We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Noticed the latest helm-operator image has 2 high security vulnerabilities https://quay.io/repository/operator-framework/helm-operator?tag=latest&tab=tags.
The latest ubi8 image is 8.3-298.1618432845 https://catalog.redhat.com/software/containers/ubi8/ubi-minimal/5c359a62bed8bd75a2c3fba8?gti-tabs=unauthenticated, but I do not think Dependabot is picking this up as the Dockerfile is still using 8.3-298 https://github.com/operator-framework/operator-sdk/blob/master/images/helm-operator/Dockerfile#L20
8.3-298.1618432845
8.3-298
Dockerfile to be using ubi8 image with tag 8.3-298.1618432845 since that fixes the vulnerabilities in 8.3-298
Dockerfile using 8.3-298 ubi8
Operator type:
/language helm
Kubernetes cluster type:
$ operator-sdk version
$ go version (if language is Go)
$ go version
$ kubectl version
Probably a Dependabot issue, but this could be fixed by manually opening PR to update base image for now
The text was updated successfully, but these errors were encountered:
Closed by #4873
Sorry, something went wrong.
No branches or pull requests
Bug Report
What did you do?
Noticed the latest helm-operator image has 2 high security vulnerabilities https://quay.io/repository/operator-framework/helm-operator?tag=latest&tab=tags.
The latest ubi8 image is
8.3-298.1618432845
https://catalog.redhat.com/software/containers/ubi8/ubi-minimal/5c359a62bed8bd75a2c3fba8?gti-tabs=unauthenticated, but I do not think Dependabot is picking this up as the Dockerfile is still using8.3-298
https://github.com/operator-framework/operator-sdk/blob/master/images/helm-operator/Dockerfile#L20What did you expect to see?
Dockerfile to be using ubi8 image with tag
8.3-298.1618432845
since that fixes the vulnerabilities in8.3-298
What did you see instead? Under which circumstances?
Dockerfile using
8.3-298
ubi8Environment
Operator type:
/language helm
Kubernetes cluster type:
$ operator-sdk version
$ go version
(if language is Go)$ kubectl version
Possible Solution
Probably a Dependabot issue, but this could be fixed by manually opening PR to update base image for now
Additional context
The text was updated successfully, but these errors were encountered: