kuma icon indicating copy to clipboard operation
kuma copied to clipboard

Published 20 hours ago verified publisher icon kumahq

chore(deps): security update

Open kumahq[bot] opened this issue 1 year ago • 1 comments

Scan output:

Before update:

OSV URL CVSS ECOSYSTEM PACKAGE VERSION SOURCE
https://osv.dev/GHSA-v53g-5gjp-272r 6.4 Go helm.sh/helm/v3 3.11.2 go.mod
https://osv.dev/GHSA-r53h-jv2g-vpx6 7.5 Go helm.sh/helm/v3 3.11.2 go.mod
------------------------------------- ------ ----------- --------------------------- ---------- --------
Uncalled vulnerabilities
------------------------------------- ------ ----------- --------------------------- ---------- --------
https://osv.dev/GO-2022-0646 Go github.com/aws/aws-sdk-go 1.44.187 go.mod

After update:

OSV URL CVSS ECOSYSTEM PACKAGE VERSION SOURCE
https://osv.dev/GO-2022-0646 Go github.com/aws/aws-sdk-go 1.44.187 go.mod

If a package is showing up in the scan but the script is not trying to update it then it might be because there is no fixed version yet.

kumahq[bot] avatar Feb 23 '24 03:02 kumahq[bot]

Cherry-picking Mike's commit does not seem to work (tests fail).

slonka avatar Feb 23 '24 13:02 slonka

closing in favor of https://github.com/kumahq/kuma/pull/9523

lobkovilya avatar Mar 07 '24 17:03 lobkovilya