Skip to content

Fix[Vulnerabilities]: Fix the promql-cli vulnerabilities and update the go pkg & version to 1.17#1

Merged
uditgaurav merged 1 commit intochaosnative:masterfrom
uditgaurav:update_go
Feb 24, 2022
Merged

Fix[Vulnerabilities]: Fix the promql-cli vulnerabilities and update the go pkg & version to 1.17#1
uditgaurav merged 1 commit intochaosnative:masterfrom
uditgaurav:update_go

Conversation

@uditgaurav
Copy link
Copy Markdown

@uditgaurav uditgaurav commented Feb 24, 2022

Signed-off-by: uditgaurav udit@chaosnative.com

Details:

  • This PR:
  1. Fixes the promql-cli vulnerabilities:

Earlier:

litmuschaos/experiment-alpine (alpine 3.15.0)
=============================================
Total: 0 (HIGH: 0, CRITICAL: 0)


usr/local/bin/dns_interceptor (gobinary)
========================================
Total: 0 (HIGH: 0, CRITICAL: 0)


usr/local/bin/nsutil (gobinary)
===============================
Total: 0 (HIGH: 0, CRITICAL: 0)


usr/local/bin/promql (gobinary)
===============================
Total: 1 (HIGH: 1, CRITICAL: 0)

+-------------------+------------------+----------+-------------------+---------------+---------------------------------------+
|      LIBRARY      | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
+-------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| golang.org/x/text | CVE-2020-14040   | HIGH     | v0.3.0            | 0.3.3         | golang.org/x/text: possibility        |
|                   |                  |          |                   |               | to trigger an infinite loop in        |
|                   |                  |          |                   |               | encoding/unicode could lead to...     |
|                   |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-14040 |
+-------------------+------------------+----------+-------------------+---------------+---------------------------------------+

usr/local/bin/pumba (gobinary)
==============================
Total: 0 (HIGH: 0, CRITICAL: 0)

Now:


uditgaurav/experiment-alpine:2.2.0 (alpine 3.14.2)
==================================================
Total: 0 (HIGH: 0, CRITICAL: 0)


usr/local/bin/promql (gobinary)
===============================
Total: 0 (HIGH: 0, CRITICAL: 0)


usr/local/bin/pumba (gobinary)
==============================
Total: 0 (HIGH: 0, CRITICAL: 0)
  • Update Go version from 1.16 to 1.17
  • Go pkg update

@uditgaurav uditgaurav changed the title Fix[Vulnerabilities]: Fix the promql-cli vulnerabilities and update the go version to 1.17 Fix[Vulnerabilities]: Fix the promql-cli vulnerabilities and update the go pkg & version to 1.17 Feb 24, 2022
@uditgaurav
Fix the promql-cli vulnerabilities
b75e622 
Signed-off-by: uditgaurav <udit@chaosnative.com>
@uditgaurav uditgaurav merged commit 2c49f50 into chaosnative:master Feb 24, 2022
@rumstead rumstead mentioned this pull request Jun 8, 2023
Closed
bot2-harness pushed a commit that referenced this pull request Jan 20, 2026
@Jonsy13
fix: Added changes for vuln fixes (#1)
7448c69 
* 3d5e78 Added changes for vuln fixes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@ksatchit ksatchit ksatchit approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@uditgaurav @ksatchit