njyeti
commented
5 months ago My bad! Current commit only addresses CVE-2023-45142 and CVE-2024-24786
Closed njyeti closed 5 months ago
njyeti
commented
5 months ago My bad! Current commit only addresses CVE-2023-45142 and CVE-2024-24786
njyeti
commented
5 months ago pushed the new commit to fix CVE-2023-47108 as well. We can squash all these commits before merging as well
ibihim
commented
5 months ago That is really great work, but a duplicate to https://github.com/brancz/kube-rbac-proxy/pull/287
njyeti
commented
5 months ago oh I wasn't aware of that PR. Thanks for pointing that our. Anyway, as long as any of PRs get merged to address the CVEs, I am happy.
ibihim
commented
5 months ago @njyeti, but a great work none the less. I hope to see more contributions in the future 😄
ibihim
commented
5 months ago @njyeti, hey. If you don't mind to create a commit that only contains the deps, I would accept the PR.
I realized that my PR doesn't have otel v0.46 and bumping it started to cause errors. Copy pasting your indirect deps worked fine though, so honor to whom honor is due, if you want to bump go for it!
I would like to fix it within the next days, so if you don't respond, I hope you don't mind that I take over this PR. In that way I can make you contributor indirectly as a co-author.
njyeti
commented
5 months ago @ibihim it is just a simple fix, so if the copy paste is working, please go ahead with it. I will be more than happy if the community gets the vul fix. Hopefully, I can contribute in a significant scale in the future instead of just fixing the dependency :)
updated the go deps to the latest to address CVEs mostly for the otel. Those CVEs are CVE-2023-47108, CVE-2023-45142 and CVE-2024-24786 on the head