Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): security update #11196

Merged
merged 1 commit into from
Aug 23, 2024
Merged

chore(deps): security update #11196

merged 1 commit into from
Aug 23, 2024

Conversation

kumahq[bot]
Copy link
Contributor

@kumahq kumahq bot commented Aug 23, 2024

Scan output:

Before update:

OSV URL CVSS ECOSYSTEM PACKAGE VERSION SOURCE
https://osv.dev/GHSA-v23v-6jw2-98fq 9.9 Go github.com/docker/docker 27.0.3 incompatible
https://osv.dev/GO-2024-3005
https://osv.dev/GHSA-jw44-4f3j-q396 Go helm.sh/helm/v3 3.14.2 go.mod
------------------------------------- ------ ----------- --------------------------- --------------------- --------
Uncalled vulnerabilities
------------------------------------- ------ ----------- --------------------------- --------------------- --------
https://osv.dev/GO-2022-0646 Go github.com/aws/aws-sdk-go 1.44.187 go.mod

After update:

OSV URL CVSS ECOSYSTEM PACKAGE VERSION SOURCE
https://osv.dev/GHSA-jw44-4f3j-q396 Go helm.sh/helm/v3 3.14.2 go.mod
------------------------------------- ------ ----------- --------------------------- ---------- --------
Uncalled vulnerabilities
------------------------------------- ------ ----------- --------------------------- ---------- --------
https://osv.dev/GO-2022-0646 Go github.com/aws/aws-sdk-go 1.44.187 go.mod

If a package is showing up in the scan but the script is not trying to update it then it might be because there is no fixed version yet.

@kumahq
chore(deps): security update
282d132 
Signed-off-by: kumahq[bot] <110050114+kumahq[bot]@users.noreply.github.com>
@kumahq kumahq bot added dependencies Pull requests that update a dependency file release-2.5 labels Aug 23, 2024
@kumahq kumahq bot requested a review from a team as a code owner August 23, 2024 10:20
@kumahq kumahq bot requested review from jijiechen and bartsmykla and removed request for a team August 23, 2024 10:20
@bartsmykla bartsmykla enabled auto-merge (squash) August 23, 2024 10:22
@bartsmykla bartsmykla merged commit 95922ae into release-2.5 Aug 23, 2024
15 checks passed
@bartsmykla bartsmykla deleted the chore/security-updates-release-2.5 branch August 23, 2024 11:27
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bartsmykla bartsmykla bartsmykla approved these changes

@jijiechen jijiechen Awaiting requested review from jijiechen jijiechen is a code owner automatically assigned from kumahq/kuma-maintainers

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file release-2.5
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bartsmykla