Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(cve): update go version to v1.22.7 #3

Merged
merged 1 commit into from
Dec 20, 2024
Merged

chore(cve): update go version to v1.22.7 #3

merged 1 commit into from
Dec 20, 2024

Conversation

c3y1huang
Copy link

@c3y1huang c3y1huang commented Dec 20, 2024
edited
Loading

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind api-change
/kind bug
/kind cleanup
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake

What this PR does / why we need it:

After

c3y1huang/csi-provisioner:amd64-linux-2-lh-csi-provisioner (debian 12.8)
========================================================================
Total: 0 (HIGH: 0, CRITICAL: 0)


csi-provisioner (gobinary)
==========================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐
│     Library      │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                       Title                       │
├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2024-45338 │ HIGH     │ fixed  │ v0.28.0           │ 0.33.0        │ Non-linear parsing of case-insensitive content in │
│                  │                │          │        │                   │               │ golang.org/x/net/html                             │
│                  │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-45338        │
└──────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘

Before

longhornio/csi-provisioner:v5.1.0 (debian 12.6)
===============================================
Total: 0 (HIGH: 0, CRITICAL: 0)


csi-provisioner (gobinary)
==========================
Total: 2 (HIGH: 2, CRITICAL: 0)

┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│     Library      │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2024-45338 │ HIGH     │ fixed  │ v0.28.0           │ 0.33.0         │ Non-linear parsing of case-insensitive content in         │
│                  │                │          │        │                   │                │ golang.org/x/net/html                                     │
│                  │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-45338                │
├──────────────────┼────────────────┤          │        ├───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib           │ CVE-2024-34156 │          │        │ v1.22.5           │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│                  │                │          │        │                   │                │ which contains deeply nested structures...                │
│                  │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└──────────────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

Which issue(s) this PR fixes:

Fixes longhorn/longhorn#9895

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

@c3y1huang
chore(cve): update go version to v1.22.7
1ebe5b3 
longhorn/longhorn-9895

Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
@c3y1huang c3y1huang self-assigned this Dec 20, 2024
@c3y1huang c3y1huang marked this pull request as ready for review December 20, 2024 05:45
@c3y1huang c3y1huang requested a review from derekbit December 20, 2024 05:45
@derekbit derekbit merged commit b2cbfbc into longhorn:longhorn-release-5.1.0 Dec 20, 2024
1 check passed
@c3y1huang c3y1huang deleted the 9895-fix-cve branch December 20, 2024 05:46
@c3y1huang c3y1huang mentioned this pull request Dec 20, 2024
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derekbit derekbit derekbit approved these changes

Assignees

@c3y1huang c3y1huang

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@c3y1huang @derekbit