0 0 0 TypeScript

Fix critical CVEs in image-builder-bob: bump buildkit base to v0.20.1-gitpod.7 (#21414)

Upgrades the pinned buildkit base image to pull in:
- CVE-2026-31789 (Critical) — OpenSSL libssl3/libcrypto3 in Alpine
- CVE-2025-68121 (Critical) — Go crypto/tls session resumption

Both criticals were tripping the daily scheduled vulnerability gate in
`Build / Build Gitpod / Check for Critical Vulnerabilities` against
`components/image-builder-bob:docker`. The new tag rebases on Alpine
3.23 and Go 1.26.2 in upstream BuildKit.

Refs CLC-2245.

Co-authored-by: Ona <no-reply@ona.com>

Gero Posmyk-Leinemann committed 1mo ago

3bae73af13a2fef2e88f57b7d7833d4ef543dcdb

Parent: 7b27053

Committed by GitHub <noreply@github.com> on 4/26/2026, 7:57:08 AM