Protobuf v1.5.2 is having End of Life

chartmuseum / helm-push

Helm plugin to push chart package to ChartMuseum

Apache License 2.0

677 stars 171 forks source link

Protobuf v1.5.2 is having End of Life #217

Open Kiran-38 opened 3 months ago

Kiran-38 commented 3 months ago

Hi @jdolitsky @cbuto @scbizu, as part of the security scan done we see there is a indirect package used in the helm-push is having EOL.

github.com/golang/protobuf,v1.5.2 --> There is a latest version 1.5.4 available.

scbizu commented 3 months ago

Yes , I see . But it seems that helm-push should support helm v2 which contains the EOL protobuf for compatibility . Maybe we can cut a legacy rc and release a new version without Helm v2 .

/cc @cbuto @jdolitsky

Anyway , thanks for remind us of this @Kiran-38

Kiran-38 commented 3 months ago

Thank you @scbizu, can you please update and let me know when can we have a latest release with the fix. Any tentative date would be much appreciated.