operator-registry icon indicating copy to clipboard operation
operator-registry copied to clipboard
verified publisher icon operator-framework

Getting below vulnerabilities for using opm as base branch

Open becalledbyJoyce opened this issue 3 years ago • 1 comments

Hi Team , I'm using opm:v1.24.0 as base image for my dockerfile. From opm as builder , I'm copying grpc_health_probe and opm binary, But I'm getting the below vulnerabilities for gprc_health_probe as go version is still in 1.17.9 , Is there any way to update go package to 1.18.5 to resolve all vulnerabilities?

CVE-2022-32189 CVE-2022-1705 CVE-2022-32148 CVE-2022-30635 CVE-2022-30632 CVE-2022-30630 CVE-2022-30633 CVE-2022-28131 CVE-2022-1962 CVE-2022-30629 CVE-2022-30580 CVE-2022-30631

becalledbyJoyce avatar Aug 22 '22 08:08 becalledbyJoyce

Hi @becalledbyJoyce. Our dockerfiles and go mod refer to go 1.18 (since release v1.23.1) and grpc_health_probe v4.11, which also uses go 1.18. Can you give more detail on where you see a go 1.17.9 grpc_health_probe listing?

grokspawn avatar Aug 31 '22 19:08 grokspawn

Closing this one out as stale, since it looks like we moved the repo to later dependencies which did not include these vulnerabilities.

grokspawn avatar Apr 13 '23 19:04 grokspawn