ekuiper icon indicating copy to clipboard operation
ekuiper copied to clipboard

Published 20 hours ago verified publisher icon lf-edge

Some dependencies of eKuiper are outdated and vunlnerable

Open hotjuicew opened this issue 1 year ago • 2 comments

Environment:

  • eKuiper version (e.g. 1.3.0): 1.10.1
  • Hardware configuration (e.g. lscpu):
  • OS (e.g. cat /etc/os-release):linux/amd64
  • Others:

What happened and what you expected to happen:

eKuiper has some CVE vulnerabilities scanned by security scanners in its dependencies. It is recommended to update the Go modules to enhance security.

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

屏幕截图 2023-06-26 214112 屏幕截图 2023-06-26 214220

hotjuicew avatar Jun 26 '23 13:06 hotjuicew

Do you have a link? We usually update the dependencies before a new minor release. Some of the dependencies already archive, do you have any suggestions for how to deal with them.

ngjaying avatar Jun 27 '23 02:06 ngjaying

This is a built-in images security scanner of Docker client . For the archived dependencies, it is recommended to find alternative dependencies that are similar.

hotjuicew avatar Jun 27 '23 03:06 hotjuicew