New release for CVE-2024-24790

databus23 / helm-diff

A helm plugin that shows a diff explaining what a helm upgrade would change

Apache License 2.0

2.58k stars 274 forks source link

New release for CVE-2024-24790 #635

Closed Thor77 closed 1 day ago

Thor77 commented 3 days ago

The currently released version is still vulnerable to CVE-2024-24790 (at least according to security scanners, probably not really because it's not using the vulnerable code). Are there plans to create a new release in the near future so security scanners are happy again as well?

giovannirco commented 3 days ago

Im also facing the same issue, my daily image build pipelines started failing today because helm-diff, I would prefer to get a new release instead of ignoring the CVE if possible. I appreciate if we could have a new release updating the stdlib dependency from 1.22.2 to 1.22.4

yxxhero commented 3 days ago

PR is welcome.

lr1980 commented 3 days ago

https://github.com/databus23/helm-diff/pull/636

yxxhero commented 1 day ago

v3.9.9 released.