Bump docker/scout-action from 1.20.2 to 1.20.3

[dependabot]

Bumps docker/scout-action from 1.20.2 to 1.20.3.

Release notes

Sourced from docker/scout-action's releases.

v1.20.3

What's Changed

• Improve retries of temporary and network errors @​chrispatrick
• Fix handling of dockerfiles included in provenance attestations @​chrispatrick
• Fix handling of cosign sig tags @​chrispatrick
• Use Docker Desktop HTTP proxy transport when available @​benja-M-1
• Escape mentions from CVE descriptions to prevent spam notifications @​benja-M-1

Commits

• 8910519 Merge pull request #100 from docker/release/v1.20.3
• 0690e90 [BOT] Update assets for v1.20.3 release
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🔍 Vulnerabilities of renzof93/github-actions-secrets-mgmt:latest

📦 Image Reference renzof93/github-actions-secrets-mgmt:latest

digest	sha256:1ba9065da854f8071a8ea47161785b2cd4466cdb7f2fc9d9a1c18812a975fa6c
vulnerabilities
platform	linux/amd64
size	104 MB
packages	63

📦 Base Image python:3-alpine3.20

also known as	3.13-alpine3.20 3.13.3-alpine3.20 alpine3.20
digest	sha256:68834522e73344a5337150a62e87a75be9046c0e39b9bab925be078d953e54e1
vulnerabilities

pynacl 1.5.0 (pypi) pkg:pypi/pynacl@1.5.0 Incomplete List of Disallowed Inputs Affected range <1.6.2 Fixed version 1.6.2 CVSS Score 4.5 CVSS Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N EPSS Score 0.007% EPSS Percentile 1st percentile Description libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory lists packages in the GitHub Advisory Database's supported ecosystems that are affected by this vulnerability due to a vulnerable dependency.

requests 2.32.3 (pypi) pkg:pypi/requests@2.32.3 Insufficiently Protected Credentials Affected range <2.32.4 Fixed version 2.32.4 CVSS Score 5.3 CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N EPSS Score 0.065% EPSS Percentile 20th percentile Description Impact Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Workarounds For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on your Requests Session (docs). References psf/requests#6965 https://seclists.org/fulldisclosure/2025/Jun/2

[github-actions]

Recommended fixes for image renzof93/github-actions-secrets-mgmt:latest

Base image is python:3-alpine3.20

Name	3.13.3-alpine3.20
Digest	sha256:68834522e73344a5337150a62e87a75be9046c0e39b9bab925be078d953e54e1
Vulnerabilities
Pushed	10 months ago
Size	16 MB
Packages	41
Flavor	alpine
OS	3.20
Runtime	3.13.3

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
3-alpine Tag is preferred tag Also known as: alpine alpine3.23 3.14.3-alpine 3.14.3-alpine3.23 3.14-alpine 3.14-alpine3.23 3-alpine3.23	Benefits: Same OS detected Minor runtime version update Minor OS version update Tag is preferred tag Tag was pushed more recently Image has similar size Image introduces no new vulnerability but removes 18 Image contains equal number of packages 3-alpine was pulled 51K times last month Image details: Size: 18 MB Flavor: alpine OS: 3.23 Runtime: 3.14.3	1 month ago
3.13-alpine Minor runtime version update Also known as: 3.13.12-alpine 3.13.12-alpine3.23 3.13-alpine3.23	Benefits: Same OS detected Minor runtime version update Minor OS version update Image contains 2 fewer packages Tag was pushed more recently Image has similar size Image introduces no new vulnerability but removes 18 Image details: Size: 17 MB Flavor: alpine OS: 3.23 Runtime: 3.13.12	1 month ago
3.13-alpine3.22 Minor runtime version update Also known as: 3.13.12-alpine3.22	Benefits: Same OS detected Minor runtime version update Minor OS version update Image contains 2 fewer packages Tag was pushed more recently Image has similar size Image introduces no new vulnerability but removes 19 Image details: Size: 17 MB Flavor: alpine OS: 3.22 Runtime: 3.13.12	1 month ago
3-alpine3.22 Minor runtime version update Also known as: alpine3.22 3.14.3-alpine3.22 3.14-alpine3.22	Benefits: Same OS detected Minor runtime version update Minor OS version update Tag was pushed more recently Image has similar size Image introduces no new vulnerability but removes 19 Image contains equal number of packages Image details: Size: 18 MB Flavor: alpine OS: 3.22 Runtime: 3.14.3	1 month ago