Posting a draft PR of this for CI purposes. Still needs testing.
Putting some CVEs in our rearview mirror.
jf docker scan before: 4 critical, 15 high
after (using golang 1.18.5): 1 critical, 8 high
The remaining critical is CVE-2022-1996 from emicklei/go-restful ... we could try to force an update on that package or we might be required to finally move to a more recent version of operator SDK. I'm not super exercised about that one though because I believe it does not apply to KD. Will double-check.
Posting a draft PR of this for CI purposes. Still needs testing.
Putting some CVEs in our rearview mirror.
jf docker scan before: 4 critical, 15 high after (using golang 1.18.5): 1 critical, 8 high
The remaining critical is CVE-2022-1996 from emicklei/go-restful ... we could try to force an update on that package or we might be required to finally move to a more recent version of operator SDK. I'm not super exercised about that one though because I believe it does not apply to KD. Will double-check.