ci: update cve scan results

[fluentdo-ci]

Update CVE scan results:

• Created by https://github.com/FluentDo/documentation/actions/runs/18519350542
• Auto-generated by create-pull-request: https://github.com/peter-evans/create-pull-request

Greptile Overview

Updated On: 2025-10-15 06:05:18 UTC

Summary

Automated CVE scan results update refreshing EPSS (Exploit Prediction Scoring System) scores and dates across all agent and OSS container versions.

Key Changes:

• Updated EPSS percentiles and dates from 2025-10-09 to 2025-10-13 across all JSON files
• Minor reordering of CVE entries in markdown files for consistent sorting (no new vulnerabilities added or removed)
• Affects 46 files total: 22 agent versions (25.7.x through 25.10.x) and 24 OSS versions (4.0.x through 4.1.x)
• All changes are data refreshes from automated Grype vulnerability scanning

Confidence Score: 5/5

• This PR is safe to merge with no risk
• Auto-generated CVE scan update with only data refreshes (EPSS scores and dates) and minor sorting changes. No code changes, no new vulnerabilities introduced, and follows established automated workflow pattern
• No files require special attention - all changes are automated data updates

Important Files Changed

File Analysis

Filename	Score	Overview
docs/security/agent/grype-25.10.2.json	5/5	Updated EPSS scores and dates for CVE entries from 2025-10-09 to 2025-10-13
docs/security/agent/grype-25.10.2.md	5/5	Reordered CVE entries for libxml2 vulnerabilities, no content changes
docs/security/agent/grype-25.7.1.json	5/5	Updated EPSS scores and dates for CVE entries from 2025-10-09 to 2025-10-13
docs/security/oss/grype-4.1.0.json	5/5	Updated EPSS scores and dates for CVE entries from 2025-10-09 to 2025-10-13
docs/security/oss/grype-4.1.0.md	5/5	Reordered CVE entries for libssl3 vulnerabilities, no content changes

Sequence Diagram

sequenceDiagram
    participant GHA as GitHub Actions
    participant Grype as Grype Scanner
    participant Repo as Documentation Repo
    participant Bot as fluentdo-ci Bot
    
    GHA->>Grype: Trigger CVE scan workflow
    Note over GHA,Grype: Scan multiple versions<br/>(agent 25.x & oss 4.x)
    
    loop For each version
        Grype->>Grype: Scan container image
        Grype->>Grype: Generate JSON results
        Grype->>Grype: Generate MD report
        Grype->>Grype: Update EPSS scores
    end
    
    Grype->>Bot: Return scan results
    Bot->>Repo: Update 46 CVE files
    Note over Bot,Repo: JSON + MD for each version
    Bot->>Repo: Create PR #54
    Note over Repo: Automated CVE scan update<br/>EPSS scores refreshed<br/>2025-10-09 → 2025-10-13

Loading

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
documentation	Ready	Preview	Comment	Oct 15, 2025 6:03am

[greptile-apps]

_{46 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}