened`

New vulnerabilities: 0
Fixed vulnerabilities: 0
Existing vulnerabilities: 1

New vulnerabilities

ID	SEVERITY	URL

Fixed vulnerabilities

ID	SEVERITY	URL

Existing vulnerabilities

ID	SEVERITY	URL
CVE-2022-4899	low	https://ubuntu.com/security/CVE-2022-4899

registry1.dso.mil/ironbank/opensource/nginx/nginx `1.29.4` -> `1.29.4`

New vulnerabilities: 0
Fixed vulnerabilities: 0
Existing vulnerabilities: 114

New vulnerabilities

ID	SEVERITY	URL

Fixed vulnerabilities

ID	SEVERITY	URL

Existing vulnerabilities

ID	SEVERITY	URL
CVE-2024-1488	high	https://access.redhat.com/security/cve/CVE-2024-1488
CVE-2024-56171	high	https://access.redhat.com/security/cve/CVE-2024-56171
CVE-2024-12254	high	https://access.redhat.com/security/cve/CVE-2024-12254
CVE-2024-12254	high	https://access.redhat.com/security/cve/CVE-2024-12254
CVE-2024-12254	high	https://access.redhat.com/security/cve/CVE-2024-12254
CVE-2025-12084	medium	https://access.redhat.com/security/cve/CVE-2025-12084
CVE-2025-14104	medium	https://access.redhat.com/security/cve/CVE-2025-14104
CVE-2025-9086	medium	https://access.redhat.com/security/cve/CVE-2025-9086
CVE-2025-14104	medium	https://access.redhat.com/security/cve/CVE-2025-14104
CVE-2024-28834	medium	https://access.redhat.com/security/cve/CVE-2024-28834
CVE-2024-28835	medium	https://access.redhat.com/security/cve/CVE-2024-28835
CVE-2025-5278	medium	https://access.redhat.com/security/cve/CVE-2025-5278
CVE-2025-14104	medium	https://access.redhat.com/security/cve/CVE-2025-14104
CVE-2025-13601	medium	https://access.redhat.com/security/cve/CVE-2025-13601
CVE-2025-13837	medium	https://access.redhat.com/security/cve/CVE-2025-13837
CVE-2025-13837	medium	https://access.redhat.com/security/cve/CVE-2025-13837
CVE-2024-28834	medium	https://access.redhat.com/security/cve/CVE-2024-28834
CVE-2025-67897	medium	https://access.redhat.com/security/cve/CVE-2025-67897
CVE-2025-14087	medium	https://access.redhat.com/security/cve/CVE-2025-14087
CVE-2025-9714	medium	https://access.redhat.com/security/cve/CVE-2025-9714
CVE-2025-13836	medium	https://access.redhat.com/security/cve/CVE-2025-13836
CVE-2025-4598	medium	https://access.redhat.com/security/cve/CVE-2025-4598
CVE-2025-14104	medium	https://access.redhat.com/security/cve/CVE-2025-14104
CVE-2024-28835	medium	https://access.redhat.com/security/cve/CVE-2024-28835
CVE-2024-6197	medium	https://access.redhat.com/security/cve/CVE-2024-6197
CVE-2025-14512	medium	https://access.redhat.com/security/cve/CVE-2025-14512
CVE-2025-14104	medium	https://access.redhat.com/security/cve/CVE-2025-14104
CVE-2025-4516	medium	https://access.redhat.com/security/cve/CVE-2025-4516
CVE-2025-50181	medium	https://access.redhat.com/security/cve/CVE-2025-50181
CVE-2025-13836	medium	https://access.redhat.com/security/cve/CVE-2025-13836
CVE-2025-8291	medium	https://access.redhat.com/security/cve/CVE-2025-8291
CVE-2024-12133	medium	https://access.redhat.com/security/cve/CVE-2024-12133
CVE-2025-29087	medium	https://access.redhat.com/security/cve/CVE-2025-29087
CVE-2025-14104	medium	https://access.redhat.com/security/cve/CVE-2025-14104
CVE-2025-11411	medium	https://access.redhat.com/security/cve/CVE-2025-11411
CVE-2025-10966	medium	https://access.redhat.com/security/cve/CVE-2025-10966
CVE-2025-4516	medium	https://access.redhat.com/security/cve/CVE-2025-4516
CVE-2024-12243	medium	https://access.redhat.com/security/cve/CVE-2024-12243
CVE-2024-12243	medium	https://access.redhat.com/security/cve/CVE-2024-12243
CVE-2024-28834	medium	https://access.redhat.com/security/cve/CVE-2024-28834
CVE-2025-50182	medium	https://access.redhat.com/security/cve/CVE-2025-50182
CVE-2025-6069	medium	https://access.redhat.com/security/cve/CVE-2025-6069
CVE-2025-12084	medium	https://access.redhat.com/security/cve/CVE-2025-12084
CVE-2025-6069	medium	https://access.redhat.com/security/cve/CVE-2025-6069
CVE-2024-6197	medium	https://access.redhat.com/security/cve/CVE-2024-6197
CVE-2025-7458	medium	https://access.redhat.com/security/cve/CVE-2025-7458
CVE-2025-60753	medium	https://access.redhat.com/security/cve/CVE-2025-60753
CVE-2025-13837	medium	https://access.redhat.com/security/cve/CVE-2025-13837
CVE-2024-12224	medium	https://access.redhat.com/security/cve/CVE-2024-12224
CVE-2025-13836	medium	https://access.redhat.com/security/cve/CVE-2025-13836
CVE-2025-10966	medium	https://access.redhat.com/security/cve/CVE-2025-10966
CVE-2025-6069	medium	https://access.redhat.com/security/cve/CVE-2025-6069
