Security scan vulnerability report for helm 3.04

[natigavriel]

Describe the bug

We are using Unleash via helm chart - we have downloaded the latest release 3.0.4 https://github.com/Unleash/helm-charts/releases/tag/unleash-3.0.4

This release uses unleash-server 5.5.6 that uses base image 18.7.1

The scan result we sent is the scan after updating to the latest unleash-helm release (3.0.4) and as you can see the results shows 171 vulnerabilities. We would like to use the latest version but can't upgrade with this vulnerability increase.

Steps to reproduce the bug

scan helm chart with version 3.04 using black-duck binary analysis.

Expected behavior

No response

Logs, error output, etc.

No response

Screenshots

Additional context

No response

Unleash version

3.04

Subscription type

Open source

Hosting type

Self-hosted

SDK information (language and version)

GO

[kwasniew]

Hey @natigavriel Our previous Unleash version had to pin Node version to 18.7.1 due to some perf issues of 18.8.0 (https://github.com/Unleash/unleash/pull/4834). Fortunately Node 18.18.2 fixed those issues and we upgraded Unleash itself (https://github.com/Unleash/unleash/pull/5146). With the latest Helm Charts update you should get the latest version: https://github.com/Unleash/helm-charts/pull/108

[kwasniew]

@natigavriel can you confirm that the latest version works for you?

[natigavriel]

@kwasniew - Thanks for the fix. We will upgrade to this version, please note that now it contains 11 vulnerabilities see screenshot (see image)

[kwasniew]

@natigavriel we have some automation to update the packages so in the next version some of those should be fixed.