v0.13: vendor: update cilium to v1.15.3

cilium / hubble

Hubble - Network, Service & Security Observability for Kubernetes using eBPF

Apache License 2.0

3.41k stars 246 forks source link

v0.13: vendor: update cilium to v1.15.3 #1433

Closed rolinh closed 4 months ago

rolinh commented 4 months ago

Ref: #1432

Update Cilium import to v1.15.3 to avoid the binary for being tagged for CVE GHSA-68mj-9pjq-mc85.

The bug/fix only affects the Cilium Envoy binary, but the import of the old version is tagged by security scanners, so it is better to update to avoid the false positive security scan issue.

sayboras commented 4 months ago

Alternatively, you can just click the boxes in https://github.com/cilium/hubble/issues/1023

rolinh commented 4 months ago

Alternatively, you can just click the boxes in #1023

It only updates it in CI, not the Go dep because the replace directives need to be kept in sync.