CVE-2025-9086	medium	https://access.redhat.com/security/cve/CVE-2025-9086
CVE-2025-8291	medium	https://access.redhat.com/security/cve/CVE-2025-8291
CVE-2024-28835	medium	https://access.redhat.com/security/cve/CVE-2024-28835
CVE-2024-12243	medium	https://access.redhat.com/security/cve/CVE-2024-12243
CVE-2025-8291	medium	https://access.redhat.com/security/cve/CVE-2025-8291
CVE-2025-4516	medium	https://access.redhat.com/security/cve/CVE-2025-4516
CVE-2025-12084	medium	https://access.redhat.com/security/cve/CVE-2025-12084
CVE-2025-4598	medium	https://access.redhat.com/security/cve/CVE-2025-4598
CVE-2025-4598	medium	https://access.redhat.com/security/cve/CVE-2025-4598
CVE-2024-45490	medium	https://access.redhat.com/security/cve/CVE-2024-45490
CVE-2024-7592	low	https://access.redhat.com/security/cve/CVE-2024-7592
CVE-2025-1795	low	https://access.redhat.com/security/cve/CVE-2025-1795
CVE-2025-3360	low	https://access.redhat.com/security/cve/CVE-2025-3360
CVE-2025-6052	low	https://access.redhat.com/security/cve/CVE-2025-6052
CVE-2025-1376	low	https://access.redhat.com/security/cve/CVE-2025-1376
CVE-2024-11053	low	https://access.redhat.com/security/cve/CVE-2024-11053
CVE-2025-1371	low	https://access.redhat.com/security/cve/CVE-2025-1371
CVE-2025-1371	low	https://access.redhat.com/security/cve/CVE-2025-1371
CVE-2025-9232	low	https://access.redhat.com/security/cve/CVE-2025-9232
CVE-2025-6075	low	https://access.redhat.com/security/cve/CVE-2025-6075
CVE-2025-66382	low	https://access.redhat.com/security/cve/CVE-2025-66382
CVE-2025-1376	low	https://access.redhat.com/security/cve/CVE-2025-1376
CVE-2024-5535	low	https://access.redhat.com/security/cve/CVE-2024-5535
CVE-2025-1376	low	https://access.redhat.com/security/cve/CVE-2025-1376
CVE-2025-1377	low	https://access.redhat.com/security/cve/CVE-2025-1377
CVE-2025-6075	low	https://access.redhat.com/security/cve/CVE-2025-6075
CVE-2024-7592	low	https://access.redhat.com/security/cve/CVE-2024-7592
CVE-2025-7039	low	https://access.redhat.com/security/cve/CVE-2025-7039
CVE-2025-5918	low	https://access.redhat.com/security/cve/CVE-2025-5918
CVE-2024-43168	low	https://access.redhat.com/security/cve/CVE-2024-43168
CVE-2025-1371	low	https://access.redhat.com/security/cve/CVE-2025-1371
CVE-2025-5915	low	https://access.redhat.com/security/cve/CVE-2025-5915
CVE-2023-53161	low	https://access.redhat.com/security/cve/CVE-2023-53161
CVE-2024-34459	low	https://access.redhat.com/security/cve/CVE-2024-34459
CVE-2025-6075	low	https://access.redhat.com/security/cve/CVE-2025-6075
CVE-2024-41996	low	https://access.redhat.com/security/cve/CVE-2024-41996
CVE-2025-1377	low	https://access.redhat.com/security/cve/CVE-2025-1377
CVE-2025-1377	low	https://access.redhat.com/security/cve/CVE-2025-1377
CVE-2025-27113	low	https://access.redhat.com/security/cve/CVE-2025-27113
CVE-2025-53859	low	https://access.redhat.com/security/cve/CVE-2025-53859
CVE-2024-11053	low	https://access.redhat.com/security/cve/CVE-2024-11053
CVE-2025-5916	low	https://access.redhat.com/security/cve/CVE-2025-5916
CVE-2025-6170	low	https://access.redhat.com/security/cve/CVE-2025-6170
CVE-2024-7592	low	https://access.redhat.com/security/cve/CVE-2024-7592
CVE-2025-1795	low	https://access.redhat.com/security/cve/CVE-2025-1795
CVE-2024-7264	low	https://access.redhat.com/security/cve/CVE-2024-7264
CVE-2024-33655	low	https://access.redhat.com/security/cve/CVE-2024-33655
CVE-2024-4603	low	https://access.redhat.com/security/cve/CVE-2024-4603
CVE-2024-43167	low	https://access.redhat.com/security/cve/CVE-2024-43167
CVE-2025-10148	low	https://access.redhat.com/security/cve/CVE-2025-10148
CVE-2025-10148	low	https://access.redhat.com/security/cve/CVE-2025-10148
CVE-2025-1371	low	https://access.redhat.com/security/cve/CVE-2025-1371
CVE-2024-7264	low	https://access.redhat.com/security/cve/CVE-2024-7264
CVE-2025-5917	low	https://access.redhat.com/security/cve/CVE-2025-5917
CVE-2024-13176	low	https://access.redhat.com/security/cve/CVE-2024-13176
CVE-2024-58261	low	https://access.redhat.com/security/cve/CVE-2024-58261
CVE-2024-4741	low	https://access.redhat.com/security/cve/CVE-2024-4741
CVE-2025-1376	low	https://access.redhat.com/security/cve/CVE-2025-1376
CVE-2025-1632	low	https://access.redhat.com/security/cve/CVE-2025-1632
CVE-2025-1795	low	https://access.redhat.com/security/cve/CVE-2025-1795
CVE-2025-1377	low	https://access.redhat.com/security/cve/CVE-2025-1377
CVE-2023-53160	low	https://access.redhat.com/security/cve/CVE-2023-53160

