-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-1996: Bump k8s.io/x and github.com/emicklei/go-restful/v3 #112
Conversation
it fails compilation but the CI didnt check it @maiqueb FYI (CI should catch it regardless of this PR) /hold |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: maiqueb, oshoval The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
9eb0e18
to
f7c940b
Compare
not good yet there is open issue about it for some people |
9bf0b90
to
f2d52ea
Compare
Signed-off-by: Or Shoval <oshoval@redhat.com>
f2d52ea
to
5aec7dd
Compare
Signed-off-by: Or Shoval <oshoval@redhat.com>
5aec7dd
to
6fbc47f
Compare
/hold cancel ptal |
/lgtm |
btw after checking the previous go-restful version was already fine in respect to mentioned CVE |
What this PR does / why we need it:
Had to update
k8s.io
family so new go-restful can be used.CVE-2022-1996, CWE-285
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEMICKLEIGORESTFULV3-2435654
Special notes for your reviewer:
Fixed makefile missing phony, removed touches
Release note: