alekc
commented
3 months ago If you want updated kubectl provider your better bet would be to switch to https://registry.terraform.io/providers/alekc/kubectl/latest/docs (full disclosure: I am the author).
It's a maintained fork of this repo with some additional features/hot fixes.
While scanning the terraform kubectl provider plugin, sysdig scan is reporting critical vulnerability. below are the details.
Severity; critical package : github.com/hashicorp/go-getter - v1.5.3 package path : /usr/local/share/terraform/plugins/registry.terraform.io/gavinbunney/kubectl/1.14.0/linux_amd64/terraform-provider-kubectl_v1.14.0 Fixed in v1.6.1
Can you help with overcoming this vulnerability