New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Account takeover of vendored dependency #626
Comments
(Note: this is not a direct vulnerability, since the vendored version is still valid - we just don't want to pull a new version) |
Opened acobaugh/osrelease#2 to give more context about this. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/remove-lifecycle rotten Waiting for #628 to merge. |
The github account @cobaugh no longer exists, and was taken over by a security researcher. Please replace this dependency before a vendor update can accidentally pull in a compromised version.
The text was updated successfully, but these errors were encountered: