argo-cd-2.11: CVE-2024-3177 (#4946)

Signed-off-by: hectorj2f <hector@chainguard.dev>
wolfi-dev · May 16, 2024 · 1748698 · 1748698
1 parent a6ef4b3
commit 1748698
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/argo-cd-2.10.advisories.yaml b/argo-cd-2.10.advisories.yaml
@@ -96,6 +96,10 @@ advisories:
         type: pending-upstream-fix
         data:
           note: Any upgrade on the Kubernetes dependencies causes conflicts due to a strict dependency on github.com/argoproj/gitops-engine which supports Kubernetes v1.23 while the non-vulnerable code is on Kubernetes v1.27.13.
+      - timestamp: 2024-05-16T15:27:54Z
+        type: pending-upstream-fix
+        data:
+          note: Any upgrade on the Kubernetes dependencies causes conflicts due to a strict dependency on github.com/argoproj/gitops-engine which supports Kubernetes v1.23 while the non-vulnerable code is on Kubernetes v1.27.13.
 
   - id: CVE-2024-31990
     aliases:

diff --git a/argo-cd-2.11.advisories.yaml b/argo-cd-2.11.advisories.yaml
@@ -20,3 +20,7 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/argocd
             scanner: grype
+      - timestamp: 2024-05-16T14:35:56Z
+        type: pending-upstream-fix
+        data:
+          note: Any upgrade on the Kubernetes dependencies causes conflicts due to a strict dependency on github.com/argoproj/gitops-engine which supports Kubernetes v1.23 while the non-vulnerable code is on Kubernetes v1.27.13.