[Security] Fix CVE-2024-58251 & Go Stdlib CVEs (2025-58183, etc.) — Requesting Busybox r20 Update in v0.56.3

[LiChihCheng]

Environment:

• Image: ghcr.io/google/cadvisor:v0.56.2

• Base OS: Alpine 3.22.2

• Scanner: Trivy

Vulnerability Summary: Our security scans have identified several MEDIUM severity vulnerabilities in the v0.56.2 release. We are requesting a patch release (v0.56.3) to address these findings:

1. NVIDIA Driver Vulnerability (CVE-2024-58251):

• The image contains vulnerable user-space NVIDIA libraries.

• Required Action: Update the bundled NVIDIA components to a version that mitigates this CVE.

2. Outdated Busybox Package:

• Current: 1.37.0-r19

• Fixed: 1.37.0-r20 (or higher)

• Required Action: Trigger a rebuild to pull in the latest Alpine security patches for Busybox.

Why this is necessary: Many users deploy cAdvisor in environments with strict security compliance policies. The presence of these "High" severity vulnerabilities triggers alerts in CI/CD pipelines and production scanners, requiring manual exceptions or preventing deployment.

Providing a clean v0.56.3 image with an updated base and toolchain would greatly benefit the community and maintain cAdvisor's security posture.

Thank you for your help and for maintaining this essential tool!