Closed jonasmidstrup closed 1 year ago
I get the following security vulnerabilities when running Trivy scan on this plugin.
Package: github.com/prometheus/client_golang Installed Version: v1.3.0 Vulnerability CVE-2022-21698 Severity: HIGH Fixed Version: 1.11.1 Link: CVE-2022-21698
Package: golang.org/x/net Installed Version: v0.0.0-20200904194848-62affa334b73 Vulnerability CVE-2021-33194 Severity: HIGH Fixed Version: 0.0.0-20210520170846-37e1c6afe023 Link: CVE-2021-33194
Package: golang.org/x/net Installed Version: v0.0.0-20200904194848-62affa334b73 Vulnerability CVE-2021-44716 Severity: HIGH Fixed Version: 0.0.0-20211209124913-491a49abca63 Link: CVE-2021-44716
Package: golang.org/x/text Installed Version: v0.3.2 Vulnerability CVE-2020-14040 Severity: HIGH Fixed Version: 0.3.3 Link: CVE-2020-14040
Package: golang.org/x/text Installed Version: v0.3.2 Vulnerability CVE-2021-38561 Severity: HIGH Fixed Version: 0.3.7 Link: CVE-2021-38561
Package: golang.org/x/net Installed Version: v0.0.0-20200904194848-62affa334b73 Vulnerability CVE-2021-31525 Severity: MEDIUM Fixed Version: 0.0.0-20210428140749-89ef3d95e781 Link: CVE-2021-31525
Those are fixed as far as I can tell.
I get the following security vulnerabilities when running Trivy scan on this plugin.
Package: github.com/prometheus/client_golang Installed Version: v1.3.0 Vulnerability CVE-2022-21698 Severity: HIGH Fixed Version: 1.11.1 Link: CVE-2022-21698
Package: golang.org/x/net Installed Version: v0.0.0-20200904194848-62affa334b73 Vulnerability CVE-2021-33194 Severity: HIGH Fixed Version: 0.0.0-20210520170846-37e1c6afe023 Link: CVE-2021-33194
Package: golang.org/x/net Installed Version: v0.0.0-20200904194848-62affa334b73 Vulnerability CVE-2021-44716 Severity: HIGH Fixed Version: 0.0.0-20211209124913-491a49abca63 Link: CVE-2021-44716
Package: golang.org/x/text Installed Version: v0.3.2 Vulnerability CVE-2020-14040 Severity: HIGH Fixed Version: 0.3.3 Link: CVE-2020-14040
Package: golang.org/x/text Installed Version: v0.3.2 Vulnerability CVE-2021-38561 Severity: HIGH Fixed Version: 0.3.7 Link: CVE-2021-38561
Package: golang.org/x/net Installed Version: v0.0.0-20200904194848-62affa334b73 Vulnerability CVE-2021-31525 Severity: MEDIUM Fixed Version: 0.0.0-20210428140749-89ef3d95e781 Link: CVE-2021-31525