zachariahmiller · 2025-12-19T19:00:06Z

@JeffResc Why is this needed?

JeffResc · 2025-12-19T19:03:43Z

Sorry I meant to start a Slack thread for this, but haven't gotten around to it yet. Specifically, when virtualizing an amd64 cluster with Colima, zarf package pull attempts to pull the arm64 version of the package (matching the host) even though Colima virtualization supports running amd64 images. This override allows you to specify the architecture for this use case

fix: add architecture input to zarf pull in upgrade

a30879f

JeffResc requested review from a team as code owners December 19, 2025 05:00

Merge branch 'main' into fix/add-arch-zarf-pkg-pull-upgrade

1b42744

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: add architecture input to zarf pull in upgrade#596

fix: add architecture input to zarf pull in upgrade#596
JeffResc wants to merge 2 commits intomainfrom
fix/add-arch-zarf-pkg-pull-upgrade

JeffResc commented Dec 19, 2025

Uh oh!

github-actions bot commented Dec 19, 2025 •

edited

Loading

Uh oh!

zachariahmiller commented Dec 19, 2025

Uh oh!

JeffResc commented Dec 19, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

JeffResc commented Dec 19, 2025

Description

Checklist before merging

Uh oh!

github-actions bot commented Dec 19, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

nginx 1.29.4 -> 1.29.4

quay.io/rfcurated/nginx 1.29.4-slim-jammy-rfcurated-rfhardened -> 1.29.4-slim-jammy-rfcurated-rfhardened

registry1.dso.mil/ironbank/opensource/nginx/nginx 1.29.4 -> 1.29.4

Uh oh!

zachariahmiller commented Dec 19, 2025

Uh oh!

JeffResc commented Dec 19, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

github-actions bot commented Dec 19, 2025 •

edited

Loading

nginx `1.29.4` -> `1.29.4`

quay.io/rfcurated/nginx `1.29.4-slim-jammy-rfcurated-rfhardened` -> `1.29.4-slim-jammy-rfcurated-rfhardened`

registry1.dso.mil/ironbank/opensource/nginx/nginx `1.29.4` -> `1.29.4`