Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update k8s dependencies and fix critica/high level vulnerabilities #540

Merged
merged 2 commits into from
Dec 28, 2022
Merged

Update k8s dependencies and fix critica/high level vulnerabilities #540

merged 2 commits into from
Dec 28, 2022

Conversation

x-martinez
Copy link
Contributor

@x-martinez x-martinez commented Dec 15, 2022
edited

  • Update golangci/golangci-lint from v1.43.0-alpine to v1.50-alpine
  • Replace the deprecated ioutil package with the corresponding io / os packages.
  • Update k8s.io/api from v0.24.4 to v0.26.0 in order to fix following vulnerabilities:
Library Vulnerability Severity Installed Version Fixed Version Title
github.com/emicklei/go-restful CVE-2022-1996 CRITICAL 2.9.5+incompatible 2.16.0 go-restful: Authorization Bypass Through User-Controlled Key https://avd.aquasec.com/nvd/cve-2022-1996
golang.org/x/net CVE-2022-27664 HIGH 0.0.0-20220225172249-27dd8689420f 0.0.0-20220906165146-f3363e06e74c golang: net/http: handle server errors after sending GOAWAY https://avd.aquasec.com/nvd/cve-2022-27664
golang.org/x/text CVE-2022-32149 HIGH 0.3.7 0.3.8 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags https://avd.aquasec.com/nvd/cve-2022-32149

Good opportunity to update also the rest of k8s dependencies.

@x-martinez x-martinez requested a review from a team as a code owner December 15, 2022 18:10
@x-martinez x-martinez closed this Dec 15, 2022
@x-martinez x-martinez reopened this Dec 15, 2022
@vseoane96
Copy link

@ese can you please review this?

@ese
Copy link
Member

ese commented Dec 28, 2022

Thanks!

@ese ese merged commit 8547838 into spotahome:master Dec 28, 2022
@vseoane96
Copy link

Thanks!

Could you create a new tag for this version? @ese

@ese
Copy link
Member

ese commented Dec 28, 2022
edited

Thanks!

Could you create a new tag for this version? @ese

sure, let me do a little bit test and will release a new tag today

raghu-nandan-bs
raghu-nandan-bs reviewed Feb 14, 2023
View reviewed changes
Copy link
Contributor

@raghu-nandan-bs raghu-nandan-bs left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ese should we generate again crds for this change?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raghu-nandan-bs raghu-nandan-bs raghu-nandan-bs left review comments

@ese ese ese approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@x-martinez @vseoane96 @ese @raghu-nandan-bs