-
Notifications
You must be signed in to change notification settings - Fork 828
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bump golang.org/x/net to fix CVE-2022-41717 #3048
Conversation
Signed-off-by: fsl <1171313930@qq.com>
Codecov Report
@@ Coverage Diff @@
## master #3048 +/- ##
==========================================
+ Coverage 38.96% 38.98% +0.01%
==========================================
Files 207 207
Lines 19365 19365
==========================================
+ Hits 7546 7549 +3
+ Misses 11362 11360 -2
+ Partials 457 456 -1
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
golang.org/x/net is too old and vulnerable to GO-2022-1144 Refer to #2718 |
fixed |
Is there any evidence showing that Karmada is affected by the CVE? |
There are vulnerabilities in images built based on source code |
Could you please show the evidence in more detail? If we are fixing a security issue, we probably need to release a warning as per vulnerability-handling-process |
|
Interesting! Which tools you are using? |
|
Thanks, it's very helpful and reminds us to setup the image scanning process. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: RainbowMango The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
By the way, I added an agenda to this week's meeting to talk about how to integrate image scans into CI. |
Signed-off-by: fsl 1171313930@qq.com
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: